Have you been studying ZK and want your questions answered? Join the upcoming call and talk directly with the team that made the magic happen! Link next.

The Uniswap V3 Series continues: Real Reserves and How to Calculate Them The price in an AMM changes when tokens enter and leave the pool during a swap. The real reserves of a token are simply the amount of that token a trader must swap out for the price to reach the next tick. The real reserve of x is the amount of token x required to be swapped out to reach the upper tick -- and the real reserve of y is the amount of token y required to be swapped out to reach the lower tick. You probably learned how to calculate real reserves by "translating" a Uniswap V2 curve until it crosses the x and y axes -- then doing some multi-step algebra. We came up with a much simpler derivation! And it has nice pictures and animations. Learn more in our latest blog post. It's our delight to simplify.

We are proud to announce the launch of RareCode .ai Modern AI does a great job explaining code. However, learning comes from writing code. So we combined the two. Learn more 👇

If you want to really learn ZK, you should implement the algorithms from scratch. The ZK Book will has helped dozens of engineers complete the journey.

@RareSkills_io Zero Knowledge Book | M1·C1 What if you could prove you know a solution without ever revealing it? Discover how P vs NP makes zero‑knowledge proofs possible. 👇 Let’s unravel it 🧵

We're proud to be part of the journey!

New blog post is up: Circle FFT — Part 1: Building the Circle Domain Math in ZK is usually done in a finite field, which is a group under addition. But a special optimization is to use a circle as the group domain. A circle is a pair of elements (x, y) that satisfy x² + y² = 1 mod p. This article shows how that set of points can be turned into a group while also having the properties needed to carry out the FFT algorithm (and by extension, the STARK algorithm). Authored by @cabrio_yugo, who received a grant from zkBankai to create this work. Link in the reply

Office hours with Vyper is happening in a little over 2 hours. Get ready for another compiler deep dive where we will explore: - Venom IR (intermediate representation) - Optimization strategies - Security guarantees Invite in the reply.

When we released the ZK Book over a year ago, we took the ZK education space a huge step forward. Our book pioneered the approach of "just enough math" to learn ZK. Today we do it again with a new addition to the ZK Book. "Circom and Constraint Design Patterns" This new section focuses on how to design, create, and audit non-trivial ZK circuits. You've probably seen a lot of tutorials about how to prove you know the evaluation of a polynomial using Circom. But how do you go from there to designing a ZKVM or proving you know the primage of a traditional hash function (like MD5 or Keccak256)? The new part of our ZK Book takes you on a journey from multiplying to numbers together to: - building a ZKVM from scratch - coding constraints for the MD5 hash function - learn the recurring design patterns in constraint design The last part was interesting because some of the established "design patterns" don't even have names for them. We had to invent some terminology! As usual, we are extremely thoughtful about how we introduce the reader to new ideas to avoid overwhelming someone new. We are careful to ensure we teach the prerequisites in a sensible order and with a lot of examples. Each chapter shows how to build a circuit for an increasingly complex application. With each chapter, you both review what you learned previously and learn a new design pattern. Once you build up a collection of these design patterns, you can compose them together to build more complex applications, like the ZKVM or a non-trivial hash function. We put a huge effort into making sure that the material is both easy to understand and correct without any important omissions. We'd like to thank @ChainLight_io, @VeridiseInc, @PrivacyScaling, and @zksecurityXYZ for allocating time to review this work and provide suggestions. We are particularly grateful to @marcobesier from @zksecurityXYZ for working through several revisions to really get the chapters into a polished state. Special shoutout to @cal_nix for coauthoring the first seven chapters in this new part of the book! The topics we cover here are extremely fundamental. If you don't understand the materials here, learning the internals of more modern ZKVM or ZK L2 client will be quite challenging. Up until now, the absence of newcomer-oriented explanations for such foundational concepts has held the ZK space back. This new body of work isn't simply a "better explanation" of existing materials, but the first explanation at all -- outside of academic papers. We use Circom as the language of instruction since we consider it the most beginner-friendly. However, what you learn here generalizes to other frameworks like Plonky3, Halo2, o1js, and Gnark. The new articles now make the ZK Book over 38,000 words longer. You do not have to know how a ZK-SNARK works to read this section of the book, but there are a few prerequisites. These are listed in the "Introduction to Circom" chapter. As usual, the material is completely free with no login required.

Early on in your auditing journey? We created a new learning resource: Buggy ERC-20s Buggy ERC-20s is a repo of 20 (yes that is intentional) ERC-20 contract implementations, but with a bug. As much as possible, we tried to make these bugs reflect the kind of mistakes developers actually make. This is a learning exercise we use in our Solidity Bootcamp, but as you know, we make all our learning resources free. You'll sharpen your eye to catch missing lines, compiling but incorrectly-behaving code, and important corner cases. This isn't a normal CTF, we don't provide unit tests for you to check your answer since that isn't realistic. You'll have to tackle the problems the way an auditor normally does! We made a fairly large collection of problems because we want you to get some repetition in your practice. Practicing isn't one-and-done. Although there are some similar bugs between tokens, none of the repos have identical bugs. Each repo has one bug, and the bug is serious and not hypothetical. Some of the bugs are obvious and some are subtle. Consider yourself experienced? Then you should be able to spot the bug in less than a minute per codebase. Jumping into auditing a large codebase can be intimidating, so we made this as a stepping stone. This repo was created by @degenshaker. Link next.