Hash functions are one of those basic concepts in computer science that most of you are already familiar with; this article is a nice refresher. Not only are they used in the very basic infrastructure of any cryptocurrency systems, they are also incredibly important in ZK applications. One reason is that in these applications, the setup is typically such that we are blocked from the access to the private input signals, by design. With hashes, however, we can ensure that the signals have not been changed over time by making a commitment of the hashed input signals onto the blockchain.
Hashes can also be used to aggregate data into a Merkle tree, which is another concept that you must master to do well within the ZK space. A binary Merkle tree, in particular, hashes each pair of leaf nodes in the first layer, and iteratively hashes all pairs of inner nodes until a single root node is reached. Check out this short video for an easy intro/refresher, as well as this article for a slightly more in-depth explanation with nice example applications.
Once you have a firm grasp of these basic concepts - which are really absolutely essential for you to do well as a ZK developer - it will be practical to get an overview of the different hashes commonly used. A SHA256 hash is probably the most popular hash used on blockchain applications, while MiMC, Poseidon, and Pedersen hashes are more common in ZK applications because they are more SNARK-friendly. Quickly check out this, this, this, and this, for benchmark comparisons and discussion of the pros and cons of different hashes. This is important because you’d want to know what to use when you build, to make sure your application can run quickly and gas-efficiently.
With these theoretical basics cleared, we will go through two ‘classic’ ZK applications that will help you understand the applications of these concepts better: Tornado Cash and Semaphore.
Within the context of ZK in cryptocurrency systems, a Merkle tree can be stored on L1 for full transparency, or it can also be stored in L2 for privacy applications like a mixer - of which Tornado Cash is a good example. Check out this documentation, and this
video demo/explanation based on the guest lecture by Roman Semenov, who led the team as CTO to build the now-famous protocol. One nice trick used here is that a ZK inclusion proof can be submitted to prove a leaf is part of a tree only with the relevant path elements.
Another important and widely used application is Semaphore. Check out this easy introductory article, as well as a demo here.
A lot of applications can be derived from Semaphore, such as for voting (e.g. AnonyVote), survey or opinion (e.g. Ninja Survey, zkAsk), and authentication (e.g. InterRep, Continuum, zkPayroll). It is a really powerful gadget that can be used in many different contexts. However, since so many have already built their projects based on that, to do something new and original with it you may need to get really creative. But still, understanding how it works will still no doubt help you with your final project. We need to know the ‘classics’ before we can invent.