Loopring Begins zkSNARK Trusted Setup Multi-Party Computation Ceremony
The 2nd phase of the Trusted Setup for Loopring v3 has begun! Headquarters for the ceremony is at https://loopring.org/#/ceremony, where participants and observers can keep up with the progress. This is the final step before the Loopring v3 beta will be used in production. High-performance orderbook exchanges with Ethereum security are but a ceremony away!
Why is the ceremony necessary?
Loopring 3.0 relies on zkSNARKs to perform off-chain heavy-lifting computations and only pushes data on-chain with succinct ZK proofs for efficient verification. For every circuit used in the protocol, we need to generate proving and verification keys. These keys, as you can deduce from the names, are used to generate proofs and to verify proofs.
The problem is that when generating these keys, a piece of data called toxic waste must be thrown away, otherwise, it can be used to generate fake proofs which would make the protocol insecure.
This is where the trusted setup multi-party computation ceremony comes in. In this ceremony, the trusted setup is done by multiple people. The protocol is secure as long as just one person from each phase deletes his/her toxic waste.
There are two phases for the ceremony. Phase 1 is the Perpetual Powers of Tau Ceremony that can be forever on-going and used by all circuits. Loopring has participated in phase 1 already. Phase 2 is circuit-specific and needs to be done for each circuit in the Loopring protocol. To generate fake proofs, one must recover all toxic waste from all participants of phase 1 and phase 2.
Loopring’s (Phase 2) Ceremony
We started the phase 2 ceremony on top of the 11th round of phase 1. We did an additional phase 1 contribution with a random beacon using the Bitcoin block hash at block height 602168 as announced beforehand on Twitter. The resulting data will form the base for Loopring’s phase 2.
Each participant will need to download a file of about 75GB. This data is then used to run some computations taking around 12 hours to complete on a modern computer. The result is a new file which is around 75GB and includes the participant’s contribution. This new file then needs to be uploaded so subsequent participants can build upon it.
Phase 2 of the ceremony can also run indefinitely just like phase 1. Once we feel we have enough participants, for example, 6 to 8, we will generate the necessary keys so that protocol 3.0 beta4 can be used in production. Later on, as needed, we can generate new keys at a point when much more people have contributed. (~30 participants are in the queue right now).
If you’d like to participate, please let us know! For more technical details about the process & instructions, please check our GitHub repo. To learn about the overall progress, please visit our website. Or for any of the above, just write us on twitter at @loopringorg.
Note that the order of participation in the above web page is provisional and likely to be changed after each round, based on people’s availability. We deeply thank all prospective participants.
We’d like to thank Koh Wei Jie, Kobi Gurkan, and BarryWhiteHat for running phase 1 of the trusted ceremony. We also thank Kobi Gurkan, Matter Labs, and Sean Bowe for writing most of the code that is used for running these trusted setup phases. And lastly, we‘d like to thank Zcash for basically creating all the technology that is utilized here.