[ZK Learning Group 2] Trusted setup workshop
Last updated
Was this helpful?
Last updated
Was this helpful?
Multiple people have different parts of the inputs
They do not want to reveal their component of input
But must come together to jointly compute f(x,y,z)
The setup is a process where the CRS (Common Reference String) is generated, or more publicly known as the pair of proving and verification keys. These “keys” are used by the prover and verifer to generate and verify proofs for a specific problem (or constraint system), respectively.
In this process, there are random elements which are sampled and must be kept secret — if the prover knows them, they will be able to create proofs which are verified successfully, without using an actual solution to the problem during the proving process. In other words, to forge proofs and break soundness. This randomness is also known as “toxic waste”. There are ways to avoid this worry and not put trust in a single entity. For public circuits, these usually involve a Multi-Party Computation — a process in which multiple players donate their own randomness, which they destroy afterwards. The interesting fact is that it’s enough that one player is honest and destroys their randomness for the whole process to be secure.
everyone in MPC contributes a shard that gets put together to form the CRS.
Phase 1: Circuit agnostic
Phase 2: Circuit dependent
Since circuit agnostic, or "common work", we can simply crowdsource the data in an on-going fashion, making it publicly available for anyone to use.
Anyone can use the contributions of powers of tau as phase 1 input to their circuit trusted setup.
We need participants to be acting honestly in both phase 1 and 2. If we didn't then there would be no need to have MPC in phase 2.
PLONK and STARK do not require phase 2. Just need to do the phase 1 universal setup.
