Abstract 

The increasing demand for privacy, verifiable computation and trust in web applications highlights the inherent limitations of the traditional client/server architecture.
Zero-Knowledge Proofs (ZKPs) and Succinct Non-Interactive Arguments of Knowledge (SNARKs) emerge as revolutionary technologies, offering the ability to prove the correctness of a computation or the possession of information without disclosing any underlying sensitive data for users.

This course will explore the foundational concepts of ZKPs, from interactive protocols to highly efficient non-interactive proof systems. During the course hands-on sessions and practical exercises will allow students, in some cases, to implement and, in others, apply these technologies.

We will delve into cryptographic constructions like Groth16, Plonk, and Halo2, understanding their architecture, their practical implications and how to use them in real-world cryptography.

Indeed, the course will also emphasize their applications in enhancing privacy and scalability in blockchain systems, digital media integrity, and web security.

The curriculum is informed by the latest research and enriched by practical experience in applied cryptography, extending the course made by Anca Nitulescu at crypt-a-bit 2024 and building on my own teaching and research experiences. Furthermore, the course is thought to be in continuity with Prof. Vitaletti’s course on blockchain technologies of ECI2025.

Objectives of the course 

The course “Building Cryptographic Proofs: Zero-Knowledge Proofs & SNARKs“ is designed to give a first understanding of the main concepts and practical challenges behind verifiable computation, from interactive proofs to modern non-interactive arguments.

The main goal of the course is to give the attendees the chance to understand how these advanced cryptographic tools are realized in practice in order to give them the chance to grasp the technical challenges to use such technologies in real-world applications.

Specifically, at the end of the course, attendees should be able to understand:

how group-based cryptography is implemented in practice in basic protocols such as Schnorr and in more advanced ones such as Bulletproof; how statements are encoded as circuits with tools like Circom; how to generate and verify Groth16 proofs with SnarkJS/Rapidsnark; grasp the foundations of IOP-based proofs based on Plonk arithmetization which are the base of nowadays advancements in the field and see how to generate proofs in such proof systems (e.g., Halo2, Plonky2 & 3);

Finally, attendees should also be able to clearly identify the use cases where SNARKs can enable privacy and scalability in blockchain systems, digital media, and web integrity and they should also be able to identify the challenges of the adoption of these technologies in real-world applications.

A basic knowledge of programming and fundamental cryptographic concepts can help.

Language: English

Brief index

• Introduction to Zero-Knowledge Proofs (ZKPs): Motivation and formal definition of zero-knowledge. Interactive proofs and the Σ-protocol paradigm. Implementing basic ZK proofs (e.g., Schnorr protocol) using Python libraries.
• From ZK to SNARKs: Non-interactive proofs via Fiat–Shamir transformation. From Schnorr to Bulletproofs: range proofs and aggregation. Hands-on session on Bulletproofs implementation.
• From Bulletproofs to Groth16: Arithmetic circuits and Rank-1 Constraint Systems (R1CS): how statements are encoded as circuits. Introduction to Circom and SnarkJS for compiling, generating and verifying Groth16 proofs.
• From Groth16 to IOP-based proofs: Interactive Oracle Proofs (IOP) as the foundation of modern SNARKs (guaranteeing additional properties through recursion or folding or aggregation. Overview of Plonk and Halo2 (a recursive proof system) frameworks.
• Applications of SNARKs: How ZK proofs enable privacy and scalability in blockchain systems (ZK-Rollups, zkVM Risc0). Use of SNARKs for verifiable digital media, PDF signatures and Web integrity proofs.

Program per day:

• DAY 1 (3 hours): Intro to Zero-knowledge proofs: Sigma Protocols and implementation. Example of I will conduct the implementation is available here: https://hackmd.io/@LsH8lGjzQEiZJROqMMzmCA/SJ8f_85Jbx
• DAY 2 (3 hours): From ZK towards SNARKS (and from Schnorr to Bulletproofs) and implementation.
• DAY 3 (3 hours): From Bulletproofs to Groth16. The concept of circuits: Circom and Snarkjs.
• DAY 4 (3 hours): From Groth16 to IOPs: Plonk and Halo2.
• DAY 5 (3 hours): SNARK applications in blockchains (for scalability and privacy), digital media (e.g., image transformation) and web (e.g., TLS). Analysis of a zkVM: Risc0.