There are multiple proving systems to make and verify proofs such as Groth16, Halo2, Plonk, and so many others. We are going to focus only on Groth16 which is one of the most widespread proving systems due to the ability to generate small, fast, and cheap-to-verify proofs and thanks to the widespread domain language (Circom) used to write circuits. Proving something means basically prove that a secret is an element of a given elliptic curve, a subset of algebraic curves used in this context to perform cryptographic operations securely and efficiently. So far so good …
To generate and verify proofs securely, a cryptographic event must be run where a group of people collaborate to create a set of cryptographic parameters needed to kick-off zkSNARKs-based systems. The goal is to ensure that no one can influence or manipulate the parameter creation process. The idea is to share the burden of the setup among many participants, thus each produces only a fragment of the information needed to generate the ceremony parameter, the so-called toxic waste. As the name could suggest, this information must be thrown away by the participants and it only takes at least one of them to successfully forget the toxic waste to ensure the security of the ceremony because an attacker needs all fragments in order to break the system; that’s why these events are called MPC Trusted Setup Ceremonies.
Any Trusted Setup ceremony is organized in two subsequent steps: the Phase 1, is universally reusable in any point of contribution as input for any zkSNARKs Phase 2. Briefly, the goal of the Phase 1 is to securely generate zk-SNARK parameters for circuits of up to a huge amount of constraints while the Phase 2, s a circuit-specific ceremony that must be done for each individual application circuit. Luckily, both phases have a similar workflow. Both assume that there is at least one coordinator and multiple participants taking turns in (generally) sequential rounds. The coordinator generates and publishes a challenge file, which the first participant downloads, generate some entropy (the so-called toxic waste). Then, the participant runs a computation to produce a new challenge file, which is made available for coordinator verification. If the contribution has been verified as correct, the next participant will repeat the process starting from this latest contribution, otherwise is going to recompute the work taking the position of the previous participant. The process is repeated indefinitely until the coordinator decides to end the ceremony or a predetermined end date is reached. Ultimately, the ceremony results in the extraction of a key for the specific circuit being used.
The Groth16 proving system boasts small, fast, cheap-to-verify proofs. The hunt for universal SNARKs as fast as single-circuit Groth16 has (unsuccessfully) spawned many new projects in the space. A largely cited criticism drifts away from performances but rather that it is not universal - every change to a circuit requires a new Phase 2 Trusted Setup ceremony. Therefore, for production use, Groth16 zk-SNARK circuits require a MPC (Multi-Party Computation) Trusted Setup ceremony to generate the parameters that can kick-off zkSNARKs-based systems.
Making one of these MPC protocols requires time and development resources for design, auditing, testing, security, operations, ceremony conduction plan, guides and so on. That’s why we are working toward on the p0tion toolkit to automate the setup, execution, coordination and finalization of the Phase 2 Trusted Setup ceremonies for one or more zkSNARKs circuit(s).
p0tion is a project (formerly known as MPC Phase 2 Suite) from MACI/QFI team from PSE. You could think p0tion as a toolkit for making effortless running Trusted Setup Phase 2 ceremonies for multiple circuit at the same time. Making one of these MPC protocols requires time and development resources for design, auditing, testing, security, operations, ceremony conduction plan, guides and so on. That’s why we are working toward
p0tion to be an agnostic-from-ceremony public good toolkit, usable by everyone, to make their Groth16 zk-applications scale and safely production-ready by running their Phase 2 Trusted Setup ceremonies.
Episode 133: Trusted Setup Ceremonies Explored - ZK Podcast