Trusted Setup Completed

tl;dr: Clr.fund has completed a trusted setup with a record breaking number of participants. Here’s how you can verify your contribution.

Overview

We just concluded our first trusted setup ceremony for the brand new MACI circuits that will let us scale the number of contributors by several orders of magnitude!

Some background: MACI allows clr.fund to make collusion among participants difficult, while retaining censorship resistance and correct-execution benefits. MACI requires a “trusted setup,” like a cryptographic launch ceremony, because it relies on SNARKs (a type of zero knowledge proof).

The setup is performed in such a way that, to fake a proof, an attacker must compromise every single participant of the ceremony. Therefore, the security goes up with the number of participants. Our trusted setup is done in 2 steps:

  1. The first step is called Perpetual Powers of Tau. It’s an ongoing effort led by Wei Jie of the Ethereum Foundation that can be reused by everyone regardless of their circuits. We took the output of Iden3’s selection process based on the 54th Perpetual Powers of Tau contribution.
  2. The second step is called Phase 2 and is circuit-specific, so has to be done separately for each different SNARK. This second step is what we are talking about in this post. Participation was very simple, you could just visit our website, press a button and wait until it's done. The ceremony ran from Sep-2-2021 to Sep-14-2021. The process was based on the Hermez trusted setup and used Geoff Lamperd’s setup-mpc-ui tools.

Stats

The trusted setup was an overwhelming success with a total of 1,183 individual contributors which, to our knowledge, is a new record for trusted setups. 🎉

The chart below shows you stats about the ceremony for MACI’s two circuits. The blue bars show the number of contributors who attempted to contribute and the orange bars show the number of contributors who succeeded in contributing (values on the left hand side). As you can see, the number of contributions was heavily clustered around 2pm Sept 3rd; this is when we started blasting Tweeting about it. What an incredible response from our community!

Unsuccessful participants mostly interrupted their contributions due to long waiting times. The yellow bars show waiting times based on participants waiting in the queue with values on the right hand side. As you can see, the large number of participants caused significant projected waiting times of 3,000+ minutes.


Outputs and Verification

If you participated successfully, we encourage you to head to this website to find your contribution files and instructions on how to verify them.

Here are the final output files of the ceremony:

  • The final zkey file, qvt32_final.zkey, can be found here
  • The verification key file, qvt32_verification_key.json, can be found here
  • The final zkey key file, batchUst32_final.zkey, can be found here
  • The verification key file, batchUst32_verification_key.json, can be found here

Finalisation logs have been timestamped with this transaction (scroll down to input data and view output as UTF-8).

After all contributions were done, we sealed the ceremony using a random number generated by https://drand.love. This  'randomness' was an output of drand’s round 1,204,000 as announced in advance on the ceremony landing page. Round 1,204,000 happened on Monday 13 Sep 2021, 16:37 UTC.

Want to do your own trusted setup?

If you want to run your own trusted setup, or if you are generally excited about ZKPs, reach out to the folks at Privacy and Scaling Solutions who have put together a super convenient UI for running trusted setup ceremonies.

What next?

We're itching to use the ceremony output in the next round of clr.fund. The new circuits will allow for several orders of magnitude more participants so stay tuned for announcements. If you have any questions, you can find us on Discord, forum, and Telegram.