LogoLogo
zkBob AppLinks & Resources
  • 🦹zkBob Overview
    • zkBob
    • Basic Concepts
      • Getting Started
      • Open-Source and Decentralized
      • Multichain Deployment
      • Usage Statistics
      • Use Cases
        • Employee Salary
        • Vendor Purchasing
      • Development Timeline
      • zk Privacy Solution Comparison
    • zkBob Pools
      • USDC Pool on Polygon (sunsets January 31, 2025)
      • USDC Pool on Optimism
      • ETH Pool on Optimism
      • USDT Pool on Tron (sunsets Oct 29, 2024)
    • Fees
      • Unspent note handling
    • Deposit & Withdrawal Limits
    • Compliance & Security
      • TRM Labs Integration
    • Conferences, Workshops, Videos
      • International Videos
    • Governance
    • BOB Stablecoin
    • zkBob FAQ
  • 🦸‍♂️zkBob Application
    • UI Overview
    • Account Creation
      • Login to an existing account
      • Lost Password
      • Metamask / Web3 Wallet Warning
    • Deposits
    • Transfers
      • Multitransfers
    • Withdrawals
      • Native Token Conversion
    • Generate a Receiving Address
    • Optional KYC
    • zkBob Direct Deposits
    • Support ID
    • Payment Links
    • Integrated Services
    • Multilingual support
      • Português
      • Русский
      • 中文
  • 👩‍⚕️Technical Implementation
    • zkBob Application Overview
    • Deployed Contracts
    • Smart Contracts
      • zkBob Pool Contract
        • Transaction Calldata
      • Bob Token Contract
      • Verifier contracts
      • Operator Manager Contract
        • Mutable Operator Manager
      • Voucher (XP) Token Contract
    • Accounts and Notes
      • Accounts
      • Notes
    • Relayer Node
      • Relayer Operations
      • Optimistic State
      • REST API
    • zkBob Keys
      • Address derivation
      • Ephemeral keys
    • zkSNARKs & Circuits
      • Transfer verifier circuit overview
    • zkBob Merkle Tree
      • The Poseidon Hash
    • Elliptic Curve Cryptography
    • Transaction Overview
      • Common Structure
      • Memo Block
        • Memo Block Encryption
      • Transaction Types
      • Nullifiers
      • Signing a Transaction
      • The Transaction Lifecycle
    • Client Library SDK
      • Configuration
        • Initializing the client
          • Client Configuration
        • Attaching a User Account
          • Account Configuration
        • Switching Between Pools
      • Account-less Mode Operations
        • Converting Token Amounts
        • Transaction Fees
        • Transaction Constraints
        • Using the Delegated Prover
        • Getting the State
        • Gift Cards
        • Client Library Status
        • Helpers
        • Versioning
      • Full Mode Operations
        • Balances and History
        • Shielded Addresses
        • Account State
        • Fee Estimations
        • Transaction Configuration
        • Sending Transactions
        • Transaction Maintenance
        • Direct Deposits
        • Gift Cards Maintenance
        • Ephemeral Deposits
        • Forced Exit
        • Other Routines
      • Common Types
      • Full Functions List
      • Utilities
  • 👩‍🏫Deployment
    • Trusted Setup Ceremony
    • Contract Deployment
    • Relayer Subsystem
  • 👷‍♂️Roadmap
    • On the Roadmap
    • Exploratory Features
      • XP (Experience Points)
        • XP-based Auctions
      • Multi-chain Custom Rollup Deployment
      • Round-robin Operator Manager
      • Compounding
  • 🧑‍💻Jobs
    • Zero-Knowledge Researcher & Protocol Developer
  • 🧩Resources
    • Visual Assets
    • Hackathons
      • zkBob Cloud
    • Release Notes
      • October 11, 2023
      • July 13, 2023
      • June 13, 2023
      • March 28, 2023
      • January 30, 2023
      • January 16, 2023
      • January 2, 2023
      • Releases 2022
    • Security Audit
    • Github
    • Link tree
Powered by GitBook
On this page
  • zkBob Trusted Ceremony Process
  • Phase 1: Generate Proving and Verification Keys
  • Phase 2: Create Circuit Parameters and MVP Launch
  • Phase 3: Community Participation
  • Ceremony Inputs and Outputs

Was this helpful?

  1. Deployment

Trusted Setup Ceremony

Initial mandatory procedure to bootstrap the application

PreviousUtilitiesNextContract Deployment

Last updated 2 years ago

Was this helpful?

zkBob uses zkSNARKs to provide transaction correctness proofs for participants. No one can ascertain transaction details but anyone can verify proof that a transaction occurred.

To start, the zkSNARK scheme requires parameter and verification scheme generation for each circuit. However, this process produces "toxic waste" which should not be disclosed to anyone.

A proven approach to get the public parameters and verification keys for circuits is to involve a group of people in the Multi-Party Computation (MPC) process. As long as a single participant in this scheme is honest, the process is considered secure.

The verification keys are in fact a collection of encrypted parameters such as secret coefficients and a point where the polynomials are evaluated and checked during proof generation and verification.

Some of these parameters (so called powers of tau) do not actually depend on the circuit itself and can be reused between different circuits or even completely different projects. Since this scheme has a "one of many" security threshold, using an external input already tested in different protocols is a good idea.

The final parameters are then hardcoded into the verifying smart contracts and deployed to all chains. The corresponding proving keys are stored inside the web application and relayer and the application is ready to go!

zkBob Trusted Ceremony Process

zkBob launch is a multi-phase process initiated by the team and completed by the community. Phases 1 & 2 have already been accomplished to launch the MVP product.

Phase 3 will involved the greater community to provide additional entropy, decentralization, and safety as only a single participant must be honest to ensure a secure application.

  1. Adds additional entropy in the form of a future block hash

  2. Runs compute constrained with entropy.

  1. Generate radix files by providing the last response from phase 1 to the circuit library. This process can take several hours and requires RAM 2x the size of the response file.

  2. Multi-Party Computation (MPC) parameter generation: Generate circuit parameters and additional metadata required for ceremony coordination.

  3. MPC contributions to add additional forms of entropy. Each contributor shares the output of this step with the coordinator.

  4. Export fawkes-compatible parameters.

  5. Get verification key for each circuit (transfer and tree).

  6. Launch application.

    1. Deploy verification contracts and zkBOB contract.

    2. Copy params files (*.bin and JSONs) to the relayer’s system.

    3. Deploy UI.

Phase 3: Community Participation

To facilitate wide community participation, a dedicated web application will coordinate the trusted setup. Steps to produce final parameters:.

  1. Community members access the web application dedicated to the ceremony. The web application consists of:

    1. Single Page Application (SPA) with embedded wasm code for contribution.

    2. A database to store contribution history.

    3. An external storage for contributions.

  2. A user may choose to authenticate using different credentials such as twitter, github, metamask etc or stay anonymous.

  3. Contributors:

    1. Download latest parameters from storage.

    2. Provide entropy as a random string.

  4. The SPA calls the wasm code ( phase2/ contribute ) to apply provided entropy to the parameters.

  5. The result is verified and saved when successful.

  6. The user is provided with a hash of the contribution which can be used to verify against the intermediate contributions and the final result, proving that any particular contribution was indeed included in the final result.

  7. A new verifier contract is generated using the final result.

Ceremony Inputs and Outputs

The Ceremony input:

  • Powers of tau files

  • Transfer and tree circuit written with the bellman library

  • Random contributions from community members

The Ceremony output:

  • MPC results (contribution hashes, contributions, collection of intermediate results)

  • Transfer verifier circuit parameters (tx_params.bin)

  • Transfer verifier circuit verification key (tx_vk.json)

  • Transfer verification contract (transfer_verifier.sol)

  • Tree verifier circuit parameters (tree_params.bin)

  • Tree verifier circuit verification key (tree_vk.json)

  • Tree verifier contract (tree_update_verifier.sol)

This process is known as a Trusted Setup Ceremony and it was formalized in the following paper: .

The can be used as a starting point. However, to provide increased security, anyone with an internet connection can also participate in the community phase of the ceremony, during which additional circuit specific parameters are created and mingled together amongst different parties.

Phase 1: Generate Proving and Verification Keys

An existing pre-generated set of parameters along with an additional secret input is used to generate proving and verification keys. To produce this, the contributing group:

Downloads latest phase 1 contribution from Perpetual powers of tau:

Phase 2: Create Circuit Parameters and MVP Launch

Processes use a dedicated to create the transfer verifier and tree update verifier circuits. High-level steps below describe the processes completed by the coordinator. Step 3 involves an independent & distributed group of contributors to create additional entropy.

Test in the repo.

Generate verification contracts (transfer_verifier.sol and tree_update_verifier.sol) using the repo.

👩‍🏫
✅
✅
Scalable Multi-party Computation for zk-SNARK Parameters in the Random Beacon Model
Perpetual Powers of Tau Community Process
https://github.com/weijiekoh/perpetualpowersoftau/
https://ppot.blob.core.windows.net/public/response_0071_edward
circuit library
libzeropool
libzeropool