Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SPEC] Trusted setup ceremony #78

Open
21 tasks
lazovicff opened this issue Dec 20, 2021 · 0 comments
Open
21 tasks

[SPEC] Trusted setup ceremony #78

lazovicff opened this issue Dec 20, 2021 · 0 comments
Labels
Epic

Comments

@lazovicff
Copy link
Contributor

lazovicff commented Dec 20, 2021
edited by mfaghihi
Loading

Overview

A trusted setup ceremony is a multi-party computation conducted in order to generate initial randomized parameters for generating circuit-specific (in our case) proving and verifying keys.

The trusted setup consists of two phases:

Phase 1 (Powers of Tau)

  1. A coordinator generates an accumulator
  2. Participant downloads the latest accumulator
  3. Participant contributes their randomness to the accumulator (randomness is permanently deleted after this step)
  4. Participant uploads the accumulator back to the coordinator
  5. The coordinator verifies the accumulator was transformed correctly and produces a new challenge

The notable part about this procedure is that it _never_has to end. This is what allows SNARKs utilizing KZG10 to have a "continuous" setup. If a participant does not trust the setup, they themselves can contribute to the Powers of Tau, and instantiate KZG10 with the new parameters.

Phase 2 (Specialization specific to Groth16)

  1. Coordinator "prepares" the parameters from Phase 1 and converts them to Lagrange Coefficients
  2. Participant downloads the latest state of the parameters
  3. Participant contributes their randomness to the parameters (randomness is permanently deleted after this step)
  4. Participant uploads the parameters back to the coordinator
  5. The coordinator verifies the accumulator was transformed correctly
  6. Loop from 2 for all participants

This produces parameters that can then be used for constructing Groth16 SNARKs for that circuit. The setup is sound as long as 1 party was honest and destroyed their "toxic waste" in step 3.

Tornado.cash info

Phase 1 can be done once and reused for different types of circuits. Tornado.cash used this one for their ceremony: https://github.com/weijiekoh/perpetualpowersoftau/tree/master/0071_edward_response

Tornado.cash used this repo for phase2: https://github.com/kobigurk/phase2-bn254

Phase1 reusability:

Ideally, we want to reuse phase1 values from https://celo.org/plumo or take them from snarkjs repo: https://github.com/iden3/snarkjs#7-prepare-phase-2

Phase2 resources:

Use https://github.com/iden3/snarkjs, it should support both Bn254 and Bls12-381

In case of snarkjs not working for us we will use https://github.com/celo-org/snark-setup and update underlying dependencies to use the arkworks backend.

Use scripts to generate phase2 params: https://github.com/celo-org/snark-setup/tree/master/phase2-cli/scripts

Global tasks

  • Identify open-source tools for running the multi-party ceremory
    • Find coordinator software
    • Find way of contributing in browser (is it possible with Arkworks?)
  • Create a repo for running the ceremony:
  • Add scripts for creating a random value
  • Create guidelines for participating in the ceremony (it can be done through PRs, with specific template - contributions should be done synchronously)
  • Publish powers of tau values to be used for phase 2 for bn254 from snarkjs

Arkworks:

Circom Ceremony Checklist

  • Contribute a random value using snarkjs and make a PR
  • After contributions are submitted, it is verified by at least x people before the merge
  • After everyone has submitted their contribution, apply random beacon with snarkjs to finalize phase 2, open a PR
  • Verify the final key, by at least x people, before the merge
  • Execute this internally first. Integrate publicly second.

Arkworks Ceremony Checklist

  • Identify how to run a coordinator server.
  • Contribute a random value using arkworks-setup and make a PR
  • After contributions are submitted, it is verified by at least x people before the merge
  • After everyone has submitted their contribution, apply random beacon with arkworks-setup to finalize phase 2, open a PR
  • Verify the final key, by at least x people, before the merge
  • Execute this internally first. Integrate publicly second.

Tools

Links that Wei suggested to check out:

https://github.com/pantherprotocol/preZKPceremony

https://medium.com/privacy-scaling-explorations/zkopru-trusted-setup-ceremony-f2824bfebb0f

We can use snarkjs or zkey-manager to produce the initial zkey file. Then we can use https://github.com/appliedzkp/multisetups for CLI implementation. It uses IPFS for file sharing. The coordinator needs to manage the order of the contributors and providing the IPFS address of the latest zkey file to the current contributor.

The repo https://github.com/glamperd/setup-mpc-ui contains a browser-based solution. It uses Firebase databases to manage the contributed files. We first need to make an account on Firebase and set up a database. Participants authenticate via GitHub OAuth. Once authenticated, a participant gains access to the Firestore database,
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Epic
Projects
Webb Universe
Status: Not Started 🕧
Zero-knowledge
Status: Todo
Milestone
No milestone
Development

No branches or pull requests
3 participants
@lazovicff @dutterbutter @mfaghihi