Demystifying 𝒫𝔩𝔬𝔫𝒦: A Hands-on Tutorial Framework for Zero-Knowledge Education (Martin Ochoa)

Описание: In this talk, Martin Ochoa dives into "Demystifying 𝒫𝔩𝔬𝔫𝒦: A Hands-on Tutorial Framework for Zero-Knowledge Education". This talk was held in Munich at the 2025 TUM Blockchain Conference.

Abstract: Zero-knowledge proofs (ZKPs) have rapidly evolved from theoretical cryptographic constructions into practical systems underpinning many leading blockchain and privacy-preserving technologies. Among these, the 𝒫𝔩𝔬𝔫𝒦 protocol has emerged as one of the most influential zk-SNARKs, both as a deployed proof system and as a foundation for numerous optimizations and derivatives (such as TurboPlonk, UltraPlonk and HyperPlonk among others). Yet, despite its wide adoption, 𝒫𝔩𝔬𝔫𝒦 remains notoriously difficult to understand. On one hand, while the original PLONK paper is mathematically rigorous, it presents selector polynomials, wiring permutations, quotient tests, random challenges, and KZG commitments with little accompanying guidance, making it difficult for newcomers to build intuition. On the other hand, modern implementations such as Halo2 have already diverged from the original presentation, introducing engineering optimizations and generalizations that obscure the underlying algebraic structure. Students and practitioners thus face a tension: the theory is too abstract, while the implementations are too optimized. This leaves a gap for those seeking to truly understand how the pieces of 𝒫𝔩𝔬𝔫𝒦 fit together. To address this gap, we have developed and open-sourced a comprehensive, hands-on tutorial that demystifies 𝒫𝔩𝔬𝔫𝒦 through a carefully designed running example. A key challenge in designing such material was to select an example that is small enough to be readable and tractable, while still realistic enough to reflect the true algebraic setting of deployed systems. Our tutorial therefore builds on circuits that are minimal yet non-trivial, and uses realistic parameters such as the BN254 curve and pairings, avoiding the extreme simplifications often found in introductory accounts. This ensures that learners practice with the same mathematical objects used in real-world deployments, while still being able to follow the protocol end to end. The tutorial guides learners from simple arithmetic circuits all the way to a full non-interactive Fiat–Shamir proof. Along the way, participants build explicit tables of intermediate values, interpolate low-degree polynomials over the BN254 field, encode gate and wiring constraints, and perform both deterministic and probabilistic zero-tests. A central pedagogical goal was not just to “show solutions” but to let learners actively solve exercises themselves. Each section is broken into incremental exercises with associated test cases, enabling students to check their own progress and build confidence before moving forward. This interactive structure turns what could be a passive reading experience into an engaging, problem-solving journey. The tutorial has already been deployed in an academic context, specifically in a graduate-level course on zero-knowledge proofs at the Technical University of Munich (TUM), where it served as a practical complement to lectures on advanced proof systems. Student feedback highlighted that the structured, incremental nature of the exercises allowed them to internalize concepts that would otherwise remain opaque when reading only research papers or codebases. The material is openly available at https://plonk.zksecurity.xyz, enabling reproducibility, reuse, and extension by the broader community. Our contribution is therefore pedagogical and methodological: rather than proposing a new protocol, we propose a new way of learning one. By exposing the algebraic building blocks in a progressive manner, carefully balancing simplicity with realism, and enabling self-directed exploration through exercises and test cases, we make 𝒫𝔩𝔬𝔫𝒦 accessible to both newcomers and practitioners who wish to deepen their understanding. Beyond 𝒫𝔩𝔬𝔫𝒦 itself, the tutorial demonstrates a framework for teaching ZKPs that could be extended to other protocols, helping to bridge the gap between abstract cryptographic papers and optimized production implementations. In doing so, we hope to lower the barrier to entry for researchers, engineers, and students, contributing to the wider adoption and secure deployment of ZKPs in practice.

The TUM Blockchain Conference 2025, hosted by the TUM Blockchain Club, brought together top researchers, developers, regulators, and students to share and discuss the latest trends and developments in web3. Over 1100 attendees participated in the two-day event, featuring over 150 speakers across 4 stages and 6 side events. We are excited to share the recordings of the sessions with you and look forward to seeing you next time!

🔗 Learn more about the conference: https://conference.tum-blockchain.com
📅 Date of the event: September 11-12, 2025
📍 Location: House of Communication, Munich