## The 5W's of Zero-Knowledge Proof Development

### Q: Who - *Who are you?*

#### Answer:

This questions aims to explore the creators of the ZKP applications to gain an understanding of who is building applications within ZKP space and with which tools. The diversity of developers and their projects within the realm of ZKP applications demands tailored tool recommendations based on the characteristics of the developer's team and the nature of the project. Understanding where you fall within these categories will guide you to the ZKP tools that align with your development team's composition and project goals. Each category has unique considerations, ensuring that your toolset is optimized for success in your ZKP journey.

By identifying key metrics such as Author Count, Project Lifespan, Commit Count, and Activity among existing ZKP GitHub applications, three distinct groups of developers were identified. The metrics are defined as: 

AuthorCount: The AuthorCount which is the total number of unique authors for a particular application. We defined an author as a GitHub user that has authored a commit to a repository. This is computed by looking at all the commits made to a repository and the contributors of the repository. Using the GitHub API, all the commits were fetched for each repository. Each commit has an Author and a Committer field. The Author is the person who made the changes to the codebase and the Committer is the person to committed to code to GitHub on behalf of the author. Generally the author and committer are the same person, but in some cases, they are not. If an author submits a pull request (PR) which is accepted and committed by the person reviewing the PR, the author and committer would not be the same. This tends to occur in collaborative repositories where contributions are made by submitting PRs. To account for all users that contribute code changes to a repository, we used the Author attribute of the commits for a repository to identify the unique number of authors. One final adjustment that had to be made was counting only GitHub users. This distinction was made to avoid counting the same authors more than once. This can happen when the Author field is not set up correctly, as in the case where an author does not have the same email address on their local git configuration and on their GitHub account or where commits were authored with an email address not linked to their GitHub profile. To ensure that only unique authors were accounted for, the Author fields in the commits were joined with the contributors for a repository. The list of contributors for a repository was retrieved using the GitHub API. In a Git repository, the contributors for a project identifies authors and committers by email address, and thus, their GitHub accounts. Matching the list of contributors with the list of unique authors found in the set of commits leaves the only the commits authored by unique GitHub users. This approach ensures that all unique GitHub accounts that authored commits are accounted for, the only limitation is that commits authored by non-GitHub users are not considered. In some cases, this resulted in applications having an AuthorCount of 0, since they had a single author that was not a GitHub user. This was the case for 12 applications. 

Lifespan: The Lifespan for a repository is the number of days between the first commit the the last commit. Initially Lifespan was created using the Created and Updated fields returned by the GitHub API for a repository, but those fields were not always consistent. 

CommitCount: The total number of commits made to a repository during its lifetime

Active: The Active metric indicates where or not a repository has been committed to in 2023. 

Understanding which group aligns with your development scenario will guide you towards the most suitable ZKP tools. The combination of these metrics brought about 3 possible "Who"'s:

1. Solo Explorer:
Characteristics: A single author embarking on a short-lived project.
  - 361/917 (39.37%) of application repositories have an AuthorCount = 1, meaning there is only a single GitHub user contributing to the repository
  - 686/917 (74.81%) of application repositories have a lifespan < 365 days, indicating that these repositories were created for some short-term objective such as a research project, tutorial, academic course etc. 
  - 450/917 (49.07%) of application repositories are inactive, indicating that nearly half of the applications are no longer maintained
  - In total, there are 342/917 applications that have an AuthorCount = 1, Lifespan < 365 days and there are 232/917 applications that have an AuthorCount = 1, Lifespan < 365 days and are inactive
  - Mean commit count of 30.78 commits per repository 
  - Most common tools used are ['arkworks/algebra', 'arkworks/std', 'arkworks/curves', 'circom', 'circomlib', 'snarkjs']
  - 23 tools used, Tools not used ('arkworks/marlin','arkworks/poly-commit', 'arkworks/sponge','bulletproofs (sdiehl)','leo','miden-vm','plonky','plonky3','pysnark','risc0')
  - examples
    - https://github.com/ChiHaoLu/circom-practice
    - https://github.com/ILESKOV/zkSync-AMM-contract
    - https://github.com/orkunkilic/starknet-usd



2. Open-Source Collaborators:
Characteristics: A group of contributors collaborating on an open-source project.
  -   545/917 (59.43%) of application repositories have an AuthorCount in the range of [2, 52]
  -   211/917 (23.01%) of application repositories have a Lifespan in the range of [366, 1531]
  -   184/917 applications had both an AuthorCount in the range of [2, 52] and a Lifespan in the range of [366, 1531]
  -   the mean CommitCount of these 184 application repositories is 417.625
  -   29 tools used. Tools not used ('arkworks/gemini', 'bulletproofs (sdiehl)', 'openzkp', 'plonky', 'plonky3')
  -   examples
      -   https://github.com/iden3/circom_tester
      -   https://github.com/NilFoundation/zkllvm-blueprint
      -   https://github.com/lambdaclass/cairo-vm


3. Industry Team Player:
Characteristics: A team of developers working on an industry project.
  - outliers calculated at 3 standard deviations
  - 11/917 (1.2%) AuthorCount outliers with AuthorCounts in the range [52, 334]
  - 20/917 (2.18%) Lifespan outliers with Lifespans in the range [1532, 4057]
  - 11/917 (1.2%) CommitCount outliers with CommitCounts in the range [3998, 27404]
  - 21 tools used. Tools not used ('arkworks/gemini','arkworks/nonnative','arkworks/sponge','bulletproofs','bulletproofs (sdiehl)','gnark','miden-vm','openzkp','plonky','plonky3','pysnark', 'risc0','winterfell','zksync')
  -  examples (these have outlying values for all metrics)
     -   'bitcoinprivate-legacy/btcprivate', 
     -   'mina/minaprotocol', 
     -   'snarkos/aleohq'


When combining these attributes, three groups of 'Who' types were established. The Type 1 'Who' consists of an individual wanting to create a short-lived project as seen in the high number of single authors, short lifespan and inactivity of repositories. This could indicate that the creators are using the tools are part of a tutorial, research project or for experimenting with a tool. To explain the Type 2 'Who', it's best to first explain the Type 3 'Who', which is essentially a group of applications with outlying attributes. These tend to be large-scale popular applications with high AuthorCounts, high Lifespans, moderate to high CommitCounts and generally are Active. This, the Type 2 'Who' is the set of applications that are not single-owned, nor short-lived applications, nor industry-sized applications, instead these applications have moderate values for the metrics. These applications exist in the spectrum between the single-owned, short-loved applications and the large-scale industry applications. Type 2 applications tend to be smaller-scale projects compared to the group of outliers and have multiple authors committing to the project over an extended period of time. 


Looking at the ZKP tool usage across the three Who types, all three groups had the arkworks set of arkworks\algebra, arkworks\std and arkworks\curves as their most commonly used tools. However, when those were eliminated, the tool distributions different slightly among each group.  

It is important to note that the Who types aims to classify the set of applications, however, there are applications that exist in every area of the spectrum, and thus there exists some overlap between the types due to the flexibility and ranges of the attributes. 

To illustrate, the set of outliers were not the same for every attribute. protocols/loopring had an outlying value for the Lifespan attribute, but did not have outlying values for the AuthorCount or CommitCount values, but its values for the attributes were still in the high end of the normal range with AuthorCount = 39 and CommitCount = 3513. On the end, xjsnark/akosba had an outlying Lifespan value of 1655, but very low values for AuthorCount = 1 and CommitCount = 140. Its Lifespan excludes it from the Type 1 Who, and its AuthorCount and CommitCount exclude it from the Type 3 Who. A similar case with lattice-snarg/dwu4	having an outlying Lifespan value of 1646 but a low AuthorCount and CommitCount of 1 and 3. bitcoinprivate-legacy, mina and snarkos were the only applications that had outlying values for all the metrics. The reason Type 3 was expanded to include repositories that have some outlying values but not necessarily all, was to illustrate that applications with high values for these metrics tend to be large-scale industry projects, as seen in cairo/starkware-libs with a moderate Lifespan (517) and CommitCount (3998) but an outlying value for the AuthorCount (79).

Type 2 contains open-source projects that have been contributed by multiple authors. There is great variance among repositories in this in type. For instance, the popular application (which is also a ZKP tool built using arkworks) is noir/noir-lang which falls into this category as it has high values for Age (1163), AuthorCount (38) and CommitCount(2744), yet none of these values are high enough for the application to be considered an outlier. In the same type, there are applications such as demo/zk-idm which is a much smaller-scale project with a low AuthorCount (2), moderate Lifespan(518) and low CommitCount (38). One could consider dividing this type into subtypes to differentiate between popular community projects and insignificant group projects, but defining further attribute ranges becomes a delicate task. 

Solo Explorer (tool usage excl. top 3 arkworks set)
Circom (25.86%)
CircomLib (25%) 
SnarkJS (24.57%) 
arkworks/snark	(17.24%)
arkworks/r1cs-std (16.81%)
arkworks/gm17	(15.09%)
libsnark	(10.78%)

Open-Source Collaborators (tool usage excl. top 3 arkworks set)
circom	26.09
snarkjs	21.20
circomlib	17.39
merlin	13.59
cairo-lang	13.04
arkworks/snark	11.96
arkworks/r1cs-std	9.78
libsnark	9.78


Industry Team Player (tool usage excl. top 3 arkworks set)
libsnark	33.33
arkworks/snark	18.18
arkworks/r1cs-std	15.15
merlin	15.15
cairo-lang	15.15
snarkjs	9.09
arkworks/gm17	9.09

low author: sppark/supranational, contracts/0xpolygonid,zkp/dalek-cryptography and circomspect/trailofbit and zkrepl/0xparc and eigen-zkvm/0xeigenlabs

low commit: solidity_plonk_verifier/matter-labs

low lifespan: starknet-foundry/foundry-rs


### Q: What - *What type of proof construction do you want to use?*

#### Answer:  

This question pertains to the type of proof construction a developer intends to use in their project. The goal of this question is to guide developers toward selecting appropriate tools that support the specific proof construction method they plan to employ. Before looking at which tools support which proofs, it is useful to expand on the topic of proof constructions. 

Currently, the two most prominent zero-knowledge proof systems are zk-SNARKs and zk-STARKs. Both SNARKs and STARKs are used for validating proofs in an efficient and private way, but they differ in their implementation. 

zk-SNARK stands for Zero-Knowledge Succinct Non-interactive Argument of Knowledge and was originally coined in a paper in 2012 (https://dl.acm.org/doi/10.1145/2090236.2090263) co-authored by Nir Bitansky, Ran Canetti, Alessandro Chiesa, and Eran Tromer. At their core, SNARKs rely on elliptic curve cryptography (ECC). The 'Succinct' part refers to their small proof sizes and fast verification times that exist even for large statements. Succinctness ensures that the verification process does not take up as much time as the computation. This is achieved through the use of polynomial commitments (usually FRI, bulletproofs and Kate). The 'Non-Interactive' part indicates that the proof does not require constant interaction between the prover and the verifier. An important property of SNARKs is the need for a trusted setup ceremony. The trusted setup ceremony is a critical and delicate process that involves generating the initial parameters for the SNARK system. It is often referred to as the "trusted setup" because participants need to perform the setup honestly and then discard certain secret values. If the setup is compromised or participants act maliciously, it could undermine the security of the entire SNARK system. Hence, the need for a trusted setup is often regarded as a security concern of SNARKs. The first an most notable use of SNARKs was in the privacy cryptocurrency called ZCash. Since then, zk-SNARKs have been incorporated into L2 zk-Rollup solutions. Another downside to SNARKs is their lack of quantum resistance since quantum attacks do loom over cryptography based on elliptic curves(https://consensys.io/blog/zero-knowledge-proofs-starks-vs-snarks).

zk-STARK stands for Zero Knowledge Scalable Transparent Argument of Knowledge and is a specific type of SNARK. STARKs were discoverd in 2018 (https://eprint.iacr.org/2018/046.pdf) in a paper published by Eli Ben-Sasson, Iddo Bentov, Yinon Horeshy and Michael Riabzev. Where SNARKs rely on ECC, STARKs rely on hash functions, which offers quantum resistance. STARKs have far larger proof sizes than SNARKs, which means that verifying STARKs results in greater verification overhead . This makes STARKs best suited for proofs with large witnesses, hence they are ideal when proofs need to scale. Unlike SNARKs, STARKs require no trusted setup because it uses publicly verifiable randomness to generate public parameters (https://hacken.io/discover/zk-snark-vs-zk-stark/). The development community of STARK-based projects is smaller than that of SNARKs, with the pioneering project being Starkware. 

Bulletproofs, introduced in a paper in 2017 (https://eprint.iacr.org/2017/1066.pdf), non-interactive zero-knowledge proof protocol with very
short proofs and without a trusted setup. These properties are achieved through the used of a discrete logarithm problem, where Bulletproofs derive their security from the infeasibility from, and the Fiat-Shamir heuristic which makes the proof non-interactive (https://blog.pantherprotocol.io/bulletproofs-in-crypto-an-introduction-to-a-non-interactive-zk-proof/). Bulletproofs can prove to a verifier that a secret lies within a given range, without revealing any information about the number.  Compared to SNARKs, Bulletproofs require no trusted setup. However, verifying a bulletproof is more time consuming than verifying a SNARK proof(https://crypto.stanford.edu/bulletproofs/). They are smaller than STARKs, whilst maintaining significant efficiency and security (https://blog.pantherprotocol.io/bulletproofs-in-crypto-an-introduction-to-a-non-interactive-zk-proof/). The most notable use of Bulletproofs is in the popular cryptocurrency, Monero. 


There are various types of SNARK-based proving systems supported by tools in this paper: 
  - Plonk (https://eprint.iacr.org/2019/953) is a SNARK protocol which stands for "Permutations over Lagrange-bases for Oecumenical Noninteractive arguments of Knowledge" which  is a proof system designed to provide efficient, scalable, and versatile zero-knowledge proofs. Plonk was designed to address shortcoming of previous proving systems, such as the high proof construction overheads seen in Sonic(https://dl.acm.org/doi/10.1145/3319535.3339817). Plonk's improvement is that it's trusted setup is universal and updateable, meaning that only one trusted setup is required, instead of requiring a separate trusted setup for each program. Multiple parties can be involved in the trusted setup ceremony and requires only one honest party. Plonk is based on the cryptographic concept of polynomial commitments. 
  - Groth16 is a pairing-based SNARK protocol introduced by Jens Groth in his paper(https://eprint.iacr.org/2016/260.pdf) titled "On the Size of Pairing-based Non-Interactive Arguments," in 2016. Groth16 is based on bilinear pairings, a mathematical concept commonly used in pairing-based cryptography. Bilinear pairings provide a way to efficiently compute certain mathematical operations over elliptic curve groups. One of the notable aspects of Groth16 is its size efficiency. The proof size generated by Groth16 is relatively small compared to earlier constructions, which makes it practical for use in real-world scenarios where proof size is a crucial consideration. For instance,  Plonk has a proof size of around 2x-5x that of Groth16 (https://medium.com/@mehialiabadi/plonk-vs-groth16-50254c157196).
  - Pinocchio is one of the first SNARK protocols, introduced in a paper (https://eprint.iacr.org/2013/279.pdf) in 2013 by Bryan Parno, Jon Howell, Craig Gentry, and Mariana Raykova. Pinocchio is designed to provide succinct zero-knowledge proofs, meaning that the proof size is relatively short compared to the size of the computation being proven. This is an essential feature for practical applications, especially in scenarios where proof size is a critical factor
  - Halo is a succinct zero-knowledge proof system introduced by Sean Bowe, Ariel Gabizon, and Ian Miers in a paper (https://eprint.iacr.org/2019/1021.pdf) in 2019. Halo, as stated in the paper, is the first practical example of recursive proof composition without a trusted setup, using the discrete log assumption over normal cycles of elliptic curves. Halo is built as a variant of zk-SNARKs. Halo2, a tool featured in this paper, is built upon the Halo proving system. Halo2 is an improvement and evolution of the original Halo zero-knowledge proof system. It retains many of the features of Halo while introducing enhancements and optimizations. Where Halo is based on Sonic arithmetization, whereas Halo2 is based on Plonkish arithmetization.
 
Other SNARK-based proving systems include GM17(https://eprint.iacr.org/2017/540), Marlin(https://eprint.iacr.org/2019/1047) and Gemini(https://eprint.iacr.org/2022/420).

The merlin/dalek repository provides the implementation of a unique proof system, Merlin. As stated in its documentation, Merlin is a STROBE-based transcript construction for zero-knowledge proofs. By automating the Fiat-Shamir transform, interactive proofs can be made non-interactive. Merlin provides a conceptual framework within which various interactive proof systems, including zero-knowledge ones, can be designed. *add footnote about merlin being used in a proving system, rather than proving system itself

[insert table with tools and their proof constructions and proof systems]

As seen in the table, most tools support the SNARK proof construction and various SNARK proving system, most commonly plonk. Some tools, such as Plonky2, support multiple constructions. If a developer requires a SNARK proof construction, the type of proving system should be considered too in order to narrow down the tool options. Some tools, such as those part of the arkworks set, contain multiple options, as well the ability for customization. However, in some cases there is only one tool supporting a specific proof system, such as arkworks/merlin which is the only tool supporting the Merlin proof system and pysnark/charterhouse which is the only tool supporting the Pinocchio system. If wanting to use the Bulletproofs proof construction, the tools are narrowed down to bulletproofs/dalek-cryptography, bulletproofs/sdiehl or merlin/dalek-cryptography.

[insert graph "Proof Construction Use Over Time"]
[insert graph "Proving System Use Over Time"]

[insert graph "Proof Construction Frequency by Tools"]
As seen in the graph above, majority of tools support the SNARK proof construction (27), followed by the STARK proof construction (8) and then Bulletproofs (3).

[insert graph "Proof Construction Use Frequency by Applications"]
The graph above shows the number of applications that use tools that support a particular proof construction. Most applications (899) use tools that support NARKs, followed by STARKs (194) and then Bulletproofs (58).


[insert graph "Proving System Frequency by Tools"]
Plonk is the most commonly supported proving system (11), followed by groth16 (6), merlin (4) and then marlin (2). gemini, gm17, halo and pinocchio are all supported by only 1 tool. 


[insert graph "Proving System Use Frequency by Application"]
Although plonk is the most commonly supported proving system, applications use tools that support groth16 most frequently (397) followed by plonk (304). Merlin is not technically a proving system in the same way that plonk is, however, it can be use in the construction of a ZKP proof, and thus has been included in this set. 

[insert graph "Proof Construction Supported By Tool Over Time"]
- Looking at the creation dates of tools, majority of tools created support SNARKs. Initially there support was for SNARKs only, as this was only well-known proof construction, but following the release of the Bulletproofs in 2017, support for Bulletproofs grew as seen in the creation of the tool Bulletproofs in February 2018. Support for STARKs first came in March 2019. (although it could be seen in earlier tools produced by Starkware built using other existing tools such as arkworks). 
  
[insert graph "Proof Construction Use Over Time"]
Despite the introductions of other proof constructions, SNARKs remain the most popular proof construction choice among applications (due to the high use of the `arkworks` tools)

**Proof System Use Over Time**
- Majority of applications use a tool where the proving system is unspecific
- Plonk has gained popularity since end of 2021
- Most proof systems have only been supported and used since 2017
- There is a lot of variation when looking at tools created supporting certain proving systems (excluding the 'unspecified' category)

### Q: When - *When in your development lifecycle do you want to use ZKPs?*

#### A:  understanding/tinkering, planning* or implementation (past, present, future)

Developers may find themselves at different stages of their project lifecycle, each requiring a unique approach to ZKP tool utilization. Certain tools are better suited for different phases due to reasons that will be discussed. Thus, the phase in which a developer is and wishes to use ZKPs is an important aspect to keep in mind when determining which tool to use. There are a couple of factors taken into account when determining which tools are suitable for which phase. These factors can be classified into two groups, Development Features and Popularity Features. The features are comprised of the following.  

Development Features:

- Forks: The number of times a repository has been forked by other developers. Forking indicates that developers are interested in contributing or building upon the existing project.

- Issues: The number of open issues in a repository. Issues can represent bugs, feature requests, or discussions related to the project's development. A higher number may suggest active community engagement. *Note that the issues for the tools were collected using the GitHub API. The issues returned is a combination of the Issues and Pull Requests for a repository. 

- Age: The age of a repository, typically measured in years. Older projects may have more stability and maturity but could also be outdated.

- Commit Count: The total number of commits made to a repository. A higher commit count indicates ongoing development and maintenance.

- Contributor Count: The number of unique contributors who have participated in the project. More contributors often imply a diverse and active development community.

- Active: This field indicates where commits have been made to the tool in 2023. *Commits may have been made since the repository information was mined. 

Popularity Features:

- Stars: The number of users who have marked the repository as a favorite, indicating popularity or interest. More stars often suggest a widely recognized and appreciated project.

- Watchers: The number of users who are watching the repository for updates. It reflects ongoing interest and engagement.

- AppCount: The number of applications or projects that actively use the tool. A higher app count could indicate broader adoption and practical use.

These features collectively provide insights into a tool's development activity, community engagement, and overall popularity within the developer community. When categorizing tools based on these metrics, informed decisions about their suitability for different phases of development are made. For example, tools with high development metrics may be more suitable for the implementation phase, while tools with growing popularity could be considered in the bookmarking phase.

The 'When' aspect of ZKP development revolves around identifying the specific phase in which a developer will be using ZKPs within the development lifecycle. 
Here are three key phases:

##### **Tinkering Phase:**
Description: In the early stages of development, during the tinkering phase, developers are exploring ideas, experimenting with concepts, and refining their project's scope. This may even be their first experience with ZKPs. This is an opportune time to delve into ZKPs, fostering creativity and innovation.Developers in the tinkering phase may want to focus on ZKP tools that offer flexibility and insight into the world of ZKPs. This phase is characterized by curiosity and a desire to gain hands-on experience.

Tool Requirement: While exploring, developers can focus on the learning experience rather than the latest tools. It's an opportunity to try out a variety of tools and grasp the basics of ZKP concepts and gain insight into the history of the ZKP development space. 

Although all tools could be considered during the tinkering phase, it may be beneficial to consider those that are no longer active in order to gain insights into the history of the development space. Inactive tools that are worthwhile tinkering with are: 

|    | UniqueID                  |   Age |   Stars |   Forks |   Watchers |   Issues |   AppCount |   CommitCount |   ContributorCount |   Active |
|---:|:--------------------------|------:|--------:|--------:|-----------:|---------:|-----------:|--------------:|-------------------:|---------:|
|  0 | libsnark/scipr-lab        |  3448 |    1677 |     574 |       1677 |      117 |         85 |           357 |                 22 |        0 |
|  1 | pysnark/charterhouse      |  2131 |      72 |      10 |         72 |        2 |          4 |            38 |                  1 |        0 |
|  2 | bulletproofs/sdiehl       |  1949 |     520 |      43 |        520 |        4 |          1 |            42 |                  5 |        0 |
|  3 | merlin/dalek-cryptography |  1926 |     112 |      60 |        112 |        3 |         52 |           145 |                  8 |        0 |
|  4 | openzkp/0xproject         |  1690 |     586 |     103 |        586 |      298 |          1 |          2104 |                  2 |        0 |
|  5 | marlin/arkworks-rs        |  1520 |     256 |      61 |         24 |       12 |          4 |            93 |                 15 |        0 |
|  6 | plonky/mir-protocol       |  1376 |     104 |      12 |        104 |        8 |          1 |           410 |                  6 |        0 |
|  7 | nonnative/arkworks-rs     |  1138 |      18 |      11 |         10 |        2 |          2 |            41 |                  7 |        0 |

libsnark: libsnark is the oldest tool in the toolset and was initially developed as part of a research project. The library's early development focused on providing a general-purpose toolkit for building zk-SNARKs. Its creation was influenced by the increasing interest in cryptographic techniques that enable proving the authenticity of information without revealing any details about the information itself. Over the years it has been used in multiple application, most notably in the cryptocurrency, ZCash.

openzkp: openzkp was developed by the Ox team. The tool is no longer active as it seems that the contributors have shifted their focus towards developing other tools. 

plonky: plonky is the predecessor of plonky2, which is tool recommended for the implementation phase. It may be worthwhile for a developer to look at plonky to understand how it differs from plonky2 and plonky3. 

cairo-lang: cairo-lang is a version of Cairo that was written in Python. Although the repository is still active, developers are encouraged to use the Rust rewrite of Cairo. Although Cairo, and the whole Starkware ecosystem can be considered a ZKP tool, the Rust Cairo rewrite uses arkworks libraries, and is therefore considered an application in the context of this paper. 

These 4 tools had high values for development and popularity metrics, but since they are no longer actively maintained, they are most suitable for use int he Tinkering phase. Other inactive projects include merlin/dalek-cryptography, pysnark/charterhouse, nonnative/arkworks-rs, marlin/arkworks-rs and bulletproofs/sdiehl.

There are other tools which are active, but have low values for the Development and Popularity features. These include a set of arkwork libraries. These libraries are low-level compared to the other tools discussed and often fulfill a specific cryptograhic task. A developer can consider using these tools if the context of their project involves low-level details. [sponge/arkworks-rs','r1cs-std/arkworks-rs','poly-commit/arkworks-rs','groth16/arkworks-rs','gm17/arkworks-rs','gemini/arkworks-rs','crypto-primitives/arkworks-rs','snark/arkworks-rs']


##### **Implementation Phase:**
Description: The implementation phase involves integrating ZKPs into actual projects. Developers in this phase are integrating ZKPs into real projects, and the emphasis shifts to active, well-maintained tools with high development and popularity metrics. Future-proofness is crucial, ensuring continued support and updates.

Tool Requirement: Developers might prioritize tools which are active with a robust development history and a healthy commit count. Libraries with a substantial contributor count and a well-maintained codebase become crucial. Tools with a balance of stars and watchers indicate sustained interest and support. 

It is worthwhile for a developer to consider tools that are actively maintained and are popular among other developers as this could indicate. Tools with metric values that indicate this are:

|    | UniqueID                        |   Age |   Stars |   Forks |   Watchers |   Issues |   AppCount |   CommitCount |   ContributorCount |   Active |
|---:|:--------------------------------|------:|--------:|--------:|-----------:|---------:|-----------:|--------------:|-------------------:|---------:|
|  0 | bellman/zkcrypto                |  2879 |     823 |     582 |        823 |       30 |         30 |           353 |                 18 |        1 |
|  1 | bulletproofs/dalek-cryptography |  2108 |     931 |     189 |        931 |       45 |         17 |           892 |                 14 |        1 |
|  2 | snarkjs/iden3                   |  1920 |    1494 |     355 |       1494 |       89 |        195 |           643 |                 39 |        1 |
|  3 | gnark/consensys                 |  1356 |    1055 |     227 |       1055 |       82 |         21 |          2480 |                 22 |        1 |
|  4 | halo2/zcash                     |  1173 |     528 |     335 |        528 |      240 |         24 |          2464 |                 31 |        1 |
|  5 | algebra/arkworks-rs             |  1159 |     474 |     152 |         17 |      114 |        594 |           710 |                 61 |        1 |
|  6 | std/arkworks-rs                 |  1148 |      36 |      21 |          9 |        7 |        587 |           101 |                 18 |        1 |
|  7 | curves/arkworks-rs              |  1125 |     271 |      88 |         16 |       25 |        481 |           130 |                 24 |        1 |
|  8 | plonky2/mir-protocol            |   996 |     575 |     167 |        575 |       60 |         17 |          4517 |                 28 |        1 |
|  9 | winterfell/facebook             |   931 |     637 |     134 |        637 |       29 |         10 |           518 |                 18 |        1 |
| 10 | circom/iden3                    |   761 |     945 |     158 |        945 |       34 |        222 |           502 |                 36 |        1 |


std/arkworks-rs has lower values for some of the metrics such as Stars, Forks, Watchers and Issues, however, it was included in this list since it is often used in combination with algebra/arkworks-rs and algebra/curves, and therefore having a high AppCount. winterfell/facebook has a lower AppCount than some of the other tools, however, the other metrics indicate that it has an active development environment. This could indicate that the tool is still under development and not entirely ready for general use (as seen in the low AppCount), indicating that it may be in the intersection between the Implementation phase and the Bookmarking phase. 

It is worth mentioning that CircomLib is not included in the list because, at the time of writing, it has not been committed to since 2022, deeming it inactive. However, the developer can consider using it alongside the other tools in the Circom stack (Circom and SnarkJS), as those tools are actively maintained. As noted in the previous phase, the tools libsnark/scipr-lab, openzkp, plonky and cairo-lang/starkware-libs have high values for the Development and Popularity features, but they are no longer actively maintained and so developers should avoid, or take caution, when using them for implementation. Tools such as leo and zksync have high values for the Development and Popularity features, but have generally low AppCount values since these tools are still in development. They are discussed in the Bookmarking phase. 

##### **Bookmarking Phase:**
Description: The bookmarking phase occurs when a developer acquires an interest in the ZKP space and have identified ZKPs as a valuable tool, but the immediate integration may not be feasible due to project constraints or other priorities. They are bookmarking ZKPs for future consideration. While not actively integrating ZKPs into the current project, developers in the bookmarking phase should focus on tools with strong community support, ongoing development, and clear roadmaps. This ensures that when the need arises, the latest and most effective ZKP solutions can be readily adopted.

Tool Requirement: Developers may consider tools with a growing popularity metrics, such as stars and watchers, and an increasing application count, signaling sustained interest from the community. 

This toolset for the Bookmarking phase is similar to that of the Implementation phase, but includes tools that are still in early development. These tools include: 

|    | UniqueID                |   Age |   Stars |   Forks |   Watchers |   Issues |   AppCount |   CommitCount |   ContributorCount |   Active |
|---:|:------------------------|------:|--------:|--------:|-----------:|---------:|-----------:|--------------:|-------------------:|---------:|
|  0 | zksync/matter-labs      |  1627 |    3376 |    2305 |        119 |       55 |          4 |         12193 |                 52 |        1 |
|  1 | leo/aleohq              |  1341 |     475 |     100 |        475 |       96 |          7 |          6026 |                 31 |        1 |
|  2 | miden-vm/0xpolygonmiden |   792 |     513 |     117 |        513 |      103 |          7 |          1943 |                 31 |        1 |
|  3 | risc0/risc0             |   629 |    1002 |     130 |       1002 |       62 |          5 |           600 |                 39 |        1 |
|  4 | plonky3/plonky3         |   226 |     162 |      33 |        162 |       22 |          1 |           491 |                 13 |        1 |


zksync has the highest commit count out of all the tools in the study, indicating, along with the other metrics, that a lot of development is going into the tool. As shown on their (website)[https://matter-labs.io/], zkSync is in production since Summer 2020, with growing usage. The website also states that it will soon be used to scale arbitrary smart contracts. Based on the activity on (Matter Labs's GitHub account)[https://github.com/matter-labs], the focus has shifted towards the development of (zksync-era)[https://github.com/matter-labs/zksync-era]. A developer could monitor the progress of Matter Labs's projects to understand what would suit their needs best.

(Aleo)[https://aleo.org/] has developed an extensive suite of tools to support their L1 ZK environment. Although the mainnet for Aleo has not yet been launched, there is an active development environment seen in the metrics of the leo repository along with other projects forming part of the Aleo ecosystem. This inclused snarkos and snarkvm that were seen in the 'Who' question as applications with outlying development metrics. 

Plonky3's age has landed it in this category. It's Development and Popularity features are promising and indicative of a tool that is being developed and on the rise. Plonky3 is aimed at improving the implementation of Plonky2, a tool that is currently popular and featured in the Implementation Phase.


An observation is that zkysync, risc0 and midenvm are all virtual machines (VM), where zkysync and midenvm are zkEVMs and risc0 is zkVM. These tools have high Development features and Popularity features, except for their AppCount which is low. This may because, as indicated by this phase, they are still in development and not suitable for general use. However, it may be worth speculating if their low AppCount could be attributed to the novice of the VMs as they are a relatively new tool concept, compared to other tools such as software libraries.

Tailoring the use of ZKPs to the specific phase of your development lifecycle is a strategic decision that optimizes the benefits of this powerful technology. By aligning ZKP integration with your project's developmental context, developers can navigate challenges effectively and capitalize on the unique advantages ZKPs offer.

Irrespective of the phase in which a developer finds themselves, there are additional terms to consider: 

Research vs. Industry Use:

A developer should consider whether their project is focused around research purposes or if they wish to build an industry product. The reason being is that some tools explicitly state that they are not suitable for use in production. Although tools have these warnings, there are cases where the tools are being used in large scale projects as seen in Zokrates where arkworks is used, despite arkworks explicit warning against this in majority of their repositories. As seen in arkworks/algebra (https://github.com/arkworks-rs/algebra) which states, "WARNING: This is an academic proof-of-concept prototype, and in particular has not received careful code review. This implementation is NOT ready for production use."

License:

When choosing a tool based on its license, developers should consider factors such as project requirements, legal considerations, and the philosophy of the open-source community. The MIT and Apache licenses are often favored for their permissive nature, while GPL may be chosen by those who want to ensure that derivative works also remain open source. 

External Resources:
The availability of external resources, such as documentation, a dedicated website, community forums (like Discord), and an active presence on social media platforms like Twitter, can significantly impact a developer's decision in choosing a ZKP tool. Having external resources contribute to the overall developer experience. Developers may prefer tools that not only offer robust technical features but also provide adequate support, documentation, and a sense of community for a more enriching development journey.

Below is a breakdown of the tools' license, external resources available and whether or not their READMEs indicate a warning against production use (where no warning was given, a tool is assumed safe for production use):

|    | UniqueID                        | Production   | License                    | Tool Resources   |
|---:|:--------------------------------|:-------------|:---------------------------|:-----------------|
|  0 | algebra/arkworks-rs             | False        | Apache 2.0, MIT            | True             |
|  1 | crypto-primitives/arkworks-rs   | False        | Apache 2.0, MIT            | True             |
|  2 | curves/arkworks-rs              | False        | Apache 2.0, MIT            | True             |
|  3 | gemini/arkworks-rs              | False        | MIT                        | True             |
|  4 | gm17/arkworks-rs                | False        | Apache 2.0, MIT            | True             |
|  5 | groth16/arkworks-rs             | False        | Apache 2.0, MIT            | True             |
|  6 | marlin/arkworks-rs              | False        | Apache 2.0, MIT            | True             |
|  7 | nonnative/arkworks-rs           | False        | Apache 2.0, MIT            | True             |
|  8 | poly-commit/arkworks-rs         | False        | Apache 2.0, MIT            | True             |
|  9 | r1cs-std/arkworks-rs            | False        | Apache 2.0, MIT            | True             |
| 10 | snark/arkworks-rs               | False        | Apache 2.0, MIT            | True             |
| 11 | sponge/arkworks-rs              | False        | Apache 2.0, MIT            | True             |
| 12 | std/arkworks-rs                 | False        | Apache 2.0, MIT            | True             |
| 13 | bulletproofs/sdiehl             | False        | BSD-3-Clause license       | False            |
| 14 | libsnark/scipr-lab              | False        | MIT                        | False            |
| 15 | miden-vm/0xpolygonmiden         | False        | MIT                        | True             |
| 16 | plonky/mir-protocol             | False        | Apache 2.0, MIT            | False            |
| 17 | plonky2/mir-protocol            | False        | Apache 2.0, MIT            | True             |
| 18 | pysnark/charterhouse            | False        |                            | False            |
| 19 | winterfell/facebook             | False        | MIT                        | False            |
| 20 | bellman/zkcrypto                | True         | Apache 2.0, MIT            | False            |
| 21 | bulletproofs/dalek-cryptography | True         | MIT                        | True             |
| 22 | snarkjs/iden3                   | True         | GNU General Public License | True             |
| 23 | cairo-lang/starkware-libs       | True         | Cairo Toolchain License    | True             |
| 24 | circom/iden3                    | True         | GNU General Public License | True             |
| 25 | circomlib/iden3                 | True         | GNU General Public License | True             |
| 26 | gnark/consensys                 | True         | Apache 2.0                 | True             |
| 27 | halo2/zcash                     | True         | Apache 2.0, MIT            | True             |
| 28 | leo/aleohq                      | True         | GNU General Public License | True             |
| 29 | merlin/dalek-cryptography       | True         | MIT                        | True             |
| 30 | openzkp/0xproject               | True         | Apache 2.0                 | False            |
| 31 | plonky3/plonky3                 | True         | Apache 2.0, MIT            | False            |
| 32 | risc0/risc0                     | True         | Apache 2.0                 | True             |
| 33 | zksync/matter-labs              | True         | Apache 2.0, MIT            | True             |

### Q: Where - *Where are you in your ZKP journery?*

#### Answer:

In the landscape of ZKP tools, there exists a spectrum of abstraction levels, each catering to distinct developer needs and project requirements. The inner workings of ZKPs involve an amalgamation of complex mathematical fields and concepts. Understanding ZKPs at a technical level requires a deep understanding of the underlying mathematics. Since there are tools at different levels of abstraction, determining which once to use may depend on the developer's level of understanding of ZKPs. The tool abstraction spectrum goes hand-in-hand with the ZKP understanding spectrum. Tools, such as those forming part of the `arkworks` suite, are used for more low-level development where fine-grained control over the ZKP system is required. On the other end of the abstraction spectrum are tools such as zkEVMs and zkVMs which typically come with built-in ZKP support, allowing developers to leverage these features without having to implement the underlying cryptographic primitives from scratch. This question aims to guide developers in choosing the level of abstraction that aligns with their level of understanding, familiarity and project goals, i.e. 'How 0 is Your Knowledge?'. 

Before expanding on the levels of knowledge a developer my have, it is worth understanding what determines the complexity of a tool. To aid in understanding why certain tools are more suitable for different levels of understanding, each tool has been assigned a tool type. This is the classification or category that a specific tool falls into based on its primary functionality, purpose, or the way it is designed to be used. Each tool type represents a broad class of tools that share similar characteristics or serve a common goal within the field of ZKP development. The following tool types were devised:


**Low-level ZK Development:**
Tools classified under this category are designed for developers who seek a high degree of control and customization in their ZKP implementations. They often involve direct manipulation of cryptographic primitives and require a deep understanding of ZKP concepts.
These tools are best suited for experts or developers with a strong background in cryptography and a need for fine-grained control over ZKP constructions.

**Proof System:**
Proof systems provide a framework or set of protocols for constructing and verifying ZKPss. These systems define rules and structures for creating proofs and are foundational for building ZKP applications. They are useful for a range of developers who want to leverage specific and established proof systems for building ZKP applications without delving into low-level cryptographic details.

**Library:**
ZKP libraries offer pre-built functions and utilities to simplify the implementation of Zero-Knowledge Proofs. They abstract away many cryptographic intricacies, making it easier for developers to integrate ZKP capabilities into their applications. Beginner to intermediate developers who want to use ZKPs without deep involvement in cryptographic details benefit from the various ZKP libraries. Usually, libraries provide a balance between abstraction and customization.

**DSL (Domain-Specific Language):**
DSLs are specialized programming languages tailored for expressing ZKP-related tasks. They provide a higher level of abstraction than general-purpose languages, making it easier to work with ZKPs for specific applications. DSLs are for developers who prefer a more expressive and focused language for ZKP-related tasks, offering a level of abstraction suitable for various application domains.

**zkEVM (Zero-Knowledge Ethereum Virtual Machine):**
zkEVMs extend the concept of Ethereum Virtual Machine (EVM) to support Zero-Knowledge Proofs. They guarantee the correctness of programs, operations, and inputs and outputs, whilst maintaining EVM compatibility. Developers aiming to build privacy-centric decentralized applications (dApps) on blockchain platforms like Ethereum (or any other EVM compatible chains) where data confidentiality is a priority will benefit from using zkEVMs.

**zkVM (Zero-Knowledge Virtual Machine):**
A zkVM is a virtual machine that utilizes ZKPs to guarantees secure and verifiable trustworthiness by ZKPs. zkVMs are built with ZK-first principles, integrating them into every piece of the tech stack.[https://aleo.org/post/the-aleo-advantage-evolving-from-zkevms-to-the-zkvm-blockchain/] Unlike zkEVMs, zkVMs do not support EVM compatibility. zkVMs are suitable for developers interested in incorporating Zero-Knowledge features into broader computational models for privacy, security and scalability benefits. https://mirror.xyz/msfew.eth/Yl64OK3lLG48eJpVB3GxqFEhmWOm6yMlAo9sc1VrQP4

By categorizing developers into three levels - beginner, intermediate, and expert — this question aims to guide developers toward ZKP tools that align with their current understanding and proficiency in this field. Here's a breakdown of each category:

##### Beginner:
Description: Developers who are just starting their exploration of ZKPs fall into the beginner category and have limited or no practical experience with implementing ZKPs.

Tool Considerations: In this phase, developers may benefit from tools that offer a more user-friendly and approachable experience. Tools that abstract away complex details and provide extensive documentation and tutorials can be particularly helpful for beginners.

The Beginner level tools consist of the zkEVMs, zkVMs and some high-level DSLs. The DSL, Leo, does not require a developer to have a detailed understanding of the inner workings of ZKPs as the low-level details are abstracted by the ecosystem. This level of abstraction is also seen in the tools zkSync which requires developers to write smart contract in Solidity (which most Web3 developers are familiar with already). Developers interact with RISC Zero by simply writing code and the service handles all the ZKP backend complexity. As explained in the Introduction to Miden VM, which is part of the ZKHack series (https://www.youtube.com/watch?v=Q8xYSOx82U0), one of the main attractive points of zkEVMs such as the Polygon Miden, is the ease of use and no need to understand ZKPs and their cryptographic intricacies.  

##### Intermediate:
Description: Developers with some experience and understanding of ZKPs but who are not yet experts fall into the intermediate category.

Tool Considerations: Intermediate developers may be ready to explore tools that offer a balance between abstraction and control. These tools can provide more customization options while still offering guidance and documentation for continued learning. Using these tools are non-trivial as developers need to have cryptographic knowledge to understand the customization options of these tools. 

Most tools falling into the Library, DSL and Proof System categories fall into the Intermediate level of understanding required. These tools require a developer to have a thorough understanding of ZKPs while not requiring them to know the details of the foundational cryptographic elements. For instance, 
Plonky3 toolkit for implementing polynomial IOPs, such as PLONK and STARKs. It is built to support multiple types of cryptographic components, such instance various types of fields,  polynomial commitment schemes, polynomial IOPs, codes, interpolation and hashes. A developer would need to understand to understand each of these components and their different types in order to be able to customize the tool towards their needs. 

##### Expert:
Description: Seasoned developers with advanced knowledge in cryptography and significant experience in working with ZKPs fall into the expert category.

Tool Considerations: Experts may prefer tools that provide maximum control and flexibility. They might be more comfortable with lower-level tools that allow fine-grained adjustments and customization to meet specific project requirements.

The set of arkworks tools fall into this category. Arkworks is Rust ecosystem for zkSNARK programming [https://github.com/arkworks-rs]. The ecosystem provides a collection of libraries specializing in low-level details such as algebra, curves, and cryptographic primitives. Arkworks provides a toolset which allows developers to customize their ZKP development stack without needing to create many cryptographic details from scratch. Arkworks forms the backbone of many zero-knowledge applications, even other ZKP tools, such as ZoKrates. Although aimed at being a toolkit for zkSNARK implementations, certain arkworks libraries have been used in the Cairo languages which is a DSL built around the zkSTARK construction. 

There is room for flexibility in these tool classifications as tools allow for a range of customization. For instance, refer to Circom. As a DSL, Circom allows developers to design, create and customize their own arithmetic circuits to be used in their ZKP projects. The modularity of the Circom language allows the definition of parameterizable small circuits, called templates, which can be instantiated to form part of larger circuits. This allows developers to create their own custom circuits with varied complexity [https://wiki.polygon.technology/docs/zkevm/zkProver/circom-intro-brief/]. Developers who do not have the technical understanding to create their own circuits can use templates from CircomLib which is a library of basic circuits circom.

The inspiration in understanding the various tool types and how they related to the level of understanding required came from a [blog post](https://www.blockchaincapital.com/blog/a-developers-guide-to-the-zkgalaxy) by Blockchain Capital's Ryan Sproule. 



#### Tool Types 

|    | Name                       | KnowledgeLevel           | ToolType                 |
|---:|:---------------------------|:-------------------------|:-------------------------|
|  0 | arkworks/algebra           | Expert                   | Low-level ZK Development |
|  1 | arkworks/crypto-primitives | Expert                   | Low-level ZK Development |
|  2 | arkworks/curves            | Expert                   | Low-level ZK Development |
|  3 | arkworks/gemini            | Expert                   | Low-level ZK Development |
|  4 | arkworks/gm17              | Expert                   | Low-level ZK Development |
|  5 | arkworks/groth16           | Expert                   | Low-level ZK Development |
|  6 | arkworks/marlin            | Expert                   | Low-level ZK Development |
|  7 | arkworks/nonnative         | Expert                   | Low-level ZK Development |
|  8 | arkworks/poly-commit       | Expert                   | Low-level ZK Development |
|  9 | arkworks/r1cs-std          | Expert                   | Low-level ZK Development |
| 10 | arkworks/snark             | Expert                   | Low-level ZK Development |
| 11 | arkworks/sponge            | Expert                   | Low-level ZK Development |
| 12 | arkworks/std               | Expert                   | Low-level ZK Development |
| 13 | bulletproofs (sdiehl)      | Intermediate             | Proof System             |
| 14 | libsnark                   | Intermediate to Expert   | Library                  |
| 15 | miden-vm                   | Beginner                 | zkEVM                    |
| 16 | plonky                     | Intermediate             | Proof System             |
| 17 | plonky2                    | Intermediate             | Proof System             |
| 18 | pysnark                    | Intermediate             | Library                  |
| 19 | winterfell                 | Intermediate             | Library                  |
| 20 | bellman                    | Intermediate to Expert   | Library                  |
| 21 | bulletproofs               | Intermediate             | Proof System             |
| 22 | snarkjs                    | Intermediate             | Library                  |
| 23 | cairo-lang                 | Beginner                 | DSL                      |
| 24 | circom                     | Intermediate             | DSL                      |
| 25 | circomlib                  | Beginner to Intermediate | Library                  |
| 26 | gnark                      | Intermediate             | Library                  |
| 27 | halo2                      | Intermediate             | Proof System             |
| 28 | leo                        | Beginner                 | DSL                      |
| 29 | merlin                     | Intermediate             | Proof System             |
| 30 | openzkp                    | Intermediate             | Library                  |
| 31 | plonky3                    | Intermediate             | Library                  |
| 32 | risc0                      | Beginner                 | zkVM                     |
| 33 | zksync                     | Beginner                 | zkEVM                    |



### Q: Why - *Why are you using ZKPs?*

#### Answer: 

Consider the purpose of your ZKP application. If wanting to built an enterprise solution, the use of certain tools impose some limitations. 

- scaling, privacy or non-blockchain

** manual labelling required

Look at tools for limitations of use: 
- e.g. in `bulletproofs` README the disclaimer states, "*This is experimental code meant for research-grade projects only. Please do not use this code in production until it has matured significantly.*"
- Licensing: Ensure that the license of the chosen library aligns with your project's requirements. Some libraries may have open-source licenses that impose specific conditions on how the code can be used.
- Community Support: Libraries with active communities tend to receive regular updates, bug fixes, and improvements. Check the community support and maintenance status of the library.
- External Resources: Libraries with external resources such as documentation, tutorials and active social media profiles could be an indication of a tool with an active development environment

### Additional things to consider: 

**Programming Language:** Choose a library that is compatible with the programming language of your application. For example, bellman is written in Rust, while dalek-cryptography is in Rust and python.


**Ease of Use:** Consider the ease of integration and the learning curve associated with each library. Some libraries provide high-level abstractions and user-friendly interfaces, while others may offer more flexibility at the cost of complexity.


### Additional Resources
- https://twitter.com/aztecnetwork/status/1717189113823236530
- https://wiki.polygon.technology/docs/zkevm/zkProver/circom-intro-brief/
- https://dev.to/spalladino/a-beginners-intro-to-coding-zero-knowledge-proofs-c56 (circom, halo2 and noir)
- https://medium.com/@lucafra92/a-guide-to-zero-knowledge-proofs-f2ff9e5959a8 - explains ZKPs


