p0tion is a project (formerly known as MPC Phase 2 Suite) from the MACI/QFI team from PSE. You could think p0tion as a toolkit to effortlessy manage Trusted Setup Phase 2 ceremonies for multiple circuit at the same time. Developing one of these MPC protocols requires time and development resources for design, auditing, testing, security, operations, ceremony conduction plan, guides and so on. That’s why we are working towards p0tion to be an agnostic-from-ceremony public good toolkit, usable by everyone, to make their Groth16 zk-applications scale and safely production-ready. To learn more about p0tion, please visit this website.
p0tion makes use of the following services:
GCP Firebase. p0tion uses several Firebase services: Authentication, Firestore Database and Cloud Functions, to automate the processes and store the information necessary to coordinate each Phase 2 Trusted Setup ceremony.AWS S3. p0tion creates an S3 Bucket for each Trusted Setup Phase 2 ceremony to store the artifacts (zKeys, PoT, R1CS, WASM, and so on).:warning: It's critical for coordinators to perform the configuration of these services flawlessly to avoid unauthorised access and tampering of the ceremonies that could result in high billing or DoS. Please, have a look at the coordinator guide.
AWS simple storage service (S3) provides granular access control in the form of IAM roles and Bucket policies. By default, the buckets are private. Therefore, it is necessary to assign the correct permissions for access to the relevant parties.
To properly work w/ S3 you will need the following:
Attach the following policy to the new IAM user.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:PutBucketOwnershipControls",
"s3:CreateBucket",
"s3:ListBucket",
"s3:ListMultipartUploadParts",
"s3:PutObject",
"s3:GetObject",
"s3:AbortMultipartUpload",
"s3:PutBucketAcl",
"s3:PutBucketObjectLockConfiguration",
"s3:DeleteObject",
"s3:DeleteBucket",
"s3:PutBucketVersioning",
"s3:GetObjectVersion"
],
"Resource": "*"
}
]
}
It's important to assign the permissions which are necessary only for the subset of actions relevant for p0tion in order to respect the least privilege principle. Keys for the IAM user should be stored securely and added to the .env file of both the actions and backend packages.
Firebase support custom set of programmable rules that can be used to determine access control and validate data when accessing the information w/ CRUD operations. Therefore, all requests made to Firestore will be validated against the specified set of rules. We provide a custom set of standard rules which should be deployed to your Firebase project to protect from malicious usage. The rules are located inside the root of the backend package inside a file named firestore.rules.