KZG Trusted Setup

The perpetual powers of tau trusted setup used in our ZK proofs.

Because Axiom uses the Halo2 proving system with the KZG polynomial commitment scheme, all Axiom ZK circuits rely on a one-time universal trusted setup (also known as a powers-of-tau ceremony). This is the same kind of ceremony that the Ethereum Foundation is performing in preparation for EIP-4844 (aka proto-danksharding).

The Axiom circuits are larger and require a larger setup than the one used for EIP-4844. They use the existing perpetual powers-of-tau ceremony used in production by Semaphore and Hermez, specifically this challenge. The challenge file was converted from its original format compatible with snarkjs and the Groth16 proof system to a format usable by halo2 using our open-source code.

To verify the conversion of the file challenge_0078, download the file and run:

git clone
cd phase2-bn254
git switch halo2 
cd powersoftau


cargo build --release --bin convert_to_halo2
time cargo run --release --bin convert_to_halo2 -- challenge_0078 28 2097152

To reduce the time of conversion, only the the first 2^25 powers were converted. For the convenience of future developers using halo2, the resulting halo2-compatible trusted setup files are hosted below (k means 2^k powers of tau):

Last updated