Showing 156 of 156 labs
AEGIS Gate AEAD walkthrough comparing nonce handling and throughput tradeoffs in modern authenticated encryption.
Symmetric
Linked from AES-256-GCMAES Modes Compares ECB, CBC, CTR, GCM, and CCM with attack demos and mode visualizations.Symmetric
Linked from AES-256-GCMAscon Lightweight cryptography lab covering AEAD, hashing, and constrained-device design tradeoffs.Symmetric
Linked from ChaCha20-Poly1305Babel Hash Hash family explorer with sponge-vs-Merkle-Damgard mental models.Hash
Linked from SHA-3-256 (Keccak)BB84 Quantum key-distribution intuition and where it differs from software KEM deployment.KEM
Linked from ML-KEM-768 (Kyber)bcrypt Forge Work-factor and migration walkthrough for legacy-compatible password hashing.Password
Linked from bcryptBiham Lens Classical cryptanalysis intuition builder for block-cipher style systems.Symmetric
Linked from AES-256-GCMBIKE Vault Code-based BIKE internals, parameter intuition, and attack surface overview.KEM
Linked from BIKEBitcoin Script Steps a real P2PKH spend through the Bitcoin Script stack machine with secp256k1 ECDSA and HASH160, covering wrong-key, forged-signature, and tampered scenarios.Elliptic Curves
Linked from secp256k1Bitcoin Wallet secp256k1 key derivation to P2PKH and P2WPKH addresses via HASH160, with BIP-39 mnemonics, PBKDF2 seed stretching, and BIP-32 hardened child derivation.Elliptic Curves
Linked from secp256k1Blind Hello Encrypted Client Hello (ECH) built on HPKE over X25519, hiding the SNI from on-path network observers.Elliptic Curves
Linked from Curve25519 / X25519Blind Oracle Browser-to-server demo for encrypted computation with TFHE-style operations.HE
Linked from TFHEBlind Relay Oblivious HTTP relay/gateway split using HPKE so no single party sees both client identity and request content.Elliptic Curves
Linked from Curve25519 / X25519Blind Sign Privacy-preserving signing flow and unlinkability intuition.Elliptic Curves
Linked from Ed25519Broken Trust Shows how leaking one bit of ML-DSA's per-signature masking randomness enables hill-climbing secret-key recovery without lattice reduction.Signatures
Linked from ML-DSA-44 (Dilithium), ML-DSA-65 (Dilithium)Bulletproofs ZK range proofs on ristretto255 — 64-bit Pedersen commitments, aggregate proofs, and the inner-product argument.ZKP
Linked from BulletproofsChaCha20 Stream Quarter-round stepper, keystream visualizer, nonce-reuse demo, and encrypt/decrypt playground.Symmetric
Linked from ChaCha20-Poly1305, XChaCha20-Poly1305Chain of Trust Builds and validates X.509 chains by hand on a cross-signed ECDSA P-256 hierarchy, showing that path building and RFC 5280 path validation are different problems and that cryptographically valid signatures can still be correctly rejected.Elliptic Curves
Linked from P-256Ciphertext Mirror ML-KEM side-channel walkthrough across the Fujisaki-Okamoto transform, LDPC decoder behavior, and NTT blinding countermeasures.KEM
Linked from ML-KEM-1024 (Kyber), ML-KEM-768 (Kyber)CKKS Lab Approximate arithmetic under encryption with scale/noise budgeting intuition.HE
Linked from CKKSCollision Vault Verifies real published MD5 and SHA-1 collision pairs (SHAttered, chosen-prefix) in-browser and shows SHA-256 resisting the same attack.Hash
Linked from SHA-256, SHA-3-256 (Keccak), SHA-512Commit Gate Commitment scheme semantics and binding/hiding tradeoffs in protocol design.ZKP
Linked from BulletproofsCorrupted Oracle Entropy failure scenarios and state compromise impact in randomness pipelines.CSPRNG
Linked from HMAC-DRBGCredential Veil BBS+ anonymous credentials over BLS12-381 with selective disclosure, unlinkable presentations, and an over-18 range proof.Elliptic Curves
Linked from BLS12-381Curve Lens Interactive point addition, scalar multiplication, and ECDH exploration across major curves.Elliptic Curves
Linked from Curve25519 / X25519Curve448 High-security curve walkthrough for X448 and Ed448 style key agreement and signatures.Elliptic Curves
Linked from Ed448 / Curve448Dead Sea Cipher Historical cipher lab for context on modern symmetric design goals.Symmetric
Linked from AES-256-GCMDH MITM Classic Diffie-Hellman key exchange with a live man-in-the-middle attack on the unauthenticated channel, and an ECDSA-signed fix that fails closed.Elliptic Curves
Linked from Curve25519 / X25519Dilithium Reject ML-DSA internals lab focused on rejection sampling and signing-loop behavior.Signatures
Linked from ML-DSA-44 (Dilithium), ML-DSA-65 (Dilithium)Dilithium Seal Demonstrates ML-DSA signing and verification flow with lattice-based signatures.Signatures
Linked from ML-DSA-44 (Dilithium), ML-DSA-65 (Dilithium)Downgrade Wire Downgrade attack on hybrid post-quantum key exchange that strips the PQ half back to classical-only.KEM
Linked from ML-KEM-768 (Kyber)DRBG Arena State evolution, reseeding, and backtracking-resistance comparison across DRBGs.CSPRNG
Linked from ChaCha20-DRBG, CTR-DRBG (AES-256), Fortuna, Hash-DRBG, HMAC-DRBGE91 Entanglement-based quantum key distribution using the CHSH Bell test, where an eavesdropper is caught by collapsing the Bell inequality.KEM
Linked from ML-KEM-768 (Kyber)ECDSA Forge ECDSA signing and verification flow with nonce-discipline and verification-failure intuition.Elliptic Curves
Linked from P-256, secp256k1Ed25519 Forge Key generation, signing, verification, and deterministic nonce handling.Elliptic Curves
Linked from Ed25519Educational RSA Textbook RSA key generation, encryption, and signatures on small numbers, factoring a weak key and contrasting deterministic textbook ciphertext with RSA-OAEP.Asymmetric
Linked from RSA-OAEP-2048ElGamal Plain Public-key encryption walkthrough for multiplicative homomorphism and ciphertext expansion tradeoffs.Asymmetric
Linked from ElGamalEnigma Forge Full mechanical Enigma with rotors, plugboard, and reflector, plus the crib-based Bombe break exploiting the no-letter-maps-to-itself flaw.Symmetric
Linked from AES-256-GCMEntropy Collapse Seed-provenance and RNG state-duplication failures against a correct HMAC_DRBG (NIST SP 800-90A/B/C).CSPRNG
Linked from HMAC-DRBGEnvelope KMS RFC 3394/5649 AES key wrap with DEK/KEK hierarchy, KMS-style rotation, and a hash-chained audit log.Symmetric
Linked from AES-256-GCMFalcon Seal Lattice signature demo focused on compact signatures and implementation caveats.Signatures
Linked from FALCON-512FHE Arena Compares bootstrapping-heavy and leveled FHE workflows on practical tasks.HE
Linked from BFV, BGV, CKKS, TFHEFormat Ward Format-preserving encryption playground for structured fields and tokens.Symmetric
Linked from AES-256-GCMFrodo Vault Learning-focused module for FrodoKEM design and deployment tradeoffs.KEM
Linked from FrodoKEM-976FROST Threshold Threshold signing workflow built on Ed25519.Elliptic CurvesThreshold Sigs
Linked from Ed25519, FROSTFrozen Heart Weak Fiat-Shamir "Frozen Heart" forgeries that fake zero-knowledge proofs when the challenge omits public inputs.ZKP
Linked from BulletproofsGarbled Gate Yao-style garbled circuit construction and secure evaluation walk-through.MPC
Linked from Yao's Garbled CircuitsGG20 Wallet Threshold ECDSA signing with coordinator flow and abort handling.Threshold Sigs
Linked from GG20Grover Symmetric-key security scaling under quantum search assumptions.KEM
Linked from ML-KEM-768 (Kyber)Harvest Timeline Migration-planning view for harvest-now decrypt-later risk and post-quantum rollout timing.KEM
Linked from ML-KEM-768 (Kyber)Harvest Vault Data minimization and encrypted retention patterns for privacy-sensitive workloads.HE
Linked from TFHEHash Zoo Comparative hashing lab for collision and preimage intuition.Hash
Linked from SHA-256, SHA-512HAWK Alternative post-quantum signature lab for compact-signature tradeoffs and deployment comparisons.Signatures
Linked from FALCON-512HPKE Envelope RFC 9180 HPKE hybrid public-key encryption with X25519, HKDF, and an AEAD envelope.Elliptic Curves
Linked from Curve25519 / X25519HQC Timing Timing leak in HQC's BCH decoder and how constant-time mitigations reshape the attack surface against the code-based KEM.KEM
Linked from HQCHQC Timing Break Side-channel demo showing timing-sensitive failure modes in post-quantum KEM implementations.KEM
Linked from HQCHQC Vault Code-based KEM flow and tradeoff walkthrough for HQC.KEM
Linked from HQCHybrid Guide Guide to hybrid post-quantum key exchange where a KEM combiner pairs X25519 with ML-KEM-768 so the session key holds if either half survives.KEM
Linked from ML-KEM-768 (Kyber)Hybrid PQC Compares classical, post-quantum, and hybrid key exchange with X25519 and ML-KEM-768 behind an HKDF combiner, breaking one half to show the hybrid survive.KEMSignatures
Linked from ML-DSA-65 (Dilithium), ML-KEM-768 (Kyber)Hybrid Sign Composite-signature workflow combining classical and post-quantum authenticity guarantees.Signatures
Linked from ML-DSA-44 (Dilithium), ML-DSA-65 (Dilithium)Hybrid Wire Shows X25519 plus ML-KEM hybrid key exchange as deployed in modern TLS experiments.KEM
Linked from ML-KEM-768 (Kyber)IBE Gate Identity-based encryption walkthrough rooted in pairing-based public-key constructions.Elliptic Curves
Linked from BLS12-381Iron Letter Applied public-key encryption workflow and envelope-encryption intuition.Asymmetric
Linked from RSA-OAEP-2048Iron Serpent Applied symmetric-encryption lab for key/nonce discipline in real workflows.Symmetric
Linked from AES-256-GCMIsogeny Gate Post-quantum key-exchange history and assumptions in context with modern curves.Elliptic Curves
Linked from Curve25519 / X25519J-UNIWARD JPEG-domain steganography lab with distortion-aware embedding intuition.Stego
Linked from Adaptive Steganography (WOW), DCT-Domain (JPEG F5)Jevil Hash-based few-time signature scheme over the Goldilocks field using Lagrange interpolation for bounded-use signing with reusable verification keys.Signatures
Linked from SLH-DSA (SPHINCS+)JWT Forge Tamper with JWT claims and swap algorithms to watch alg:none and HS/RS key-confusion attacks succeed against a vulnerable verifier and fail against a correct one.MAC
Linked from HMAC-SHA-256KDF Arena Memory-hard tuning lab for practical parameter choices.KDFPassword
Linked from Argon2 (KDF mode), Argon2id, Balloon Hashing, Balloon Hashing, PBKDF2, PBKDF2, scrypt, scryptKDF Chain Derivation-chain demo for context binding, domain separation, and key expansion.KDF
Linked from HKDFKEM Trap Shows FIPS 203 implicit rejection — a bit-flipped ML-KEM-768 ciphertext still returns 32 bytes, and a caller that drops the return code or skips key confirmation turns silent decapsulation failure into a plaintext-checking oracle.KEM
Linked from ML-KEM-768 (Kyber)Kerberos v5 RFC 4120 AS/TGS/AP exchange walkthrough with AES-256-CTS-HMAC-SHA1-96 ticket encryption and the Lowe attack.Symmetric
Linked from AES-256-GCMKey Exchange Walkthrough of key exchange from Diffie-Hellman to modern hybrid post-quantum handshakes, with assumptions and threat models per era.Elliptic Curves
Linked from Curve25519 / X25519Key Mirror Key transparency with a Merkle-tree append-only log and consistency/inclusion proofs for auditable key directories.Hash
Linked from SHA-256Kyber Vault Hands-on ML-KEM / Kyber encapsulation and decapsulation walkthrough.KEM
Linked from ML-KEM-1024 (Kyber), ML-KEM-768 (Kyber)KyberSlash Side-channel walkthrough showing why constant-time ML-KEM implementations matter.KEM
Linked from ML-KEM-768 (Kyber)Lattice Fault Implementation-fault and decryption-failure intuition for lattice systems.KEM
Linked from ML-KEM-768 (Kyber)LLL Break Lattice reduction intuition and parameter-safety implications.KEM
Linked from ML-KEM-768 (Kyber)LMS Ledger Stateful hash-based signatures with Merkle authentication path intuition.Signatures
Linked from LMS / HSSLMS/XMSS Stateful hash-based signature comparison centered on XMSS and LMS lifecycle management.Signatures
Linked from LMS / HSS, XMSSLWE Hints Approximate-hint LWE secret recovery on sparse ternary secrets, counting how many hints collapse the underlying lattice problem.KEM
Linked from ML-KEM-768 (Kyber)MAC Race Compares HMAC, CMAC, Poly1305, and GHASH with common failure modes.MAC
Linked from CMAC-AES-256, HMAC-SHA-256, Poly1305McEliece Gate Code-based encryption and key-size tradeoff visualized for Classic McEliece.KEM
Linked from Classic McElieceMerkle Proofs Builds Merkle trees on SHA-256, generates inclusion proofs, and replays the RFC 6962 second-preimage and CVE-2012-2459 attacks with domain-separation defenses.Hash
Linked from SHA-256Merkle Vault Merkle tree commitments and authentication path mechanics for hash-based signatures.Signatures
Linked from LMS / HSSMLS Group RFC 9420 Messaging Layer Security with TreeKEM ratchet tree, epoch key schedule, and group forward secrecy.Elliptic Curves
Linked from Curve25519 / X25519Model Breach Leakage and inference-risk demonstration motivating encrypted-compute designs.HE
Linked from TFHEMPCitH Sign Post-quantum signature design intuition from MPC-in-the-head constructions.Signatures
Linked from ML-DSA-65 (Dilithium), SLH-DSA (SPHINCS+)Multivariate UOV Real Unbalanced Oil-and-Vinegar signatures over GF(256), showing the MQ trapdoor and the 2022 Beullens attack that broke Rainbow.Signatures
Linked from ML-DSA-65 (Dilithium)Noise Pipe Noise-pattern handshake lab for modern transport protocol design.Elliptic Curves
Linked from Curve25519 / X25519Nonce Collision Reuses one nonce under one key across AES-CTR, AES-GCM, ChaCha20-Poly1305, and AES-CBC, crib-dragging plaintext from XORed keystreams and running the GHASH forbidden attack to forge tags the real verifier accepts.Symmetric
Linked from AES-256-GCM, ChaCha20-Poly1305Nonce Guard Demonstrates nonce-misuse failures and how modern AEAD usage avoids them.Symmetric
Linked from ChaCha20-Poly1305Nonce Lattice ECDSA nonce-bias lattice attack on P-256 — Hidden Number Problem, in-browser LLL reduction, private-key recovery.Elliptic Curves
Linked from P-256, secp256k1NTRU Classic Lattice-encryption intuition builder for NTRU-style designs and their deployment tradeoffs.KEM
Linked from SMAUG-TOblivious Shelf Private retrieval and access-pattern leakage intuition.OT / PIR
Linked from Computational PIR, Information-Theoretic PIROpaque Gate Password-authenticated key exchange walkthrough with transcript-hardening patterns.Elliptic Curves
Linked from Curve25519 / X25519ORAM Vault Access-pattern privacy walkthrough showing where PIR and ORAM solve different leakage problems.OT / PIR
Linked from Computational PIR, Information-Theoretic PIROT Gate Oblivious transfer foundations used in private protocols and MPC.OT / PIR
Linked from Base Oblivious Transfer, OT ExtensionOTP Vault One-time pad with provable perfect secrecy, then the two-time-pad break recovering both plaintexts from a reused keystream.Symmetric
Linked from ChaCha20-Poly1305Padding Oracle Shows why authenticated encryption closes oracle-style decryption side channels.AsymmetricSymmetric
Linked from AES-256-GCM, RSA-OAEP-2048Paillier Gate Additive homomorphic encryption walkthrough for the Paillier building blocks used in threshold ECDSA systems.Threshold Sigs
Linked from DKLS23, GG20Pairing Gate Pairing-friendly curve intuition and protocol use in advanced signatures.Elliptic CurvesThreshold Sigs
Linked from BLS Threshold, BLS12-381PAKE Gate Side-by-side tour of the SRP-6a, J-PAKE, CPace, and Dragonfly PAKEs, deriving a strong shared key from a low-entropy password that never crosses the wire.Elliptic Curves
Linked from Curve25519 / X25519Patron Shield Privacy-preserving analytics and encrypted processing intuition.HE
Linked from TFHEPhantom Vault Hashing and key-derivation pitfalls visualized in a practical data-protection workflow.Hash
Linked from SHA-256PKI Chain Certificate-chain and trust-anchor mechanics for signature verification workflows.Elliptic Curves
Linked from Ed25519Point Arithmetic Interactive elliptic-curve point addition and scalar multiplication over both the reals and a finite field, building the ECDLP intuition beneath ECDH and ECDSA.Elliptic Curves
Linked from Curve25519 / X25519Poly1305 MAC One-time authenticator intuition and key/nonce handling discipline.MAC
Linked from Poly1305Power Trace Recovers an AES-128 key byte with CPA/DPA power side-channel analysis against a correct, constant-time cipher.Symmetric
Linked from AES-256-GCMPQ Families Guided tour of the five post-quantum families — lattice, code-based, hash-based, multivariate, and isogeny — with assumptions and standardization status.KEM
Linked from ML-KEM-768 (Kyber)PQ Rotation Operational rotation planning for moving production key exchange and data protection to PQ-safe systems.KEM
Linked from ML-KEM-768 (Kyber)PQ TLS Handshake Hybrid TLS handshake walkthrough showing where ML-KEM fits into post-quantum transport migration.KEM
Linked from ML-KEM-768 (Kyber)Protocol Checker Dolev-Yao symbolic model checker that rediscovers the Diffie-Hellman MITM and Lowe's Needham-Schroeder attack, then closes each with one fix.Elliptic Curves
Linked from Curve25519 / X25519Protocol Compose Composability failure modes and safe protocol-combination patterns.MPC
Linked from Yao's Garbled CircuitsPSI Gate Private set intersection workflow built from practical two-party secure computation patterns.MPC
Linked from ABYQuantum Entropy Beam-splitter QRNG with min-entropy accounting, von Neumann debiasing, and a Toeplitz extractor feeding a DRBG seed per NIST SP 800-90B/C.CSPRNG
Linked from FortunaQuantum Vault KPQC Interactive post-quantum KEM comparison and security intuition builder.KEM
Linked from ML-KEM-768 (Kyber), SMAUG-TRatchet Wire Double-ratchet style key update and session-forward-secrecy walkthrough.Elliptic Curves
Linked from Curve25519 / X25519Reshare Circle Proactive secret sharing that reshares Shamir shares to refresh them without changing the underlying secret.Sharing
Linked from Shamir's Secret SharingRing Sign Signer anonymity and ring-formation tradeoffs in signature protocols.Elliptic Curves
Linked from Ed25519RSA Forge RSA encryption/signature behavior, padding pitfalls, and parameter intuition.Asymmetric
Linked from RSA-OAEP-2048, RSA-OAEP-4096S-Cloud+ Vault Post-quantum KEM workflow for long-lived cloud storage and envelope-encryption planning.KEM
Linked from ML-KEM-1024 (Kyber)Salamander Invisible-salamanders key-commitment attack: one AES-GCM ciphertext that opens to two valid plaintexts under two keys.Symmetric
Linked from AES-256-GCMShadow Vault Applies XChaCha20-Poly1305 in a deniable-encryption workflow.Symmetric
Linked from XChaCha20-Poly1305Shamir Gate Threshold splitting and reconstruction flow with share-loss failure modes.Sharing
Linked from Shamir's Secret SharingShamir vs FROST Contrasts Shamir secret-sharing reconstruction, which forms the key in memory, against FROST threshold signing, which never reconstructs it.SharingThreshold Sigs
Linked from FROST, Shamir's Secret SharingShor Quantum attack intuition motivating migration from classical public-key systems.KEM
Linked from ML-KEM-768 (Kyber)Signed Bytes Signs JSON with Ed25519 to show a signature binds exact bytes, not meaning — breaking key order, Unicode, and duplicate-key parsing, then applying JCS (RFC 8785) canonicalization to see which failures it fixes and which it refuses.Elliptic Curves
Linked from Ed25519Silent Tally Secure tallying flow and privacy-preserving aggregation intuition.MPC
Linked from SPDZSNARK Arena Groth16 and PLONK trusted-setup workflow, proof generation, and verification comparison.ZKP
Linked from Groth16 (zk-SNARK), PLONK (zk-SNARK)SPAKE Gate SPAKE2 balanced PAKE that establishes a shared key from a low-entropy password without leaking it.Elliptic Curves
Linked from Ed25519SPDZ Forge Malicious-secure SPDZ with Beaver triples and information-theoretic MACs that abort on a tampered share under a dishonest majority.MPC
Linked from SPDZSPHINCS+ Ledger Hash-based signature workflow with larger signatures and conservative assumptions.Signatures
Linked from SLH-DSA (SPHINCS+)SSH Handshake SSH transport handshake with ephemeral X25519/ECDH, Ed25519 signatures over the exchange hash, and TOFU host-key pinning.Elliptic Curves
Linked from Curve25519 / X25519, Ed25519STARK Tower Transparent zk-STARK proving flow with AIR and FRI components explained.ZKP
Linked from zk-STARKStego Suite Steganography tradeoffs, payload limits, and detection-risk intuition.Stego
Linked from LSB SubstitutionSyndrome Drain How code-based KEMs erode below NIST Level 1 when one key derives many session keys, with DOOM decoding one of D syndromes √D faster.KEM
Linked from BIKE, HQCThreshold Decrypt Distributed decryption workflow with quorum requirements and availability tradeoffs.MPCSharingThreshold Sigs
Linked from GG20, Shamir's Secret Sharing, SPDZThreshold ML-DSA Threshold post-quantum signing walkthrough for distributed ML-DSA key ownership.Signatures
Linked from ML-DSA-44 (Dilithium), ML-DSA-65 (Dilithium)Time Trust Drives real Ed25519 certificate and token verification from one movable clock, showing which security decisions silently depend on time — an input a signature cannot authenticate — while the signature itself verifies at every clock position.Elliptic CurvesMAC
Linked from Ed25519, HMAC-SHA-256Time-Lock Puzzle RSW time-lock puzzle sealing a message behind fixed sequential squaring work, with a fail-closed cheat check and the creator's instant factorization trapdoor.CSPRNG
Linked from HMAC-DRBGTiming Oracle Side-channel timing intuition and constant-time verification discipline.MAC
Linked from HMAC-SHA-256Timing Side-Channel Recovers a secret one byte at a time from an early-exit comparison, then flattens the leak with a constant-time compare — the discipline behind MAC verification.MAC
Linked from HMAC-SHA-256TLS Handshake Full TLS 1.3 handshake with X25519 key exchange, Ed25519 authentication, the HKDF key schedule, and AES-GCM records, including a blocked man-in-the-middle.Elliptic Curves
Linked from Curve25519 / X25519Traitor Trace NNL subset-cover broadcast encryption with AES-256-GCM key wraps, revocation without rekeying, and black-box traitor tracing.Symmetric
Linked from AES-256-GCMVDF Verifiable Delay Function via repeated modular squaring with a Wesolowski proof — slow sequential evaluation, instant verification, for randomness beacons.CSPRNG
Linked from HMAC-DRBGVigenère Break Recovers a repeating-key Vigenère cipher with Kasiski examination, the index of coincidence, and per-column frequency analysis.Symmetric
Linked from AES-256-GCMVRF Gate Verifiable randomness and unpredictability guarantees in distributed systems.CSPRNG
Linked from HMAC-DRBGVSS Gate Verifiable sharing workflow with commitments and complaint handling.Sharing
Linked from Feldman VSS, Pedersen VSSWeb of Trust PGP-style trust graph for signing keys and walking introduction chains, showing how trust flows without a central authority.Elliptic Curves
Linked from Ed25519WebAuthn Passwordless FIDO2/WebAuthn authentication with ES256 (P-256) keys, covering attestation, assertion, and platform vs cross-platform authenticators.Elliptic Curves
Linked from P-256World Ciphers Cipher family comparison with design and deployment tradeoff context.Symmetric
Linked from AES-256-GCMWorld Hashes Cross-standard hash overview and algorithm family context.Hash
Linked from BLAKE2b, BLAKE3, SHA-256X3DH Wire Signal-style asynchronous key agreement built on Curve25519.Elliptic Curves
Linked from Curve25519 / X25519ZK Arena Side-by-side comparison of zk-SNARK and zk-STARK proof systems across setup phases, proving overhead, and verification cost.ZKP
Linked from Groth16 (zk-SNARK), PLONK (zk-SNARK), zk-STARKZK Proof Lab Zero-knowledge construction walkthrough spanning commitments and proof mechanics.ZKP
Linked from Bulletproofs