Loopring Starts zkSNARK Trusted Setup Multi-Party Computation Ceremony

Brecht Devos
Nov 12, 2019 · 3 min read

Headquarters for the ceremony is at https://loopring.org/#/ceremony, where participants and observers can keep up with the progress. This is the final step before the Loopring v3 beta will be used in production!

Image for post
Image for post

Why is the ceremony necessary?

Loopring 3.0 relies on zkSNARKs to perform off-chain heavy-lifting computations and only pushes data on-chain with succinct ZK proofs for efficient verification. For every circuit used in the protocol, we need to generate proving and verification keys. These keys are, as you can deduce from the names, used to generate proofs and to verify proofs.

The problem is that when generating these keys, a piece of data called toxic waste must be thrown away, otherwise, it can be used to generate fake proofs which would make the protocol insecure.

This is where the trusted setup multi-party computation ceremony comes in. In this ceremony, the trusted setup is done by multiple people. The protocol is secure as long as just one person from each phase deletes his/her toxic waste.

Two Phases

There are two phases for the ceremony. Phase 1 is the Perpetual Powers of Tau Ceremony that can be forever on-going and used by all circuits. Loopring has participated in phase 1 already. Phase 2 is circuit-specific and needs to be done for each circuit in the Loopring protocol. To generate fake proofs, one must recover all toxic waste from all participants of phase 1 and phase 2.

Image for post
Image for post
Image borrowed from Wei Jie Koh’s post with modification.

Loopring’s (Phase 2) Ceremony

We will start the phase 2 ceremony on top of the 11th round of phase 1. We will do an additional phase 1 contribution with a random beacon using the Bitcoin block hash at block height 602168 as announced beforehand on Twitter. The resulting data will form the base for Loopring’s phase 2.

Each participant will need to download a file of about 75GB. This data is then used to run some computations taking around 12 hours to complete on a modern computer. The result is a new file which is around 75GB and includes the participant’s contribution. This new file then needs to be uploaded so new participants can build upon it.

Phase 2 of the ceremony can also run indefinitely just like phase 1. Once we feel we have enough participants, for example, 6 to 8, we will generate the necessary keys so that protocol 3.0 beta4 can be used in production. Later on, as needed, we can generate new keys at a point when even more people have contributed.

If you’d like to participate, please let us know! For more technical details about the process, please check our GitHub repo. To learn about the overall progress, please visit our website.

Note that the order of participation in the above web page is provisional and will likely be changed after each round based on people’s availability.


We’d like to thank Koh Wei Jie, Kobi Gurkan, and BarryWhiteHat for running phase 1 of the trusted ceremony. We also thank Kobi Gurkan, Matter Labs, and Sean Bowe for writing most of the code that is used for running these trusted setup phases. And lastly, we‘d like to thank Zcash for basically creating all the technology that is utilized here.

Loopring is a protocol for building high-performance, non-custodial, orderbook-based exchanges on Ethereum. You can sign up for our Bi-Weekly Update, learn more at Loopring.org, or check out our:


Loopring Protocol

Loopring Official Blog

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store