►
Description
Mina's zkApps are smart contract applications powered by zero knowledge technology, which offer privacy, security and verifiability for users. Join the Mina community in Denver and learn about ZK, use cases, and starting building your first app during this hands-on workshop.
A
Foreign,
are
people
ready,
cool
all
right?
We
can
start
the
stream
then
and
I'll
get
started.
So
this
is
we're.
Gonna
learn
ZK
in
90
minutes.
This
is
a
collaborative
workshop
with
the
Mina
protocol.
This
QR
code
will
appear
at
the
beginning
of
the
presentation
throughout
it
and
at
the
end,
and
it
links
to
a
notion
page
that
has
a
bunch
of
relevant
information.
You
know
discords
links
to
the
GitHub
programs
that
we'll
mention
throughout
the
presentation.
Etc,
it's
the
idea.
A
Being
you
don't
have
to
worry
about
taking
notes
or
jotting
anything
down.
We
have
notes
taken
for
you
already
and
you
can
just
scan
the
QR
code
to
get
them
oops.
Sorry
again,
if
you
haven't
installed
the
zcap
CLI
or
cloned
the
repository,
you
can
do
that.
A
If
you
want
to
follow
along,
you
don't
have
to
if
you
just
want
to
sort
of
watch
and
learn
okay,
so
who
am
I
I'm,
Jack,
servia
I'm,
a
developer
relations
engineer
at
of
one
Labs
I'm
based
in
Denver
Colorado
I,
was
born
in
Denver,
Colorado
and
I
plan
to
live
here
forever.
Basically,
and
that's
my
my
Twitter
okay,
so
what's
ovonne
Labs
who's,
building,
Mina,
what's
Mina
Foundation,
Etc,
so
oven,
Labs
is
a
basically
a
zero
knowledge
technology
company.
A
We
built
the
proof
system
for
the
Mina
protocol
and
also
the
reference
node
implementation.
Mina
Foundation
is
more
akin
to
the
ethereum
foundation.
They
do
things
like
sort
of
Steward
the
whole
ecosystem.
They
have
very
cool
programs
that
we'll
talk
about
later
on
in
the
presentation-
and
you
know
if
you're
looking
for
a
grant
or
or
if
you're
looking
to
you
know,
do
something
kind
of
big
picture
in
the
ecosystem.
They're,
probably
the
people
you
want
to
talk
to.
A
So
it's
not
just
Owen
labs
and
Mina
Foundation
that
are
building
Mina
protocol,
though
there's
actually
a
whole
bunch
of
companies
and
I
didn't
include
them
in
a
slide
because
I
didn't
have
time
to
reach
out
and
you
know,
ask
if
they
wanted
to
be
included
included
in
a
slide
and
stuff,
but
we'll
talk
throughout
the
presentation
about
a
couple
of
other
organizations
that
are
helping
build
the
Muna
ecosystem.
So
this
is
our
agenda
for
today.
First,
we're
going
to
talk
about
snarky
Jess,
then
the
Mina
protocol,
then
we're
going
to
do
hello
Wordle.
A
This
is
a
you
know,
we'll
we'll
walk
you
through
building
a
wordal,
smart
contract
using
snarkyjs
and
then
we'll
talk
about
next
steps
and
have
questions
and
answers.
So
snarky
JS
is
a
typescript
library
for
defining
zero
knowledge
proofs
and
it's
also
the
smart
contract
language
for
the
media
protocol.
A
It
looks
like
this.
We
don't
have
to
worry
about
that.
Quite
yet,
but
we'll
talk
about
it
in
you
know,
maybe
20
minutes
everything
is
in
typescript,
so
you
can
keep
using
the
tools
that
you're
familiar
with,
like
npm
prettier
vs
code
with
intellisense
neslint,
and
it's
very
easy
to
learn.
You
can
see
here.
We've
done
a
pretty
good
job
of
making
sure
that
everything
in
the
library
has
really
good
type
doc
coverage.
So
if
you
want
to
learn
snarky.js
you
can,
you
know,
do
tutorials
attend
a
workshop
like
this.
A
We
have
lots
of
recorded
videos,
but
you
can
also
just
dive
straight
into
a
code
base
and
if
you
find
something
that
you're
not
sure
about
you
can
just
hover
your
cursor
over
it
and
it'll
probably
give
you
a
pretty
good
explanation
of
what
it
does
some
example
code
and
then
it'll.
You
know,
of
course
explain
the
type
as
well,
so
snarky
dress
is
easy
to
learn,
but
it's
also
exceptionally
powerful,
and
this
is
for
two
reasons,
there's
kind
of
two
sides
of
this
coin:
one
is
kimchi,
which
is
our
proof
system.
A
This
is
kind
of
deep
under
the
weeds.
You
know
this
is
the
the
thing
that
actually
makes
the
zero
knowledge
proofs
and
it
has
a
number
of
features.
Basically,
it's
state
of
the
art,
but
if
you're
into
this
kind
of
thing,
if
you're
into
cryptography,
you
know
these
are
some
unique
features
that
kimchi
has.
It
has
fully
trustless
setup,
meaning
that
you
don't
have
to
do
any
kind
of
ceremony
in
order
to
create
smart
contracts
or
zero
knowledge
proofs.
A
Anybody
who
writes
something
in
snarky
Jazz
can
prove
it
and
they
don't.
Nobody
needs
to
rely
on
this.
You
know
like
powers
of
Tau
ceremony
or
something
like
that.
It
has
custom
constraints
for
Poseidon,
elliptic,
curves
and
encryption,
so
this
allows
you
to
do
operations
that
you'll
have
to
do
frequently
very
efficiently.
A
It
also
has
a
constant
proof
size,
meaning
that
no
matter
how
much
computation
you
do,
the
zero
knowledge
proof
that
you
get
out
is
always
the
same
size
and
it's
quite
small.
It's
also
recursive,
and
this
means
that
we
can
verify
zero
knowledge
proofs
that
were
generated
using
kimchi
inside
of
other
kimchi
proofs.
A
This,
when
you
couple
it
with
the
constant
proof,
size
means
that
you
know
we
can
have.
Let's
say
five
proofs.
Each
one
is
the
same
size
and
we
can
verify
all
of
them
inside
of
another
proof
and
that
proof
is
the
same
size
as
each
of
the
constituent
proofs.
So
this
opens
the
door
to
a
lot
of
really
interesting
things,
and
this
recursion
is
not
just
sort
of
linear,
as
in
we
can
take
one
proof
and
put
it
inside
of
another.
We
can
do
arbitrary.
You
know
branch
and
merge
operations
kind
of.
A
Finally,
it's
plonkish,
and
this
again
really
just
means
that
we're
kind
of
like
a
part
of
an
ecosystem
of
people
that
are
developing
new
ideas
and
that
we
can
utilize
their
new
ideas.
As,
as
you
know,
the
the
whole
sort
of
ecosystem
works
together.
So
again,
this
is
not
super
important
to
dive
into
kimchi
is
not
even
a
super
important
like
thing
to
be
aware
of.
If
you
just
want
to
build
stuff,
but
if
you're
interested
in
the
cryptography
you
know,
kimchi
is
kind
of
like
the
cryptography
engine
that
makes
snarky.js
work.
A
So
that's
one
half
of
the
the
power
again.
This
is
what's
under
the
hood.
You
don't
have
to
worry
about
it
too
much.
The
other
thing
that
makes
snarky
Jazz
so
powerful,
though,
is
sort
of
the
controls.
It's
it's
the
part
that
people
actually
interact
with
you
know
as
a
developer.
You
have
to
write
stuff
using
this
tool
and
we've
tried
to
make
it
as
easy
expressive
and
Powerful
as
possible
for
you,
the
method,
chaining
API
lets
you
think
through
your
programs
in
a
linear
way.
A
This
is
a
pretty
big
deal
compared
to
you
know
other
zero
knowledge
proof
programming
languages
where
sometimes
you
have
to
think
about
things
in
sort
of
a
way
that
I
guess
in
a
way
in
such
a
way
that
there's
no
concept
of
time.
This
tends
to
be
very
hard
for
most
programmers.
Today,
it's
very
old
school,
and
so
this
method,
chaining
API,
makes
this
pretty
easy.
You
can
see.
We
have
something
like.
Let's
do
this
one
we've
got.
This
variable
is
not
red.
Peg
we've
got
a
guess
at
an
index.
A
We
can
check
if
it's
equal
to
zero,
and
then
you
know
not
this.
So
we
want
to
know
if
guest
I
is
not
equal
to
zero.
This
is
pretty
straightforward.
We
check
if
it's
equal
to
zero.
If
it
is,
we
get
a
true,
if
it's
not,
we
get
a
false.
If
it's
true,
then
you
know
we
pass
it
into
this
knock
it
and
we
get
the
opposite,
and
you
can
do
this
kind
of
over
and
over
again,
the
result
being
that
it
tends
to
be
pretty
easy
to
think
about.
A
You
know:
here's
my
data,
here's,
how
it
needs
to
change
and
here's
the
output,
and
you
don't
have
to
worry
about
making
sure
that
this
is
constrained
too
much.
The
other
thing
that
we
have
is
struct,
and
this
allows
you
to
Define
your
own
custom
data
types.
This
is
again
pretty
unique
to
snarky
JS.
You
can
see
up
top
here.
We
have
my
structure
which
extends
struct.
A
Actually,
let's
do
this
bottom,
one,
my
Tuple,
which
extends
trucked,
and
so
you
can
pick
you
know
we
can
make
a
an
array
here
and
have
a
public
key
and
a
string
in
it,
and
this
is
a
new
data
type.
So.
A
Very
simple,
but
we'll
talk
more
later
on
about
one
that's
more
complicated.
The
idea
behind
this
is
that
then,
once
we
have
this
struct,
we
can
do
whatever
we
like
with
it
inside
of
our
our
our
smart
contract,
and
it
just
works
so
yeah.
Instead
of
having
to
kind
of
worry
about
how
your
data
is
represented
in
in
real
time,
we
have
this
layer
of
abstraction
that
lets
you.
You
know
Define
how
you
want
to
interact
with
things
before
you
go
about
interacting
with
them.
A
Finally,
plenty
of
the
stuff
that
you
need
is
already
implemented
inside
of
the
snarkyjs
library,
so,
what's
included
in
snarky
Jazz.
Today
we
have
all
sorts
of
types
unsigned:
integers,
64,
bits,
32
bits,
integers
are
64
bits,
group,
Boolean,
scale,
public
use,
private
key
signatures
and
circuit
string
and
then
with
structs.
You
can.
You
know,
compose
these
to
create
even
more
complicated
data
types
and
we'll
talk
more
about
what
these
are
Under
the
Hood.
In
a
little
bit,
we
have
efficient,
Poseidon
hash
function.
A
Poseidon
is
a
hash
function,
just
like
you
know,
kachak
or
something,
but
it
happens
to
be
very
efficient.
Inside
of
our
proof
system,
we
have
efficient
encryption
and
decryption.
We
have
efficient
signatures,
we
have
Merkle
tree
API,
a
recursion
API
and
also
an
action
reducer
API.
A
Sorry,
my
watch
just
said:
hi,
okay,
so
a
common
question
that
we
get
is
you
know?
Why
did
we
choose?
Typescript
lots
of
people
have
strong
opinions
about
typescript.
Really.
The
reason
is
because
we're
ecosystem
focused.
So
the
idea
is
that
if
you
build
user-facing
products,
you
can
leverage
other
people's
work
to
build.
These
amazing
applications
that
do
things
that
you
might
not
know
how
to
do.
I
don't
know
like
some
kind
of
fancy
cryptography
thing
you
might
not
know
how
to
do
like
threshold
signatures
or
or
something
like
that.
A
So
the
idea
is
that
you
know
you
can
import
people's
code
and
and
build
these
types
of
applications
that
depend
on
those
Primitives
and
then,
if
you
are
a
cryptographer,
we
have
plenty
of
support
to
help.
You
build
the
tools
for
other
devs,
so
you
can
talk
to
people
like
me.
In
things
like
office
hours,
Mina
Foundation
has
programs
that
can
help
you
get
paid
to
do
this
kind
of
thing,
and
the
idea
is
that
we
want
to
have
code
reuse,
that's
as
high
as
it
is
in
the
JavaScript
ecosystem.
We
want.
A
You
know
the
people
who
want
to
work
on
hard,
crypto
things
to
build
hard,
crypto
things
and
and
be
able
to.
You
know,
get
paid
for
it,
and
we
want
the
people
who
want
to
build
user-facing
products
to
have
doors
open
to
them
so
that
they
can
build
kinds
of
products
that
were,
you
know,
just
simply
not
possible
even
a
few
years
ago.
A
Okay,
so
how
does
it
all
work?
Here's
kind
of
an
overview
of
snarky
Jazz.
This
is
very
high
level
and
at
the
end,
if
people
want
to
dig
in
more
with
questions,
we
can
do
that
or
you
can
come.
Stop
me
after.
We
also
have
again
things
like
office
hours,
so
some
of
this
falls
through
the
cracks
it's
okay.
The
idea
is
for
people
who
are
interested
in
how
we
take
a
JavaScript
program
and
turn
it
into
a
proof.
A
This
gives
us
a
little
bit
of
insight,
so,
okay,
snarky
jazz,
is
a
typescript
library.
This
is
here
just
to
sort
of
indicate
that
it's
not
some
kind
of
like
wasm
compiler
or
something
it's
not
taking
your
your
typescript
and
compiling
it
into
something
else.
It
all
is
literally
running
in
node
or
electron,
or
you
know,
a
chrome
window.
It
is
all
literally
typescript,
and
so
what
happens
is
when
we
write
things
using
snarky.js.
A
It
feels
a
little
bit
like
react
using
jsx,
where
we
have
this
kind
of,
like
other
syntax,
that's
built
on
top
of
the
JavaScript
syntax
that
we're
used
to,
but
it
is
all
ultimately
JavaScript
and
so
how
it
works
is
we
have
a
bunch
of
JavaScript
types
and
then
we
have
some
Starkey
JS
types,
and
these
snarky.js
types
are
all
ultimately
composed
of
this
type
called
field.
And
what
field
is?
Is
it's
an
element
of
a
finite
field?
This
is
like
a
math
concept.
It's
basically
a
specific
set
of
numbers.
A
You
don't
have
to
worry
about
it
too
much
they're
required
for
the
underlying
cryptography,
but
you
have
Escape
patches
so
that
you
can
use.
You
know
like
unsigned
integers
or
strings
things
that
you're
familiar
with
working
with,
but
what
you
have
to
know
just
kind
of
like
in
order
to
orient
yourself
is
that
under
the
hood,
everything
is
turning
into
this
field
type,
it's
sort
of
like
in
a
computer
when
you
use
a
string.
Ultimately
it
becomes.
A
You
know
an
unsigned
integer
that
gets
you
know
represented
as
ones
and
zeros
in
in
a
physical
processor,
are
sort
of
most
fundamental
representation
of
data.
Is
this
field
type,
and
so
anything
that
we
make
in
snarky
Jazz
has
to
be
able
to
be
represented
in
this
field
type
in
order
for
us
to
prove
things
about
it,
and
so
what
this
means
is
that
you
know
the
normal
JavaScript
code
that
we
write.
A
Everything
that
we
mentioned
earlier
unsigned
integers
booleans,
whatever
all
of
these
are
structs
that
are
made
out
using
the
field
type,
and
so
you
can
make
structs
of
structs
so
on,
and
so
we
have
a
bunch
of
classes
and
functions
like
one
of
these
is
you
know
circuit?
If
one
of
these
is
ADD,
they
do
the
simple
things
you
would
expect,
but
instead
of
doing
these
things
on
JavaScript
types
like
numbers,
they
do
it
on
fields
or
unsigned
integers
that
are
composed
of
fields.
A
They
do
it
on
snarky.js
types
and
so
snarky
JS
can
represent
any
operation
on
these
field
types
as
a
kimchi
arithmetization,
which
is
basically
a
math
problem
that
mirrors
what
the
program
does.
So
the
user
doesn't
have
to
worry
about
this.
This
is
all
done
for
you.
You
just
write
your
program
using
the
snarky,
jest
classes
and
functions
and
using
the
snarky.js
types
and
as
long
as
you've
done
this,
then
snarky.js
afterwards
can
go
on
an
introspect.
A
It
can
you
know,
sort
of
look
at
the
code
that
you've
written
and
figure
out
how
to
make
a
math
problem,
that'll
check
it
and
then,
finally,
when
a
user
interacts
with
the
snarky.js
program,
they
can
call
a
method
and
generate
a
zero
knowledge
proof
that
their
interaction
was
legal
and
this
zero
knowledge
proof
is
basically
doing
some
additional
math
to
this
math
problem
that
we
have.
That
represents
our
our
program
and
creating
a
proof
or
verifying
the
proof
that
comes
out
of
it
again.
A
If
this
is
kind
of
abstract
or
goes
overheads,
that's
all
right
come
talk
to
me
after
you
know.
There's
a
lot
going
on
here,
but
all
of
it
is
is,
is
under
the
hood
users.
Don't
have
to
worry
about
this
too
much
unless
they're
curious,
okay.
So
how
do
snarky
Jazz
smart
contracts
work?
Well,
the
developers
write
smart
contracts
in
typescript
and
they
deploy
the
verification
key
to
a
zika
app
account
on
Mina.
A
We
have,
you
know
a
bunch
of
nodes,
we
send
a
transaction,
we
sign
it
and
it
has
a
verification
key,
and
this
verification
key
is
basically
a
number
that's
committing
to
the
smart
contract
that
we've
written
and
so
that
then
later
on.
The
network
can
verify
transactions
that
are
created
for
this
smart
contract
using
the
verification
key.
And
so
if
we
were
to
change
the
smart
contract
code,
the
verification
key
would
also
change.
Thus,
if
we
say
run
a
program
correctly,
but
it's
not
the
program
that
we
committed
to
earlier.
A
Our
proof
just
won't
be
valid.
So
yeah
the
users
run
these
smart
contracts
in
the
browsers
or
a
node
or
an
electron
anywhere
that
JavaScript
runs.
These
will
run
and
they
generate
a
zero
knowledge
proof
of
their
interaction.
So
they
take
this
serial
knowledge
proof
and
they
send
it
to
Mina.
A
A
Yes,
Mina
only
needs
the
key,
so
the
circuit
can
live
anywhere.
You
can
put
it
in
okay,
so
I'll
restate
the
question
for
everybody.
So
the
question
is:
how
does
the
mean
of
blockchain
get
the
the
circuit
or
I?
Guess
like
the
the
program?
The
amino
blockchain
only
has
this
verification
key
yeah,
so
The,
Beano
blockchain
has
the
verification
key,
and
this
commits
to
all
of
the
functionality
of
the
program
that
we
wrote.
The
program
itself
can
live
anywhere.
It
can
live
on
like
a
Content
delivery.
Network
it
can
live
on
ipfs.
A
It
can
live
even
on
something
like
ethereum.
It
really
is
just
typescript
code
and
as
long
as
you
can
get
a
hold
of
it
and
run
it,
the
the
amino
blockchain
doesn't
even
have
to
know
what
the
code
does.
It
just
has
to
have
this
commitment
to
what
the
code
does
in
order
to
be
able
to
to
check
that
you
ran
it
correctly,
so
the
the
code
actually
does
not
go
on
the
blockchain.
It
just
lives
wherever
you
want.
To
put
it.
A
A
A
Oh,
when
the
user
sends
their
transaction
they're,
basically
specifying
this
yeah
the
same
way,
the
same
way
that
you
know
like
when
you
call
in
ethereum
smart
contract,
you
are
specifying
an
address
and
then
also
a
you
know,
a
specific
method.
A
A
We
can
also
come
back
to
this
later
on.
If
you
want
so
okay,
let's
jump
back
into
this
sorry.
So
if
the
mean
of
blockchain
can
validate
the
serial
knowledge
proof,
then
it
commits
any
relevant
State
updates.
Let
me
jump
back
one
okay,
so
yeah.
If
the
amino
blockchain
can
verify
the
zero
knowledge
proof,
then
it
will
commit
any
relevant
State
updates.
So
when
we
do
something
we
usually
want
to
change
the
state
of
the
world
we
want
to.
A
You
know
update
a
value,
change,
somebody's
balance,
change
your
permission,
something
like
that,
and
so
when
you
run
our
smart
contract
method,
we
get
a
list
of
things
that
we
want
to
do
a
list
of
states
that
we
want
to
update
Etc,
and
we
also
get
a
proof
that
says
we're
allowed
to
update
these
states,
and
so
we
send
just
the
proof
and
these
updates
to
the
mean
of
blockchain
and
if
the
mean
a
blockchain
can
verify
the
proof,
then
you
know
we
do
these
things,
and
so
we
pass
into
our
smart
contract
some
arguments.
A
You
know
that
the
user
provides
the
state
of
the
smart
contract
at
the
time
that
we're
running
it
and
the
user
can
query
this
from
the
Mino
blockchain
and
then
also
some
value
from
the
state
of
the
world.
This
can
be
something
like
block
height.
What
we
get
out
is
the
proof
that
we
did
this
correctly
and
we
also
get
updates
to
the
state
of
the
smart
contract
and
updates
to
the
state
of
the
world
all
right.
A
So
that's
how
ZK
smart
contracts
work,
but
how
do
ZK
apps
work?
It's
pretty
simple!
You
can
just
install
your
smart
contract
into
your
UI
repository
and
deploy
it
so
yeah.
You
can
publish
it
to
GitHub.
You
can
publish
it
to
npm
as
a
package,
whatever
you
want
and
then
when
it
comes
time
to
use
it
in
your
UI,
it's
just
typescript
code,
so
you
just
import
the
smart
contract
methods
that
you
need
to
call
directly
into
your
front
end.
You
know,
then
the
user
does
something
in
your
front
end.
A
The
front
end
calls
the
the
the
appropriate
method
in
the
smart
contract
and
creates
a
proof,
and
then
we
send
this
proof
off
to
the
mean
of
blockchain.
So
all
of
the
code
runs
in
the
front
end
and
the
only
thing
that
lives
on
the
blockchain
is
this
verification
key,
which
is
used
to
verify
that
we
ran
the
code
correctly
in
the
front
end.
A
Okay.
So
now,
let's
talk
about
the
Mina
protocol.
What
is
Mina?
It's
a
layer,
one
blockchain
that
proves
its
entire
finalized
State
using
recursive,
zero
knowledge
proofs,
so
other
blockchains
increase
in
size
as
more
transactions
are
added.
A
blockchain
like
ethereum
needs
to
remember
every
single
transaction.
That's
ever
happened
in
order
to
be
able
to
verify
that
transactions
that
have
happened
recently
happened
correctly.
A
A
But
basically
Mina
does
not
have
to
remember
all
of
the
historical
state
and
the
reason
why
is
because,
instead
of
using
you
know
this
kind
of
a
bunch
of
signed
transactions
and
then
a
a
pre-agreed
way
to
you
know,
evaluate
these
transactions
and
then
a
bunch
of
Game
Theory,
because
we
do
them
all
in
the
open
and
remember
all
of
them.
Mina
uses
cryptography
directly
to
verify
these
transactions,
so
it
it
uses
your
knowledge
proofs
instead
of
Game
Theory.
A
So
is
this
just
cool
or
is
it
actually
useful?
The
answer
is
that
it's
both
and
for
quite
a
few
reasons.
The
first
is
privacy,
so
on
ethereum,
Smart
contracts
run
on
every
single
node,
and
so
all
the
information
is
inherently
public.
A
If
we
have
an
ethereum
blockchain
here
and
an
ethereum
smart
contract,
and
we
want
to
call
a
method,
we
call
the
method,
we
specify
the
arguments
that
we're
passing
in
and
then
we
send
basically,
this
call
and
and
the
methods
I'm,
sorry
and
the
arguments
that
we
want
to
to
pass
in
to
every
single
ethereum
node
and
every
single
ethereum
node
evaluates
these
in
public
all
at
the
same
time,
and
so
this
means
that
it's
very
hard
to
build
private
applications
on
ethereum.
A
A
So
Mina
smart
contracts
run
in
the
browser,
and
this
means
that
the
arguments
and
the
intermediary
values
are
private
by
default.
So
if
we
want
to
run
Amina
smart
contract
method,
we
call
the
method
and
we
pass
in
arguments
on
our
local
machine
and
what
we
get
out
is
the
relevant
updates
as
well
as
a
proof,
and
so
we
send
just
this
proof
and
the
updates
to
the
mean
of
blockchain
and
Mina
will
verify
the
proof
and
then
update
the
the
state
on
chain.
A
If
the
proof
is
valid,
and
so
this
proof
doesn't
disclose
any
information
about
the
computation
that
we've
done.
Okay,
so
we
have
privacy
and
we
also
have
scalability.
There's
no
gas
model,
zika
apps
run
off
chain,
and
so
the
amount
of
computation
doesn't
affect
the
transaction
cost.
If
we
do
a
lot
of
computation,
it
might
take
a
little
bit
longer,
for
our
browser
to
you
know,
run
the
method
and
generate
the
proof,
but
the
proof
that
we
get
out
will
be
the
same
size
and
the
same
computational
complexity
to
verify.
A
So
if
we
want
to
do
a
tiny
bit
of
trend,
a
tiny
bit
of
computation
that
works-
and
if
we
want
to
do
a
ton
of
computation
that
works,
we
just
might
have
to
wait
longer,
but
it'll
you
know
be
on
the
user's
machine.
Once
the
proof
goes
to
the
blockchain,
it
will
always
take
the
same
amount
of
time
to
verify,
no
matter
how
how
much
computation
you
do
in
it.
A
So
you
can
actually
do
an
unlimited
amount
of
computation,
in
a
mean,
a
transaction
and
in
fact
the
mean
of
blockchain
itself
is
kind
of
an
example
of
this
we're
doing
basically
an
unlimited
amount
of
computation
and
attesting
to
the
fact
that
it's
correct
using
this
single
proof
which
is
tied
up
in
this.
You
know
22
kilobytes,
that
we
talked
about
earlier
okay.
So
this
works
great.
A
If
you
have
transactions
that
do
a
lot
of
computation,
but
what,
if
you
want
to
build
applications
that
do
a
lot
of
transactions,
in
this
case,
it's
possible
for
developers
to
use
recursion
to
build
these
things,
we're
calling
application
specific
Roll-Ups,
and
these
are
basically
what
they
sound
like.
If
I
have
something
like
a
game,
let's
say:
I
have
a
two
player
game
and
I
want
to
play
this
game
in
kind.
Let's
say:
I
want
to
build
this
game
in,
like
the
most
naive
way.
Possible.
A
I
would
build
a
smart
contract
where,
when
I
want
to
make
a
move,
I
call
a
method,
and
when
you
want
to
make
a
move,
you
call
a
method
and
we
go
back
and
forth
like
this.
This
works
fine.
This
is
how
everything
works
on
every
other
blockchain
right
now,
but
the
problem
is
that
we
have
to
wait
for
a
block
to
be
mined
and
we
have
to
pay
a
transaction
fee
every
time
we
want
to
make
a
move
with
Mina.
A
This
can
work
much
differently,
because
the
the
smart
contract
execution
is
verified
using
cryptography.
Instead
of
Game
Theory,
we
can
have
the
whole
blockchain
validate.
You
know
some
computation,
but
in
many
cases
we
don't
have
to
in
the
case
of
something
like
a
two-player
game,
the
only
person
who
really
needs
to
check
that
I'm
playing
the
game
correctly
during
the
course
of
the
game
is
my
opponent
right
in
theory.
They
should
have
an
incentive
to
to
not
let
me
cheat.
If
they
do.
Let
me
cheat,
then
the
game
is
pointless.
A
So
what
I
can
do
is
I
can
actually
write
the
smart
contract
in
such
a
way
that
I
make
a
move.
I
create
a
proof
that
my
move
was
valid.
I
send
my
opponent,
the
proof
they
verify
the
proof
and
then
they
make
their
move
and
when
they
make
their
move,
their
computation
for
their
move
will
actually
also
verify
the
proof
of
my
move,
and
so
you
can
go
back
and
forth
this
way.
Exchanging
these
proofs
and
the
proofs
don't
grow
right.
I.
Send
you
a
proof
of
a
fixed
size.
A
You
make
your
move
and
send
me
back
a
proof
of
fixed
size
that
attest
to
your
move
and
my
move
and
then
I
make
another
move
and
now
I
have
a
proof.
That's
still
the
same
size,
but
it
has
to
three
moves
and
we
can
do
this
over
and
over
and
over
again,
until
eventually
we
reach
an
end
State
and
once
we
have,
you
know
a
complete
Game,
a
proof
for
a
complete
game.
Then
we
can
actually
send
this
into
the
Mino
blockchain
and
pass
this
proof
as
just
an
argument
to
a
Smart
contract
method.
A
And
so
we
can
pass
a
proof
that
says:
hey,
I
won,
let's
pay
out,
I,
don't
know
some
reward
to
me.
So
yeah
there's
a
lot
of
other
ways
that
you
can
kind
of
extend
this
model.
This
is
fairly
complicated
and
actually
this
is
just
the
very
beginning
of
a
sort
of
series
of
workshops
that
will
explain
how
to
build
and
then
Mina
application
from.
You
know
nothing
to
something.
That's
pretty
polished
and
you
know,
has
sort
of
touched,
all
the
bases
so
to
speak.
A
So
we'll
talk
much
more
about
this,
we'll
actually
have
a
session
of
this
Workshop,
so
the
the
subsequent
sessions
will
be
remote.
You
can
watch
them
online
and
we'll
have
a
a
follow-up
session
that
will
talk
about
how
you
can
build
an
application,
specific
role
up
for
the
wordal
game
that
we're
going
to
build
today.
Okay,
so
we
have
privacy
and
scalability.
Usually
these
come
at
this
cost
of
decentralization.
A
A
So
the
way
that
Mina
works
is
that
we
have
a
bunch
of
transactions
and
these
transactions
are
zero
knowledge
proofs,
and
then
we
have
our
consensus
mechanism,
and
this
is
something
that
we
can
also
prove
using
zero
knowledge
proofs,
and
so
what
we
do
is
we
take
a
bunch
of
transactions
that
are
zero
and
all
truths
and
we
verify
them,
and
we
also
verify
that
they
have
been
sort
of
processed
correctly,
that
states
and
stuff
have
been
updated
correctly,
and
so
we
have
all
this
computation
of
verifying
the
proofs
and
doing
the
things
that
the
proofs
tell
us
to
do,
and
we
can
verify
all
of
this
information
in
another
proof
and
then,
when
it
comes
time
for
us
to
do
more
stuff,
you
know
when
we
have
more
transactions.
A
We
can
take
this
last
proof
verify
it
verify
all
the
transactions
and
verify
that
we've
done
everything
correctly
and
create
a
new
proof.
And
then
we
can
forget
about
the
last
proof,
and
so
in
order
to
know
that
the
current
finalized
mean
estate
is
correct.
You
just
need
to
verify
this
single
proof.
A
What
that
means
is
that
you
can
verify
this
proof
kind
of
anywhere
it's
pretty
easy
to
do.
It
doesn't
require
a
lot
of
like
storage
or
networking
overhead,
and
the
end
result
of
this
is
that
there's
not
really
a
reason
to
rely
on
on
trusted
third-party
node
operators.
A
This
is
another
team
in
the
ecosystem,
they're
called
viable
systems
or
viable
Labs,
I
forget,
but
they're
working
on
something
called
openmina,
there's
actually
a
demo
of
this
that
exists
today
and
it's
linked
to
at
the
end
with
this
QR
code.
So
what
is
this?
This
is
a
full
meaning
node
that
runs
in
the
browser
you
can
go
to
this
website.
Send
a
transaction
today
without
connecting
to
you
know
any
kind
of
like
RPC.
Endpoint,
literally
everything
happens
in
the
browser.
We,
you
know
start
some
stuff.
A
We
get
it
already.
We
connect
to
some
other
nodes
and
then
we
catch
up
to
the
network,
and
this
all
happens
in
less
than
a
minute
and
then
we're
ready
to
send
transactions.
So
you
can
imagine
this
can
be
built
into
mobile
applications
that
can
be
built
into
browser
plugins,
and
it
can
be
built
even
directly
into
websites
themselves.
A
We
hope
that
this
will
result
in
a
network
that
is
substantially
more
decentralized
than
anything
that
really
exists
today.
It's
quite
a
different
way
of
doing
things.
Okay,
so
if
Mina
is
so
yeah
go
ahead.
A
Yes,
okay:
this
is
a
good
question
and
also
yeah
I'll,
just
say
ahead
with
anybody
that
has
questions
jump
in.
Usually
these
presentations
are
a
little
bit
sort
of
smoother,
but
this
one.
The
idea
is
that
yeah,
the
idea
is
kind
of
that,
it's
pretty
Hands-On
and,
and
anybody
else
you
know
we'll
kind
of
talk
about
whatever
people
are
curious
about.
So
we
talked
about
these
notes.
We
talked
about
22
kilobytes.
A
So
what
is
this
22
kilobyte
thing?
What
it
is
is
it's
the
proof
for
it's,
the
Mina
proof,
it's
the
state
route
of
Venus,
so
you
have
a
Merkle
tree
that
you
know
is
committing
to
all
the
data
and
we
have
a
root
of
this
Merkle
tree,
and
so
the
the
the
proof
basically
says
that
this
Merkle
root
is
correct.
A
The
Merkle
root
attests
to
all
the
information
Downstream
of
it,
and
then
what
we
also
include
in
this
22
kilobytes
is
a
path
down
to
a
single
user's
account
and
all
the
information
that's
stored
in
it,
and
so
what
that
means
is
that
with
22
kilobytes
we
can
store
everything
we
need
in
order
to
know
that
Mina
is
working
and
we
can
store
all
the
information
that's
relevant
to
ourselves.
So
what
that
means,
then,
is
that
if
I
want
to
go
talk
to
you
know
somebody
like
you
and
send
you
a
transaction.
A
Well,
you
have
all
the
information
for
yourself.
I
have
all
the
information
for
myself.
We
both
have
all
the
information
for
mina.
We
can
construct
a
transaction
to,
let's
say,
do
something
simple,
like
transfer
funds
between
each
other,
that's
what
the
22
kilobytes
is,
and
so
this
is
all
that's
needed
for
something
like
one
of
these
web
nodes
that
we
looked
at
earlier
right.
A
It's
only
concerned
with
one
account:
there's
another
kind
of
node
called
a
block
producer
node,
and
this
type
of
node
records
the
state
of
all
the
accounts,
but
it
doesn't
store
any
history
and
so
the
reason
that
it
doesn't
store
any
history
is
because
it
doesn't
have
to
it.
It
knows
that
all
of
these
states
are
correct.
A
Based
on
you
know
the
the
zero
knowledge
proof
it
doesn't
need
to
be
able
to
sort
of,
like
sum
up
all
the
historical
transactions,
in
order
to
know
that
the
state
that
we're
at
today
is
the
correct
State,
because
these
block
producer
nodes
are
named
accordingly
they're
able
to
produce
blocks
because
they
know
everybody's
state.
A
These
nodes
grow
based
on
the
number
of
accounts.
They
don't
grow
over
time,
and
so
what
that
means
is
that
there's
kind
of
like
a
you
know,
there's
a
place.
We're
at
plateaus,
there's
a
point
in
time
where
people
don't
need
more
accounts,
there's
a
limited
number
of
people,
even
if
they're
interacting
constantly,
we
can
forget
about
the
history
of
their
interactions,
and
so
these
block
producer
nodes
are
still
very
small.
There
are
a
couple
of
gigabytes.
A
The
final
kind
of
node
that
we
have
is
called
an
archive
node,
and
this
does
what
it
sounds
like
it
stores
every
single
account
and
the
history
for
every
single
account.
These
are
useful
for
things
like
block
explorers.
A
You
know
people
who
want
to
do
like
analytics
that
kind
of
thing,
and
so
these
block
producer
nodes,
store
everything
and
expose
it
all
through
a
graphql.
So
hopefully
that
answers
the
question.
We
have
kind
of
three
kinds
of
nodes.
One
node
has
everything
you
need
for
a
single
account.
Another
kind
of
node
has
everything
you
need
for
every
account
and
a
third
kind
of
node
has
everything
you
need,
plus
all
the
history
of
everything
that's
happened.
A
True
I
will
continue
to
jump
forward,
then
Okay.
So
if
Mina
is
so
easy
to
verify
that
we
can
do
it
in
a
browser,
can
we
do
it
in
other
places?
Could
we
do
it
in
like
a
spark
contract,
for
example,
I'll
get
to
you
in
just
a
second,
because
I
mean
it's
so
easy
to
verify.
A
It's
actually
possible
to
write
smart
contracts
on
other
blockchains
that
can
verify
the
Mina
State
proof
and,
as
a
result,
Bridge
the
entire
mean
estate
over
to
you
know
their
ecosystem,
so
yeah
smart
contracts
on
other
chains
can
Bridge
the
whole
mean
estate
just
by
verifying
the
most
recent
proof
we
have
another
found.
We
have
another
organization,
the
ecosystem,
that's
working
on
this
they're
called
the
Nail
foundation
and
they're
building
in
evm,
Mina,
State
verification
and
also
a
bridge
to
evm
chains.
So
there's
also
a
demo
of
this
live.
A
A
lot
of
this
stuff
is
very
close
to
to
finished,
and
so
what
we
can
do
is
we
can
take
the
you
know:
information
from
Mina.
This
is
going
to
be
the
state
route,
the
the
the
proof
Etc,
and
we
can
build
an
auxiliary
proof,
which
is
just
a
proof,
that's
more
efficient
to
verify
on
on
ethereum.
A
This
takes
maybe
a
minute
on
a
MacBook
Pro,
and
so
we
get
our
auxiliary
proof
and
then
we
can
pass
this
auxiliary
proof
as
an
argument
into
a
smart
contract
on
another
blockchain,
in
this
case
we're
using
polygon
Mumbai.
But
you
could
do
just
as
easily
on
ethereum,
and
so
we
send
this
transaction
and
the
transaction
gets
mined.
A
You
can
see,
it
costs
nine
cents
on
polygon
and
the
end
result
of
this,
then,
is
that
the
whole
entire
mean
estate
or
a
commitment
to
the
entire
mean
estate
is
bridged
over
to
this
blockchain.
So
now
people
who
have
Smart
contracts
running
on
polygon
can
you
know
if
they
want
to
access
some
value
from
Amina
smart
contract.
They
can.
A
Basically,
you
know,
pass
in
the
Merkel
proof
down
to
this
chunk
of
information
that
they
want
from
the
Mina
smart
contract,
and
then
you
know
verify
that
this
is
valid
according
to
the
state
route
that
we
have
in
our
in
our
Bridge
contract
and
we
can
interact
with
this
information
on
Mina.
A
This
is
yeah
a
much
different
way
of
bridging
because
it
doesn't
require
any
sort
of
like
locked.
You
know
capital
or
anything,
it's
instantaneous
as
soon
as
we
pass
the
proof
in
and
the
Contra
the
transaction
is
mined.
You
know
all
the
information
is
bridged
over
and
also
anybody
can
do
it.
So
you
can
have
sort
of
a
situation
where
you
know
if
I
have
some
sort
of
Arbitrage
or
something
I
want
to
do
and
I
want.
I
have
an
incentive
to
update
the
information
to
the
most
recent
values.
A
I
can
just
call
this
method
straight
before
I
I
do
my
Arbitrage
or
something.
A
So
there's
the
answer
is
that
this
will
also
include
the
time
stamp,
so
the
the
munismart
contract
will
I'm
sorry.
The
smart
contract
on
ethereum
will
also
have
the
timestamp
for
the
I'm.
Sorry
it'll
have
the
block
height
for
the
amino
blockchain
and
no
I'm,
sorry
I
meant
to
say
block
height.
A
Well,
no,
so,
though,
the
block
height
would
have
to
be
higher
than
the
last
than
the
the
last
block
height
that
I
verified.
Okay,
sorry
and
I'll
also
get
going
a
little
bit
quicker,
just
because
I've
realized
we're
behind
a
little
bit.
But
somebody
back
here
had
a
question
I'll
answer
very
quickly
and
I'm
also
going
to
take
a
drink.
B
A
Yes,
the
state
lives
on
the
amino
block
producer
nodes,
but
it's
also
not
coupled
to
this
is
something
we
should
talk
about.
I'll
talk
more
about
this.
At
the
end,
the
the
state
is
not
sort
of
inherently
attached
to
the
computation
in
the
way
that
something
like
ethereum
requires
that
it
be
so.
A
The
amino
nodes
can
store
state,
but
you
can
also
put
State
somewhere
else
like,
for
example,
if
you
wanted
to
have
a
lot
of
your
state
stored
like
on
the
users
like
machine
locally,
you
can
do
that
too,
and
you
can
just
have
your
smart
contract
store
like
a
Merkle
root.
That's
committing
to
all
this
state.
B
A
Well,
so
it.
A
Published
them
you,
you
can
do
this,
but
not
there
is
State,
that's
stored
directly
on
Mina,
so
you
could
do
something
like
this.
You
could
have
a
state.
That's
stored
directly
on
Mina,
be
used
to
store
a
Merkle
root
for
a
bunch
of
private
state
that
you
could
store
yourself
and
then
the
miracle
root
will
not
reveal
any
of
this
private
information.
A
And
then
you
can
do
what
you
want
to
with
this
private
information
and
prove
that
you're
altering
it.
You
know
that
you're
augmenting
the
information
in
ways
that
are
allowed
According
to
some
set
of
rules
that
you
define
in
your
smart
contract
and
then,
as
you
make
these
changes,
the
Mercury
will
update
and
to
update
the
Merkle
root
on
chain,
but
the
Mercury
won't
reveal
any
of
the
information
that
you're
storing
locally.
Does
that
make
sense.
B
A
Is
true
in
like
this
is
true,
if
you
don't
build
anything
in
addition
to
what
we've
built,
but
because
it's
so
easy
to
use
your
knowledge
proofs
with
snarky
jazz
on
Mina,
it's
very
easy
to
build
mechanisms
that
would
allow
you
to
do
something
like
shielded
me
in
a
transfers,
yeah,
and
so
that's.
We
can
talk
more
about
this.
A
Basically,
all
of
the
state
is
public
by
default,
but
it's
very
easy
to
use
this
state
to
commit
to
private
state
yeah,
and
so
the
state
has
to
be
public
right
because
it
it's
otherwise.
You
can't
come
to
consensus
on
it.
The
key
is
that
the
computation
can
be
private,
and
so
this
opens
the
door
to
yeah
all
sorts
of
stuff,
but
I'll
jump
back
to
this
at
the
end.
For
now
we'll
kind
of
keep
going
forward
so.
A
Because
snarky
Jazz,
smart
contract
methods
can
accept
and
validate
assigned
data,
and
because
this
happens
on
your
local
machine,
it's
possible
to
ingest
verified
data
privately.
So
this
means
that,
like,
if
I
have
some
service
that
will
provide
me
with
a
signed
credit
score
or
something
I
can
grab
this
from
that
service
and
I
can
pass
it
directly
into
my
smart
contract.
A
This
also
means
that
it's
possible
to
ingest
a
lot
of
it.
You
can
ingest
Rich
data
using
Starkey
JS,
so
as
opposed
to
having
like
an
oracle
that
stores
like
the
price
of
a
token
or
something
you
can
dump
a
whole
a
whole
like
Json
response
into
a
snarky.js
smart
contract.
A
In
fact,
we
have
I
guess
a
friend
who's
working
in
the
ecosystem,
who's
built
a
a
a
Json
parsing
Library
okay,
so
we
can
ingest
data
privately
and
we
can
also
ingest
a
lot
of
it
and
in
the
future,
ZK
oracles
will
allow
users
to
verify
data
from
any
HTTP
s
website
or
API.
So
right
now
you
have
to
have
you
know
somebody
sign
this
data.
This
can
be
the
person
who's,
providing
you
the
data.
A
It
can
be
some
sort
of
trusted
middle
party,
but
in
the
future,
it'll
be
possible
to
basically
grab
any
data
from
any
website
or
API.
That's
returning
the
data
through
an
https
connection
and
verify
that
this
came
from
the
the
domain
that
you
know
claims
to
have
sent
it,
and
then
we
can
pass
that
information
into
a
into
a
smart
contract.
A
A
Well,
we
actually
don't
know
everything,
that's
possible
yet,
and
so
that's
why
we're
hoping
that
people
like
everyone
here,
you
know,
build
cool
things,
talk
to
us
and
yeah,
we've,
we're
kind
of
building
the
foundation
and
hopefully
opening
a
lot
of
doors
and
we're
we're
excited
to
see
what
people
end
up
doing
with
it.
Okay,
so
now
we
have
our
hello
world
part
of
the
presentation,
we'll
talk
about
a
smart
contract
and
build
it
together.
A
So
if
you
haven't
yet
install
node.js
and
npm
npm
install
Dash
G,
the
z
cap,
CLI
and
and
clone
the
GitHub
repository
for
people
who
don't
know
Wordle
is
a
game
where
there
is
a
secret
word
and
we
tried
to
guess
what
the
word
is
and
when
we
make
a
guess,
we
get
gray
tiles.
If
we've
guessed
a
letter,
that's
completely
incorrect.
A
As
in
it's
not
the
correct
letter
and
it's
not
in
the
correct
place,
we
get
a
yellow
tile
if
we've
guessed
a
letter
that
is
in
our
word,
but
is
not
in
the
correct
place
and
we
get
a
green
tile
if
we've
guessed
a
correct
letter
in
a
correct
place,
and
so
we
have
a
limited
number
of
turns
to
try
to
guess
what
the
word
is
by
sending
a
word
getting
some
hints
in
a
response
and
then
guessing
another
word
and
so
on
and
so
on.
And
so
here
we
guess
Bears.
A
First,
we
can
see
that
R
is
a
correct
letter,
but
it's
in
the
wrong
place.
Then
we
guess
group
we
can
see
that
now.
R
is
in
the
correct.
Place
o
is
in
the
correct
Place.
O
is
in
the
correct
place
and
F
is
in
the
correct
place,
but
G
is
not
in
the
in
the
word
and
then
eventually,
we
guess
proof,
and-
and
that's
the
the
right
word,
so
we
get
all
green
tiles
and
we've
won
the
game.
A
So
there's
a
few
things
to
keep
in
mind
for
this.
The
first
is
that
this
is
generally
played
as
a
one-person
game,
but
in
this
case
we're
going
to
build
a
smart
contract
for
two
players
and
one
player
will
be
the
the
sort
of
the
word
guesser.
A
The
standard
player
and
the
other
player
will
be
a
hint
generator
and
the
reason
why
it
makes
sense
to
have
two
separate
players
for
something
like
this
is
because
the
if
you
were
to
build
this
as
a
one
player
game,
your
machine
would
have
the
secret
word
in
it.
Basically,
and
so
you
can,
you
can
find
out
what
the
word
is
right
like.
A
In
other
words,
your
browser
would
contain
the
word
that
you
need
to
to
guess,
so
it
makes
sense
to
vote
it
as
a
two-player
game,
and
then,
if
you
want
to
play
it
as
a
one
player
game,
you
would
have
a
third
party.
It
could
be
a
service
that
would
play
the
game
against
you.
So
for
this
we're
just
going
to
build
the
smart
contract,
the
rest
of
the
app
will
be
coming
soon
and
we'll
have
like
I
said
another
another
workshop
on
that
later.
A
A
This
is
defined
at
the
top
above
our
smart
contract,
and
this
is
a
struct,
so
we're
creating
something
called
word
by
extending
struct.
This
thing
called
word
stores,
encoded
word,
which
is
an
array
of
five
field
elements,
and
so
we've
defined
a
way
to
store
one
of
these
Wordle
words
I'm
using
field
elements.
A
Now,
what
we
also
have
is
a
static
method
from
string
which
we
can
pass
a
JavaScript
string
into
and
when
we
do
that,
we'll
convert
that
string
to
be
all
lowercase,
we
will
increment
through
each
value
in
the
string
we'll
use
this
regular
expression
to
test.
If
it's
a
letter-
and
if
it
is
a
letter,
then
we
will
push
this
onto
our
encoded
word
array
as
a
field,
so
we'll
take
the
character
code
for
the
word
minus
96.
This
just
gets
us.
A
You
know
values
between
1
and
26
for
the
letters
of
the
alphabet.
We
pass
this
into
field
in
order
to
create
a
field
of
this
of
this
value,
so
we're
passing
a
JavaScript
number
into
the
field
and
we're
getting
a
field
of
the
same
value
and
then
we're
pushing
this
onto
that
encoded.
Word
array:
if
the
letter
is
not
lowercase
or
if
it's
not
a
letter,
if
it's
like
an
ampersand
or
something,
then
we
just
push
a
one
value,
which
is
an
a
character
then.
A
Finally,
we
return
a
word
that
includes
our
encoded
word
that
we
just
created.
So
what
that
means
is
that
we
can
call.
You
know
word
Dot
from
string
pass
in
a
string
and
we
get
back
a
word
that
represents
it.
We
also
have
this
other
method
here.
Hash
and
hash
will
return
the
hash
of
this
encoded
string.
So
you
have
this
Poseidon
function,
I'm.
Sorry.
We
have
this
Poseidon
object
and
oops
I'm.
Sorry
about
that.
A
Okay,
so
we
have
this
hash
function
and
we're
going
to
pass
in
our
encoded
word.
The
hash
function
accepts
an
array
of
fields
and
out
we
get
a
hash
which
is
a
single
field
element.
So
we've
made
a
struct
that's
going
to
make
it
easy
to
work
with
words
in
our
smart
contract.
It
takes
JavaScript
words
and
represents
them
as
field
elements.
A
A
We'll
talk
about
the
structure
of
our
smart
contract,
so
we
have
this
thing:
smart
contracts
and
we
extend
it
into
Wordle.
So
we've
now
created
a
smart
contract
called
Wordle
and
the
first
thing
that
you'll
notice
is
these
three
State
decorators
at
the
top.
These
are
used
to
tell
Mina
that
these
are
variables
that
we
want
to
store
in
the
state
of
the
amino
blockchain.
A
We
want
Mina
to
basically
store
these
in
the
blockchain
and
then
check
that
when
we're
updating
it
that
we're
that
we're
updating
them
in
in
a
valid
way,
and
so
we
have
one
called
solution
hash.
This
is
a
field
element.
A
We
have
one
and
yeah
field
elements,
I
think
I
mentioned
this
earlier,
but
they're,
basically
for
when
you're
kind
of
just
getting
started,
they're
really
the
same
thing
as
as
unsigned
integers.
There's
a
couple
interesting
properties
that
they
have
but
they're
very
similar
to
numbers.
You're
used
to
one
of
the
properties
that
they
have.
Is
that
you
can't
really
that
you
can't
really
like
call
like
a
a
mod
method
on
a
field
element.
It
doesn't
make
sense,
there's
not
like
a
way
to
do
modular.
A
There
kind
of
are
inherently
doing
this
already.
So
in
this
case
we
have
a
turn
number
and
we
want
to
be
able
to
check
whose
turn
it
is
by
you
know,
turn
number
mod
one,
and
so
we
use
this
unsigned
integer
of
32
bits,
and
this
is
again
under
the
hood
comprised
of
a
field
element,
but
it
has
some
extra
logic
that
allows
you
to
work
with
it.
Just
like
you
know,
you
work
with
the
unsigned
integers
you're
used
to.
Finally,
we
have
this
word
object.
A
What
we
do
sorry
we
have
this
word
type
that
we
defined
earlier
using
the
struct,
and
so
this
will
represent
the
last
guest
that
we
we
made,
and
it
will
also
store
the
hints
that
the
user
creates
I'm,
sorry
that
the
hint
generator
creates.
Then
we
have
an
init
method.
This
is
a
method
that
will
run
before
users
interact
with
the
smart
contract
and
we'll
talk
about
that
in
a
second,
we
have
a
published
guest
method
which
will
take
in
a
word
as
an
argument.
A
So
this
does
what
it
sounds
like.
We
call
it
when
we
want
to
publish
a
guess,
and
then
we
have
a
publish
hint
method,
and
this
also
will
take
in
a
word,
but
this
word
won't
actually
be
the
guess.
It'll
be
the
secret
word
and
it's
okay
to
pass
in
a
secret
word
as
an
argument
to
to
this
method,
because
you
know
it
won't
ever
actually
leave
your
machine.
A
Finally,
we
have
yeah
I'll
kind
of
talk
briefly
about
what
these
decorators
are.
This
method
decorator,
basically
tells
snarky
GS
that
this
is
a
method
that
users
are
going
to
call.
The
state
decorator
basically
tells
snarky
Jess
that
this
is
a
state
that
should
be
stored
on
the
blockchain.
A
So
these
these
decorators
are
a
part
of
typescript.
They
I
think
that
it
used
to
be
called
at
script.
I
think
that
this
used
to
be
in
two
separate
projects,
but
these
are
just
like
python.
Decorators.
I
can
talk
more
about
them
with
you,
after,
if
you
want,
but
what
they
basically
do.
Is
this
says
this
tells
JavaScript
hey,
take
this
pass
it
into
a
function,
and
then,
whatever
comes
out
of
that
function,
put
in
place
of
of
this
chunk
of
code,
okay,.
A
Yeah
I
think
that's
a
good
way
to
characterize
it,
yeah
Okay,
so
we've
got
this
init
method.
I
said
earlier
that
this
is
something
that
we'll
call
before
users
interact
with
the
smart
contract.
A
We
have
super
in
it.
Don't
worry
about
that.
That
does
what
you'd
expect
and
then
we
have
some
initialization.
We
want
to
set
all
of
the
variables
you
know
all
of
the
state
variables
that
we
defined
earlier
to
initial
values,
and
so
this
init
method
should
be
called
before
any
user
interacts
with
the
smart
contract,
in
other
words,
immediately
after
deploying
the
smart
contract,
we
should
call
the
init
method,
and
so
when
we
call
the
init
method,
we
will
take
this
solution.
A
Hash
and
we'll
call
this
set
method
on
it
and
what
we'll
do
is
we'll
set
it
to
a
word
from
string,
a
hello
and
then
the
hash
of
that,
and
so
we
take
our
word
hello.
We
generate
a
word
from
it.
We
get
the
hash
of
that
using
this
hash
method
that
we
defined,
and
then
we
pass
that
into
set
for
this
solution
hash
and
what
that
does.
Is
it
sets
the
solution
hash
on
the
medal
blockchain
equal
to
this
value?
A
Next
thing
we
want
to
do
is
set
the
turn
number
to
zero,
so
we'll
create
a
new
unsigned
integer
of
32
bits,
we'll
set
it
equal
to
a
field
which
is
equal
to
a
JavaScript
number.
That's
zero!
So
get
you
know.
Basically,
JavaScript
zero
turns
into
field
zero
field.
Zero
turned
in
turns
into
unsigned
integer
zero,
and
then
we
set
this
to
turn
number
and
then
finally,
we'll
set
the
initial
guess
and
so
we'll
just
make
it
AAA
and
it
won't
be
possible
to
generate
a
hint
until
the
guesser
updates
this.
A
So
it
doesn't
really
matter
what
this
is
we're
just
initializing
it
I
guess,
because
it's
it's,
you
know
good
practice.
So
we
do
the
same
thing.
We
get
a
word
from
string
and
set
it
equal
to
last
guess
so
again.
This
method
should
really
only
run
once
right
after
the
smart
contract
is
deployed,
and
then
nobody
will
run
it
again.
A
Next
we
have
published
guests,
and
so
we'll
talk
about
what
this
is
going
to
do
like.
How
do
we
do
this?
A
The
first
thing
that
we
want
to
do
is
grab
the
term
number
from
the
mean
and
network
so
because
our
smart
contract
runs
locally,
we
need
to
you
know,
grab
the
the
number
from
the
network
before
we
can
do
things
with
it.
The
next
thing
that
we're
going
to
do
is
we're
going
to
check
that
it's
the
guesser's
turn,
and
so
we
can
use
the
turn
number
to
check
if
it's
our
turn.
A
After
that,
we
will
increment
the
turn
number
then
we'll
check
that
all
of
the
values
that
we
passed
in
in
our
Guess
Word
are
between
1
and
26,
in
other
words,
that
their
valid
letter
configurations.
That
way,
we
can't
guess
a
word
that
the
hint
generator
can't
generate
a
valid
hint
for,
and
then
finally,
we'll
set
this
last
Gap.
This
last
guess
state
to
our
new
guest.
A
A
variable
turn
number
and
we'll
set
it
equal
to
you
know,
turn
number
get.
This
get
method
will
yeah
contact
the
meter,
Network
grab
the
value
for
turn
number
and
then
we'll
we'll
dump
it
into
this
local
variable.
A
The
next
thing
that
we'll
do
is
we
will
assert
that
this
turn
number.
That
means
the
the
turn
number
variable
in
the
network
is
equal
to
turn
number
in
our
local
runtime,
and
so
this
line
is
kind
of
interesting.
It
is
necessary
because
the
smart
contract
runs,
you
know
outside
of
the
context
of
the
blockchain.
So
what
that
means
is
that
let's
say
that
we
were
to
do
something
like
grab
a
turn
number.
A
You
know
run
this
method
grab
a
turn
number
at
one
point
in
time
and
then
wait
like
a
day
and
by
that
time
the
turn
number
had
changed.
Somebody
else
had
changed
it.
Well,
then,
our
proof
is
valid,
but
it's
not
valid
for
the
current
time
anymore.
Does
that
make
sense
like
it's
valid,
assuming
a
precondition
that
is
no
longer
true,
and
so
with
this
assert
equals
does?
Is
it
checks
that
this
condition
is
true
at
the
time
that
the
the
proof
is
accepted?
A
So
in
other
words,
this
Top
Line
grabs
the
number
and
does
stuff?
You
know
it
grabs
the
number
at
a
runtime
and
then
this
bottom
line
checks
that
the
number
that
we
used
at
runtime
is
the
same
as
the
number
on
the
network
when
it
comes
time
to
verify
the
proof.
A
Okay,
so
then,
what
we'll
do
is
we'll
check
that
it's
the
Caster's
turn
so
we'll
take
turn
number.
This
is
our
unsigned
integer.
We
have
this
mod
method,
for
it
we'll
call
mod
2,
so
we'll
get
you
know,
I
think
zero.
If
the
turn
is
even
and
one
if
the
turn
is
odd,
I
might
have
got
that
backwards,
but
then
we'll
again,
we'll
call
this
assert
equals
method
and
we'll
pass
in
an
unsigned
integer,
that's
of
value
zero,
and
so
this
is
our
equals
method.
A
Basically,
what
it's
doing
is
it's.
It's
saying
that
unless
this
condition
holds
true,
unless
turn
number
mod
2
is
equal
to
zero,
it
should
be
impossible
to
generate
a
zero
knowledge
proof,
and
so
in
this
way,
if
we
try
to
run
this
method
on
the
the
wrong
person's
turn,
what
we'll
get
is,
even
if
we
can
run
the
method
locally,
we
will
not
be
able
to
generate
a
valid
proof
for
it.
A
The
final
thing
that
we'll
do
is
we'll
increment.
The
turn
number
we'll
call
this
set
method
does
the
same
thing
as
it
did
earlier
and
we'll
pass
in
turn
number.
But
we'll
add
to
this
turn
number
an
unsigned
integer
of
value
one,
and
so
the
turn
number
will
be
incremented,
and
then
we
will
check
that
all
the
values
are
between
1
and
26.
So
we
just
have
this
for
Loop
we're
going
to
grab.
You
know
guess
so.
A
This
is
our
our
word
that
we
passed
in
we're
going
to
grab
values
from
this
encoded
word
and
then
we're
going
to
call
the
assert
method
on
them.
So
these
values
will
be
fields
and
the
field
type
has
this
assert
greater
than
equal
to
less
than
greater
than
or
equal
to
Etc
methods
attached
to
it,
and
so
we
can
assert
that
it's
greater
than
or
equal
to
one
and
less
than
or
equal
to
26.
A
and
we'll
do
this
for
each
index
in
the
array
and
the
result,
then,
is
that
we
know
again
if
we
find
some
way
to
pass
in
a
value.
That's
not
really
a
letter,
a
value
that
doesn't
make
sense.
It
just
won't
be
possible
to
make
a
proof,
and
so
we
won't
be
able
to
update
the
state.
A
The
next
thing
that
we'll
do
is
we'll
set
last
guest
to
the
new
guess,
so
this
is
pretty
simple:
we've
got
our
guests.
We've
checked
that
it's
our
turn
and
now
we
can
set
the
guess
on
chain,
so
we'll
take
our
last
guess
and
we'll
set
it
equal
to
the
new
guess
that
we
passed
in.
So
that's
one
half
of
the
interaction.
This
is
what
the
the
guesser
does
now.
The
other
half
is
what
the
hint
generator
does,
and
this
is
a
little
bit
more
complicated,
but
it's
basically
the
same
idea.
A
A
The
top
part
of
this
is
very
similar
to
what
we've
done
before
we're
going
to
grab
the
turn
number
from
the
meaner
network.
Same
thing
as
before
turn
number
get
set
it
equal
to
a
variable
called
Turn
number
assert
that
the
turn
number
that
we
use
at
runtime
is
equal
to
the
term
number
at
the
time
that
we
validate
the
proof
and
then
we're
going
to
add
one
and
mod
to
check
if
it's
the
hint
generator's
turn
so
we'll
take
the
turn.
A
Number
We'll
add
one
we'll
you
know
mod
two
and
it
should
equal
zero
right,
the
idea
being
that
this
is
the
opposite
of
what
we
checked
earlier
by
adding
one.
We
are
checking
that
it's
we're
we're
checking.
A
You
know
this
will
be
true
only
in
cases
where
the
the
this
similar
chunk
of
code
for
the
other
method
would
be
false,
so
yeah
this
is,
is
doing
the
opposite
of
what
our
turn
number
check
did
for
the
published
guess
method,
so
that
we
will
only
be
able
to
run
this
method
if
the
the
guesser
has
just
guessed,
but
the
hint
generator
hasn't
generated
a
hint.
A
Yet
the
final
thing
that
we'll
do
is
we'll
increment
the
turn
number
again
same
thing
as
before
we
take
the
turn
number,
we
add
one
to
it
and
then
we
set
it
on
chain.
A
Okay.
So
what
do
we
do?
Then?
We
have
to
check
that
the
solution
that
we
provided.
You
know
that
we
passed
in
as
an
argument
is
correct
right
this
we
want
to
keep
it
private,
so
you
don't
want
to
store
the
solution
on
chain,
but
we
still
want
to
be
able
to
check
that
we're
not
changing
what
the
solution
is.
Every
time
that
we,
you
know,
generate
a
hint
right,
because
you
could
make
the
game
unwinnable
that
way.
A
When
we
validate
the
proof
and
then
what
we
do,
is
we
check
that
the
solution
hash
is
equal
to
the
results
of
calling
the
hash
method
on
our
solution
that
we
passed
in
and
so
now
we
know
that
from
turn
to
turn
we're
not
changing
the
solution,
in
other
words,
we're
always
passing
in
the
same
solution
value
because
we
can
check
it
by
hashing
it
and
then
comparing
it
to
the
to
the
hash
that
we've
stored
on
chain.
A
So
all
of
this
is
is
checks.
We're
checking
that
it's
our
turn.
We're
checking
that
the
solution
that
we
provided
is
valid,
and
now
we
can
actually
grab
the
last.
The
last
guess
the
Guess
that
the
the
last
player
submitted
again.
This
should
look
pretty
familiar.
This
is
basically
the
same
thing
again
and
we
can
actually
go
through
the
process
of
generating
the
hit.
Now
you
know
this
is
the
most
complicated,
interesting
part,
and
so
first
we
want
to
check.
A
A
What
we
can
do
is
we
can
have
this
for
Loop,
that
that
runs
through
every
index
in
the
array
and
we're
going
to
check
if
the
letters
at
this
index
match.
So
we
have
is
correct
position.
This
value
will
be
a
Boolean,
a
Starkey,
Jazz
Boolean,
and
it
will
be
true
if
the
value
in
last
guess
at
index,
I
is
equal
to
the
value
at
solution
in
index
I,
and
so
this
equals
method
is
different
than
the
assert
equals
method.
A
The
assert
equals
method
just
makes
it
impossible
to
make
a
proof
unless
it's
true
the
equals
method
returns
one
or
a
zero.
It
returns
a
Boolean.
So
if
the
guess
and
the
solution
have
the
same
letter
in
the
same
place,
then
this
will
be
set
true.
Otherwise
it
will
be
set
false,
and
so,
if
the
letters
match,
then
what
we're
going
to
do
is
we
are
going
to
add
200
to
the
letter.
A
This
way
we
still
keep
basically
a
representation
of
what
the
letter
is
right,
because
it's
a
value
between
1
and
26,
but
we
get
a
2
in
front
of
it.
If,
if
it's
a
correct,
if
it's
a,
if
it
should
be
marked
with
a
green
hint,
the
idea
being
like
if
we
have
Z
and
Z
is
correct,
then
we'll
take
this
26
and
we'll
increment
it
to
226..
And
so
then
the
you
know
the
the
the
the
Gasser
can
look
at
this
and
say
hey.
A
This
is
a
z
and
it
it
is
a
correct
letter.
In
the
correct
place,
we
got
a
two.
A
So
what
we
do
there
is,
we
use
the
circuit,
F
method
and
we
pass
in
is
correct
position,
so
this
is
true
or
false.
If
it's
true,
then
we
add
200
to
this
value
in
the
in
the
in
the
last
guess
and
if
it's
false,
then
we
just
set
the
last
guess
equal
to
what
it
was
before.
In
other
words,
we
do
nothing.
A
B
A
A
So
this
time
we
have
a
nested
for
Loop
we're
going
to
iterate
through
every
value,
in
one
word,
the
guess
and
every
value
in
the
solution,
and
so
what
we'll
do
is
we'll
check
if
the
letters
that
these
indexes
match,
if
they
do
match
we'll
you
know,
set,
does
letter
match
equal
to
true
and
then,
if
the
letters
match
we'll
also
add
100
instead
of
200
this
time
to
the
value.
So
this
is
the
same
thing
again.
We
have
our
our
last
guess.
If
the
letter
matches
we
add
100
to
it.
A
If
the
letter
doesn't
match,
we
set
it
equal
to
itself,
but
in
order
to
not
count
the
values
twice,
what
we
have
to
do
is
set
the
values
in
the
solution
to
zero.
The
reason
being
that
this
way,
we
only
count
the
correct
number
of
letters
in
the
wrong
position.
A
Once
does
that
make
sense,
otherwise
you'd
iterate
through
and
count
them
multiple
times,
so
we
want
to
sort
of
like
check
off
that
we've
already
counted
that
these
letters
match
after
we've
done
so
and
so
this
time
what
we
do
is
we
have
the
same
thing
but
for
solution,
and
we
use
this
circuit.if.
If
the
letter
matches
we
set
this
solution
value
equal
to
zero.
Otherwise
we
set
it
equal
to
itself,
and
so
the
idea,
then,
is
that
if
we
count
the
letter,
then
we
set
the
solution
value
equal
to
zero.
A
So
then
we
can't
count
that
letter
again,
because
you
know
zero
represents
nothing.
It
doesn't
represent
any
letters
in
in
this
case,
and
so
nothing
in
the
guess
will
match
it.
We
check
to
make
sure
that
the
guest
doesn't
have
any
zeros
in
it.
So
once
that's
done
what
we
get
is
we
get
this
last
guess
and
now
it
has
values
that
either
equal
the
same
thing
that
we
passed
in
you
know
so,
like
one
would
equal
one
five
would
equal
five
or
it
has
values
where
five
is
turned
into
say.
A
105.
or
you
know,
12
is
turned
into
112,
meaning
that
this
letter
is
a
correct
letter,
but
it's
in
the
wrong
place
or
if,
if
we
have
a
correct
letter
in
the
correct
place,
then
we've
added
200
to
it,
and
so
we
get
you
know
10
would
turn
into
110.
If,
if
we
guessed
that
you
know
if,
if
that
letter
was
a
correct
guess
in
the
correct
place,
okay,
so
the
final
thing
that
we
do
is
we
take
our
last
guess
and
we
set
it
equal
to
I'm.
A
Sorry,
we
take
last
guess
on
chain
and
we
set
it
equal
to
the
last
guess
that
we
just
generated,
and
so
what
this
does
is
it
updates
all
of
the
hints
on
chain
so
that
then
the
user,
the
guesser,
can
go
and
look
at
the
hints
and
check
whether
you
know
they
got
any
correct.
A
You
know
whether
they
got
any
green
or
yellow
hints,
and
then
they
can
use
this
to
generate
a
more
informed
next
guess,
and
so
this
exchange
goes
back
and
forth
until
either
a
turn
number
is
hit,
which
we
didn't
Implement
here,
just
for
the
sake
of
Simplicity
or
until
the
user
generates
until
the
user
guesses,
the
correct
word.
Okay.
So
now
we
can
test
it.
A
What
you
can
do
is
you
can
save
your
file
and
you
can
run
npm
run
test
and
when
you
do,
you
should
see
something
that
looks
like
this.
You
can
see
on
turn
number
one.
We
are
going
to
guess
the
word
exile.
A
This
means
that
we're
going
to
set
guess
equal
to
5
24,
9,
12
5
that
represents
Exile.
You
can
see
e
is
the
fifth
letter
in
the
alphabet,
and
this
last
guess
starts
with
five
and
ends
with
five
and
then
we
increment
to
turn
number
two
and
we'll
guess
you
know.
Exile
is
still
the
word
that
we
guessed,
but
this
time
we've
taken
five
and
we've
incremented
it
to
105,
because
e
is
a
correct
letter,
but
it's
in
the
incorrect
place.
A
A
So,
even
though
there
isn't
e
there's
only
one
e,
so
this
stays
five
while
the
first
one
increments
to
105..
So
now,
let's
guess
hello.
This
is
the
correct
word.
So
we'll
take
this
value,
use
it
to
determine
what
we
should.
You
know.
Guess
next
we
can
see,
hey
Hello's
got
an
e
in
it.
It's
got
an
L
in
the
right
place.
Let's
try
hello
out
so
encode
hello
as
eight
five,
twelve
twelve
fifteen
and
then
when
it
comes
time
for
the
hint
generator
to
look
at
it.
A
Every
single
letter
is
in
the
correct
place.
So
we
get
you
know:
208,
205,
212,
212
and
215,
meaning
that
we've
guessed
the
word
correctly.
Okay,
that's
that
congratulations!
You've
built
just
built
your
first
CK
app.
If
this
seems
you
know,
maybe
not
so
satisfying.
That
is
why
we
have.
A
We
will
have
more,
you
know,
remote
presentations
in
like
live
stream
form
that
will
explain
how
to
build
the
front
end
for
this,
how
to
build
a
recursive
roll-up
that
that
that
proves
the
same
game
without
having
to
send
transactions
to
the
blockchain
every
time
and
then
also
we
have
Mina
Foundation
is
running
something
called
ZK
ignite.
It's
cohort
one
right
now,
it's
not
too
late
to
submit
a
proposal
and
get
funded.
A
Zk
ignite
is
a
program
that
will
help
connect
developers
or
people
who
are
sort
of
entrepreneurial
designers,
whoever
with
funding
technical
mentors
Etc
in
order
to
help
them
build
things
on
Mena
and
get
them
off
the
ground.
There
is
500
000,
usdc
and
500
000
Mina
tokens
that
are
available
in
cohort
one.
It
has
a
very
unique
governance
structure
that
you
can
learn
more
about
in
a
blog
post.
It
should
be
at
this
QR
code,
and
this
is
a
great
way
to
to
get
involved.
A
You
can
also
yeah
talk
with
people
like
me
about
technical,
stuff
and
office
hours,
all
sorts
of
interesting
things.
The
other
thing
that
we
have
is
this
notion
page,
and
this
will
have
links
to
everything.
We've
talked
about
in
the
tutorial
links
to
ZK
ignite
links
to
our
twitters
discords
links
to
the
GitHub
all
that
stuff.
A
A
No,
he
does
not
have
to
trust
the
other
party
when
they
generate
the
hints.
So
if
so,
let's
say
that
we
were
the
hint
generator
and
we
tried
to
generate
an
incorrect
hint.
Yes,
these
assertions
would
fail.
A
So,
for
example,
like
let's
say
that
I
tried
to
add
a
a
100
someplace
where
it
didn't
belong
or
I,
tried
to
not
add
a
100
someplace
where
it
did
belong
because
doing
that
would
diverge
from
you
know
the
way
that
this
code
was
written
at
the
time
that
we
created
the
verification
key,
it
would
be
impossible
to
generate
a
valid
proof
for
that
update.
A
Does
that
make
sense
to
the
if,
at
the
end
of
this
running
this
method,
what
we
get
is
basically
a
request
to
update
last
guests
on
chain,
but
we
can
only
send
that
request
if
we
have
a
valid
proof
and
we
can
only
get
a
valid
proof
if
we've
done
everything
like
these
ad
and
if
statements
and
equal
statements
correctly.
A
So,
in
other
words,
even
though
the
because
the
user
runs
this
publish
hint
method
on
their
machine,
they
don't
disclose
the
solution
that
they
pass
in,
but
because
we
checked
that
the
solution
matches
a
hash
that
we
store
on
chain.
We
know
that
the
solution
that
they
pass
in
is
valid,
and
then
we
also
know
that
all
of
the
work
that
they
do
in
order
to
generate
these
hints
is
done
correctly.
A
Does
that
make
sense
if
it
doesn't?
We
can
also
talk
more
about
this
after
I'll
Stick
Around
in
like
the
back
corner,
all.
B
A
A
Hopefully,
they'll
be
a
little
bit
smoother
and
come
talk
to
me
in
the
corner,
with
any
questions
that
you
have
I'd
love
to
answer,
yeah,
that's
about
it!
Thank
you.
So
much
for
coming
and
I
hope
you
guys
have
an
awesome
time.