search

[ZK Learning Group 2] Trusted setup workshop

hashtag
Background: Secure Multi-Party Computation

  • Multiple people have different parts of the inputs

  • They do not want to reveal their component of input

  • But must come together to jointly compute f(x,y,z)

hashtag
Trusted Setup

The setup is a process where the CRS (Common Reference String) is generated, or more publicly known as the pair of proving and verification keys. These “keys” are used by the prover and verifer to generate and verify proofs for a specific problem (or constraint system), respectively.

In this process, there are random elements which are sampled and must be kept secret — if the prover knows them, they will be able to create proofs which are verified successfully, without using an actual solution to the problem during the proving process. In other words, to forge proofs and break soundness. This randomness is also known as “toxic waste”. There are ways to avoid this worry and not put trust in a single entity. For public circuits, these usually involve a Multi-Party Computation — a process in which multiple players donate their own randomness, which they destroy afterwards. The interesting fact is that it’s enough that one player is honest and destroys their randomness for the whole process to be secure.

circle-info

everyone in MPC contributes a shard that gets put together to form the CRS.

hashtag
Trusted setup can be split into 2 phases:

  1. Phase 1: Circuit agnostic

  2. Phase 2: Circuit dependent

hashtag
Trusted setup Phase 1: Powers of Tau

circle-info

We need participants to be acting honestly in both phase 1 and 2. If we didn't then there would be no need to have MPC in phase 2.

circle-check

PLONK and STARK do not require phase 2. Just need to do the phase 1 universal setup.

hashtag
Example

https://youtu.be/83Jar98QbP4?si=SvJoP360zUCTdh74&t=983arrow-up-right
Previous[ZK Learning Group 2] Circom workshop #2NextAdd.circom

Last updated