Loopring Begins zkSNARK Trusted Setup Multi-Party Computation Ceremony

Loopring Begins zkSNARK Trusted Setup Multi-Party Computation Ceremony

bElWFD - Loopring Begins zkSNARK Trusted Setup Multi-Party Computation Ceremony

Loopring 3.0 relies on zkSNARKs to perform off-chain heavy-lifting computations and only pushes data on-chain with succinct ZK proofs for efficient verification. For every circuit used in the protocol, we need to generate proving and verification keys. These keys, as you can deduce from the names, are used to generate proofs and to verify proofs.

The problem is that when generating these keys, a piece of data called toxic waste must be thrown away, otherwise, it can be used to generate fake proofs which would make the protocol insecure.

This is where the trusted setup multi-party computation ceremony comes in. In this ceremony, the trusted setup is done by multiple people. The protocol is secure as long as just one person from each phase deletes his/her toxic waste.

There are two phases for the ceremony. Phase 1 is the Perpetual Powers of Tau Ceremony that can be forever on-going and used by all circuits. Loopring has participated in phase 1 already. Phase 2 is circuit-specific and needs to be done for each circuit in the Loopring protocol. To generate fake proofs, one must recover all toxic waste from all participants of phase 1 and phase 2.

Image borrowed from Wei Jie Koh’s post with modification.

We started the phase 2 ceremony on top of the 11th round of phase 1. We did an additional phase 1 contribution with a random beacon using the Bitcoin block hash at block height 602168 as announced beforehand on Twitter. The resulting data will form the base for Loopring’s phase 2.

Each participant will need to download a file of about 75GB. This data is then used to run some computations taking around 12 hours to complete on a modern computer. The result is a new file which is around 75GB and includes the participant’s contribution. This new file then needs to be uploaded so subsequent participants can build upon it.

Phase 2 of the ceremony can also run indefinitely just like phase 1. Once we feel we have enough participants, for example, 6 to 8, we will generate the necessary keys so that protocol 3.0 beta4 can be used in production. Later on, as needed, we can generate new keys at a point when much more people have contributed. (~30 participants are in the queue right now).

If you’d like to participate, please let us know! For more technical details about the process & instructions, please check our GitHub repo. To learn about the overall progress, please visit our website. Or for any of the above, just write us on twitter at @loopringorg

Published at Sun, 10 Nov 2019 12:42:13 +0000

{flickr|100|campaign}

Spread the word. Share this post!

Leave a comment