Trusted setup for Mithril Halo2 SNARKs #2800
Description
Why
Halo2 circuits rely on a trusted setup (aka powers of tau) which is generated with a specific multi-party ceremony.
The trusted setup ceremony requires consideration of the following points:
- Powers of Tau: The number of required powers of tau is equivalent to the number of constraints. A higher number of powers of tau increases the risk related to the discrete logarithm problem.
- Reusing Existing Setup: Should we utilize the same trusted setup as Midnight?
- Ceremony Execution: Will we conduct our own trusted setup ceremony?
What
Identify the adequate trusted setup for Mithril Halo2 circuits
How
- Identify and select the trusted setup we will use for the Mithril circuits
- Participate in the ceremony to enhance the trust we can have in the setup
Seen with @iquerejeta:
Refreshing powers of tau: https://github.com/midnightntwrk/midnight-trusted-setup ; nodes in midnight will download this SRS and store it (and cut it to the size needed). A Cardano ecosystem project is running its own ceremony. Might be the one used by Cardano ecosystem, funded by Catalyst. (Also has lower power of tau 2^24 which means more bits of security)