search
HomepageDemoGitHub ↗Early Partner Program ↗

KZG Trusted Setup

For those who want to know about our production setup

For those new to ZK, we recommend skipping this section on first read.

Since we are using the Halo2 proving system with the KZGarrow-up-right polynomial commitment scheme, all of our circuits rely on a one-time universal trusted setuparrow-up-right (also known as a powers-of-tau ceremony). This is the same kind of ceremony that Ethereum is performing right nowarrow-up-right in preparation for EIP-4844 (aka proto-danksharding).

Due to the size of our circuits, we need a larger setup than the one used for danksharding. Fortunately, there are already existing large trusted setups performed by multi-party computations. We use the perpetual powers-of-tau ceremonyarrow-up-right used in production by Semaphorearrow-up-right and Hermezarrow-up-right.

In more detail, we used the following challengearrow-up-right from the ceremony. The challenge filearrow-up-right is, however, formatted for use with snarkjs and a different proving system (Groth16). To convert it into a format usable by Halo2, we modified the original Rust code for the ceremony to read in the file, reformat it, and print out a new file. Our modified code is herearrow-up-right. To convert the file challenge_0072arrow-up-right, download the file and run 

cargo run --release --bin convert_to_halo2 challenge_0072 response_beacon 28 8192 [beaconHash] 10

The original powers of tau goes up to 2^28 powers, but to reduce the time of conversion, we only needed the first 2^25 powers. For the convenience of future developers using Halo2, we are publicly hosting the Halo2-compatible trusted setup files below (k means 2^k powers of tau):

k
Link

15

https://axiom-crypto.s3.amazonaws.com/params/kzg_bn254_15.srs

16

https://axiom-crypto.s3.amazonaws.com/params/kzg_bn254_16.srs

17

https://axiom-crypto.s3.amazonaws.com/params/kzg_bn254_17.srs

18

https://axiom-crypto.s3.amazonaws.com/params/kzg_bn254_18.srs

19

https://axiom-crypto.s3.amazonaws.com/params/kzg_bn254_19.srs

20

https://axiom-crypto.s3.amazonaws.com/params/kzg_bn254_20.srs

21

https://axiom-crypto.s3.amazonaws.com/params/kzg_bn254_21.srs

22

https://axiom-crypto.s3.amazonaws.com/params/kzg_bn254_22.srs

23

https://axiom-crypto.s3.amazonaws.com/params/kzg_bn254_23.srs

24

https://axiom-crypto.s3.amazonaws.com/params/kzg_bn254_24.srs

25

https://axiom-crypto.s3.amazonaws.com/params/kzg_bn254_25.srs

PreviousVerifying ZK SNARKS on EthereumNextWhat does Axiom prove?

Last updated