# KZG Trusted Setup

Because Axiom uses the Halo2 proving system with the [KZG](https://dankradfeist.de/ethereum/2020/06/16/kate-polynomial-commitments.html) polynomial commitment scheme, all Axiom ZK circuits rely on a one-time universal [trusted setup](https://vitalik.ca/general/2022/03/14/trustedsetup.html) (also known as a powers-of-tau ceremony). This is the same kind of ceremony that the Ethereum Foundation is [performing](https://blog.ethereum.org/2023/01/16/announcing-kzg-ceremony) in preparation for EIP-4844 (aka proto-danksharding). 

The Axiom circuits are larger and require a larger setup than the one used for EIP-4844. They use the existing [perpetual powers-of-tau ceremony](https://github.com/privacy-scaling-explorations/perpetualpowersoftau) used in production by [Semaphore](https://medium.com/coinmonks/to-mixers-and-beyond-presenting-semaphore-a-privacy-gadget-built-on-ethereum-4c8b00857c9b) and [Hermez](https://www.reddit.com/r/ethereum/comments/iftos6/powers_of_tau_selection_for_hermez_rollup/), specifically this [challenge](https://github.com/privacy-scaling-explorations/perpetualpowersoftau/blob/master/0077_yi_response/README.md).  The [challenge file](https://pse-trusted-setup-ppot.s3.eu-central-1.amazonaws.com/challenge_0078) was converted from its original format compatible with `snarkjs` and the Groth16 proof system to a format usable by halo2 using our [open-source code](https://github.com/axiom-crypto/phase2-bn254/blob/halo2/powersoftau/src/bin/convert_to_halo2.rs).

To verify the conversion of the file [`challenge_0078`](https://pse-trusted-setup-ppot.s3.eu-central-1.amazonaws.com/challenge_0078), download the file and run:

{% code fullWidth="true" %}

```bash
git clone https://github.com/axiom-crypto/phase2-bn254.git
cd phase2-bn254
git switch halo2 
# https://github.com/axiom-crypto/phase2-bn254/commit/0bd58f1311bdb54329686e4d0914006d602e0082
cd powersoftau

wget https://pse-trusted-setup-ppot.s3.eu-central-1.amazonaws.com/challenge_0078

cargo build --release --bin convert_to_halo2
time cargo run --release --bin convert_to_halo2 -- challenge_0078 28 2097152
```

{% endcode %}

To reduce the time of conversion, only the the first `2^25` powers were converted. For the convenience of future developers using halo2, the resulting halo2-compatible trusted setup files are hosted below (`k` means `2^k` powers of tau):

<table><thead><tr><th width="98">k</th><th>Link</th><th data-hidden></th></tr></thead><tbody><tr><td>15</td><td><a href="https://axiom-crypto.s3.amazonaws.com/challenge_0078/kzg_bn254_15.srs">https://axiom-crypto.s3.amazonaws.com/challenge_0078/kzg_bn254_15.srs</a></td><td></td></tr><tr><td>16</td><td><a href="https://axiom-crypto.s3.amazonaws.com/challenge_0078/kzg_bn254_16.srs">https://axiom-crypto.s3.amazonaws.com/challenge_0078/kzg_bn254_16.srs</a></td><td></td></tr><tr><td>17</td><td><a href="https://axiom-crypto.s3.amazonaws.com/challenge_0078/kzg_bn254_17.srs">https://axiom-crypto.s3.amazonaws.com/challenge_0078/kzg_bn254_17.srs</a></td><td></td></tr><tr><td>18</td><td><a href="https://axiom-crypto.s3.amazonaws.com/challenge_0078/kzg_bn254_18.srs">https://axiom-crypto.s3.amazonaws.com/challenge_0078/kzg_bn254_18.srs</a></td><td></td></tr><tr><td>19</td><td><a href="https://axiom-crypto.s3.amazonaws.com/challenge_0078/kzg_bn254_19.srs">https://axiom-crypto.s3.amazonaws.com/challenge_0078/kzg_bn254_19.srs</a></td><td></td></tr><tr><td>20</td><td><a href="https://axiom-crypto.s3.amazonaws.com/challenge_0078/kzg_bn254_20.srs">https://axiom-crypto.s3.amazonaws.com/challenge_0078/kzg_bn254_20.srs</a></td><td></td></tr><tr><td>21</td><td><a href="https://axiom-crypto.s3.amazonaws.com/challenge_0078/kzg_bn254_21.srs">https://axiom-crypto.s3.amazonaws.com/challenge_0078/kzg_bn254_21.srs</a></td><td></td></tr><tr><td>22</td><td><a href="https://axiom-crypto.s3.amazonaws.com/challenge_0078/kzg_bn254_22.srs">https://axiom-crypto.s3.amazonaws.com/challenge_0078/kzg_bn254_22.srs</a></td><td></td></tr><tr><td>23</td><td><a href="https://axiom-crypto.s3.amazonaws.com/challenge_0078/kzg_bn254_23.srs">https://axiom-crypto.s3.amazonaws.com/challenge_0078/kzg_bn254_23.srs</a></td><td></td></tr><tr><td>24</td><td><a href="https://axiom-crypto.s3.amazonaws.com/challenge_0078/kzg_bn254_24.srs">https://axiom-crypto.s3.amazonaws.com/challenge_0078/kzg_bn254_24.srs</a></td><td></td></tr><tr><td>25</td><td><a href="https://axiom-crypto.s3.amazonaws.com/challenge_0078/kzg_bn254_25.srs">https://axiom-crypto.s3.amazonaws.com/challenge_0078/kzg_bn254_25.srs</a></td><td></td></tr></tbody></table>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://intrinsic-1.gitbook.io/axiomv2-sdk/transparency-and-security/kzg-trusted-setup.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.