[ZK Learning Group 2] Trusted setup workshop
Background: Secure Multi-Party Computation
Multiple people have different parts of the inputs
They do not want to reveal their component of input
But must come together to jointly compute f(x,y,z)
Trusted Setup
The setup is a process where the CRS (Common Reference String) is generated, or more publicly known as the pair of proving and verification keys. These “keys” are used by the prover and verifer to generate and verify proofs for a specific problem (or constraint system), respectively.
In this process, there are random elements which are sampled and must be kept secret — if the prover knows them, they will be able to create proofs which are verified successfully, without using an actual solution to the problem during the proving process. In other words, to forge proofs and break soundness. This randomness is also known as “toxic waste”. There are ways to avoid this worry and not put trust in a single entity. For public circuits, these usually involve a Multi-Party Computation — a process in which multiple players donate their own randomness, which they destroy afterwards. The interesting fact is that it’s enough that one player is honest and destroys their randomness for the whole process to be secure.
Trusted setup can be split into 2 phases:
Phase 1: Circuit agnostic
Phase 2: Circuit dependent
Trusted setup Phase 1: Powers of Tau
Since circuit agnostic, or "common work", we can simply crowdsource the data in an on-going fashion, making it publicly available for anyone to use.
Anyone can use the contributions of powers of tau as phase 1 input to their circuit trusted setup.
PLONK and STARK do not require phase 2. Just need to do the phase 1 universal setup.
Example
Last updated
Was this helpful?