circom is a domain-specific language (DSL) for writing circuits for zero-knowledge proofs (ZKPs) on the Ethereum blockchain. Here are a few entry-level projects that you could make using circom:
-
Pedersen commitment: A Pedersen commitment is a basic building block for many ZKP protocols, and it can be easily implemented using circom. You could write a circom circuit that takes a secret value and a blinding factor as inputs, and outputs a commitment to that value.
-
Range proof: A range proof is a ZKP that proves that a value is within a certain range without revealing the actual value. You could write a circom circuit that takes a value, a lower bound, and an upper bound as inputs, and outputs a proof that the value is within that range.
-
Verifiable random function (VRF): A VRF is a function that generates a random output based on a secret input, such that the output can be verified as having been generated by the function. You could write a circom circuit that takes a secret value as input, and outputs a VRF output and a proof of correctness.
-
Set membership proof: A set membership proof is a ZKP that proves that a value is a member of a specific set without revealing the value. You could write a circom circuit that takes a value and a set as inputs, and outputs a proof that the value is a member of the set.
-
Inner product proof: An inner product proof is a ZKP that proves the equality of the dot product of two vectors without revealing the actual values of the vectors. You could write a circom circuit that takes two vectors and their dot product as inputs and outputs a proof that the dot product of the two vectors is equal to the input dot product.
-
Non-interactive zero-knowledge proof (NIZK): A NIZK is a ZKP that can be verified without any interaction between the prover and the verifier. You could write a circom circuit that takes a statement as input, and outputs a proof and a public verification key.
-
Secret sharing scheme: A secret sharing scheme is a method for distributing a secret among a group of participants such that the secret can only be reconstructed by a subset of the participants. You could write a circom circuit that takes a secret and a threshold as inputs, and outputs shares that can be distributed to the participants.
-
Linear equation proof: A linear equation proof is a ZKP that proves the satisfaction of a system of linear equations without revealing the actual values of the variables. You could write a circom circuit that takes a system of linear equations and a solution as inputs, and outputs a proof that the solution satisfies the equations.
-
Sorted Merkle Tree: A Sorted Merkle Tree is a data structure that allows for efficient verification of membership in a set of ordered elements. You could write a circom circuit that takes a leaf value and a Merkle root as inputs, and outputs a proof that the leaf value is a member of the set represented by the Merkle root.
-
Circuit for privacy preserving smart contract: you could use circom to write a circuit for a privacy-preserving smart contract, where the contract state and inputs are hidden from the users. A ZKP is used to prove that the contract is correctly enforced without revealing the current state and the inputs.
These are just a few examples of the types of projects that you can make using circom. You can also use circom to build more complex protocols like zk-SNARKs, zk-STARKs, etc.