Axiom V2 Docs Old
  • Introduction
    • What is Axiom?
    • Quickstart
  • Examples
    • Autonomous Airdrop
      • AxiomREPL Code
      • Contract
      • Web App
      • DataQuery-only Version
  • Developers
    • Axiom for Developers
    • Specifying a Query into Axiom
    • AxiomREPL
      • AxiomREPL Examples
    • Exporting a Client Side Prover
    • Handling Axiom Callbacks
    • Common Issues
      • Callback Debugging
  • SDK and REPL Reference
    • Axiom SDK Reference
      • QueryBuilderV2
      • Data Subqueries
        • Header Subquery
        • Account Subquery
        • Storage Subquery
        • Transaction Subquery
        • Receipt Subquery
        • Solidity Nested Mapping Subquery
    • AxiomREPL Reference
      • Circuit Types
      • Circuit Functions
      • Data Functions
      • Compute Functions
  • Protocol Design
    • Architecture Overview
    • Caching Block Hashes
    • Axiom Query Protocol
      • Axiom Query Format
    • ZK Circuits for Axiom Queries
    • Ethereum On-chain Data
    • Guardrails
  • Transparency and Security
    • KZG Trusted Setup
    • Contract Addresses
    • On-chain ZK Verifiers
    • Security
  • Zero Knowledge Proofs
    • Introduction to ZK
    • ZK Examples
    • Getting Started with halo2
    • halo2-repl
  • Additional Resources
    • Axiom V2 Explorer
    • Github
    • Website
    • Telegram
    • Discord
    • Axiom V1 Docs
Powered by GitBook
On this page
  1. Transparency and Security

KZG Trusted Setup

The perpetual powers of tau trusted setup used in our ZK proofs.

PreviousGuardrailsNextContract Addresses

Last updated 1 year ago

Because Axiom uses the Halo2 proving system with the polynomial commitment scheme, all Axiom ZK circuits rely on a one-time universal (also known as a powers-of-tau ceremony). This is the same kind of ceremony that the Ethereum Foundation is in preparation for EIP-4844 (aka proto-danksharding).

The Axiom circuits are larger and require a larger setup than the one used for EIP-4844. They use the existing used in production by and , specifically this . The was converted from its original format compatible with snarkjs and the Groth16 proof system to a format usable by halo2 using our .

To verify the conversion of the file , download the file and run:

git clone https://github.com/axiom-crypto/phase2-bn254.git
cd phase2-bn254
git switch halo2 
# https://github.com/axiom-crypto/phase2-bn254/commit/0bd58f1311bdb54329686e4d0914006d602e0082
cd powersoftau

wget https://pse-trusted-setup-ppot.s3.eu-central-1.amazonaws.com/challenge_0078

cargo build --release --bin convert_to_halo2
time cargo run --release --bin convert_to_halo2 -- challenge_0078 28 2097152

To reduce the time of conversion, only the the first 2^25 powers were converted. For the convenience of future developers using halo2, the resulting halo2-compatible trusted setup files are hosted below (k means 2^k powers of tau):

k
Link

15

16

17

18

19

20

21

22

23

24

25

KZG
trusted setup
performing
perpetual powers-of-tau ceremony
Semaphore
Hermez
challenge
challenge file
open-source code
challenge_0078
https://axiom-crypto.s3.amazonaws.com/challenge_0078/kzg_bn254_15.srs
https://axiom-crypto.s3.amazonaws.com/challenge_0078/kzg_bn254_16.srs
https://axiom-crypto.s3.amazonaws.com/challenge_0078/kzg_bn254_17.srs
https://axiom-crypto.s3.amazonaws.com/challenge_0078/kzg_bn254_18.srs
https://axiom-crypto.s3.amazonaws.com/challenge_0078/kzg_bn254_19.srs
https://axiom-crypto.s3.amazonaws.com/challenge_0078/kzg_bn254_20.srs
https://axiom-crypto.s3.amazonaws.com/challenge_0078/kzg_bn254_21.srs
https://axiom-crypto.s3.amazonaws.com/challenge_0078/kzg_bn254_22.srs
https://axiom-crypto.s3.amazonaws.com/challenge_0078/kzg_bn254_23.srs
https://axiom-crypto.s3.amazonaws.com/challenge_0078/kzg_bn254_24.srs
https://axiom-crypto.s3.amazonaws.com/challenge_0078/kzg_bn254_25.srs