# KZG Trusted Setup

Because Axiom uses the Halo2 proving system with the [KZG](https://dankradfeist.de/ethereum/2020/06/16/kate-polynomial-commitments.html) polynomial commitment scheme, all Axiom ZK circuits rely on a one-time universal [trusted setup](https://vitalik.ca/general/2022/03/14/trustedsetup.html) (also known as a powers-of-tau ceremony). This is the same kind of ceremony that the Ethereum Foundation is [performing](https://blog.ethereum.org/2023/01/16/announcing-kzg-ceremony) in preparation for EIP-4844 (aka proto-danksharding). 

The Axiom circuits are larger and require a larger setup than the one used for EIP-4844. They use the existing [perpetual powers-of-tau ceremony](https://github.com/privacy-scaling-explorations/perpetualpowersoftau) used in production by [Semaphore](https://medium.com/coinmonks/to-mixers-and-beyond-presenting-semaphore-a-privacy-gadget-built-on-ethereum-4c8b00857c9b) and [Hermez](https://www.reddit.com/r/ethereum/comments/iftos6/powers_of_tau_selection_for_hermez_rollup/), specifically this [challenge](https://github.com/privacy-scaling-explorations/perpetualpowersoftau/blob/master/0077_yi_response/README.md).  The [challenge file](https://pse-trusted-setup-ppot.s3.eu-central-1.amazonaws.com/challenge_0078) was converted from its original format compatible with `snarkjs` and the Groth16 proof system to a format usable by halo2 using our [open-source code](https://github.com/axiom-crypto/phase2-bn254/blob/halo2/powersoftau/src/bin/convert_to_halo2.rs).

To verify the conversion of the file [`challenge_0078`](https://pse-trusted-setup-ppot.s3.eu-central-1.amazonaws.com/challenge_0078), download the file and run:

{% code fullWidth="true" %}

```bash
git clone https://github.com/axiom-crypto/phase2-bn254.git
cd phase2-bn254
git switch halo2 
# https://github.com/axiom-crypto/phase2-bn254/commit/0bd58f1311bdb54329686e4d0914006d602e0082
cd powersoftau

wget https://pse-trusted-setup-ppot.s3.eu-central-1.amazonaws.com/challenge_0078

cargo build --release --bin convert_to_halo2
time cargo run --release --bin convert_to_halo2 -- challenge_0078 28 2097152
```

{% endcode %}

To reduce the time of conversion, only the the first `2^25` powers were converted. For the convenience of future developers using halo2, the resulting halo2-compatible trusted setup files are hosted below (`k` means `2^k` powers of tau):

<table><thead><tr><th width="98">k</th><th>Link</th><th data-hidden></th></tr></thead><tbody><tr><td>15</td><td><a href="https://axiom-crypto.s3.amazonaws.com/challenge_0078/kzg_bn254_15.srs">https://axiom-crypto.s3.amazonaws.com/challenge_0078/kzg_bn254_15.srs</a></td><td></td></tr><tr><td>16</td><td><a href="https://axiom-crypto.s3.amazonaws.com/challenge_0078/kzg_bn254_16.srs">https://axiom-crypto.s3.amazonaws.com/challenge_0078/kzg_bn254_16.srs</a></td><td></td></tr><tr><td>17</td><td><a href="https://axiom-crypto.s3.amazonaws.com/challenge_0078/kzg_bn254_17.srs">https://axiom-crypto.s3.amazonaws.com/challenge_0078/kzg_bn254_17.srs</a></td><td></td></tr><tr><td>18</td><td><a href="https://axiom-crypto.s3.amazonaws.com/challenge_0078/kzg_bn254_18.srs">https://axiom-crypto.s3.amazonaws.com/challenge_0078/kzg_bn254_18.srs</a></td><td></td></tr><tr><td>19</td><td><a href="https://axiom-crypto.s3.amazonaws.com/challenge_0078/kzg_bn254_19.srs">https://axiom-crypto.s3.amazonaws.com/challenge_0078/kzg_bn254_19.srs</a></td><td></td></tr><tr><td>20</td><td><a href="https://axiom-crypto.s3.amazonaws.com/challenge_0078/kzg_bn254_20.srs">https://axiom-crypto.s3.amazonaws.com/challenge_0078/kzg_bn254_20.srs</a></td><td></td></tr><tr><td>21</td><td><a href="https://axiom-crypto.s3.amazonaws.com/challenge_0078/kzg_bn254_21.srs">https://axiom-crypto.s3.amazonaws.com/challenge_0078/kzg_bn254_21.srs</a></td><td></td></tr><tr><td>22</td><td><a href="https://axiom-crypto.s3.amazonaws.com/challenge_0078/kzg_bn254_22.srs">https://axiom-crypto.s3.amazonaws.com/challenge_0078/kzg_bn254_22.srs</a></td><td></td></tr><tr><td>23</td><td><a href="https://axiom-crypto.s3.amazonaws.com/challenge_0078/kzg_bn254_23.srs">https://axiom-crypto.s3.amazonaws.com/challenge_0078/kzg_bn254_23.srs</a></td><td></td></tr><tr><td>24</td><td><a href="https://axiom-crypto.s3.amazonaws.com/challenge_0078/kzg_bn254_24.srs">https://axiom-crypto.s3.amazonaws.com/challenge_0078/kzg_bn254_24.srs</a></td><td></td></tr><tr><td>25</td><td><a href="https://axiom-crypto.s3.amazonaws.com/challenge_0078/kzg_bn254_25.srs">https://axiom-crypto.s3.amazonaws.com/challenge_0078/kzg_bn254_25.srs</a></td><td></td></tr></tbody></table>