Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Using zkSNARKs a trusted setup is required to generate prover and verifier keys. As part of this setup, a toxic parameter lambda is generated. If a party gets access to this lambda, they can prove anything. This means people using zKSNARKs usually have an elaborate MPC ceremony to ensure this parameter doesn't get discovered.
1. In MVP, do it ourselves or with a very KISS small-time ceremony
Assuming the only impact is a spammable network, that's strictly better than what we have now.
2. Do an ambassador program open signup MPC
Together with marketing and more significant spend, similar to Zcash Sapling and AZTEC. Probably overkill for now.
3. Collaborate with more parties on it
Once the basic concepts have been proven (rate limiting, etc). Assumes re-use doable.
4. Use other ZKP technology
Requires understanding blockers much better. E.g. tooling exists for zkSNARKS and it works with Ethereum today. STARKs verification requires a lot of gas, and proof size is bigger than a message.
Worth looking into e.g. how AZTEC works, and recent Zcash research (HALO, Bulletproof?).
I think fi you break the trsuted setup you can spam the network. So you can definetly recover from this. So probably donsnt need to be high priority. You dont lose any privacy.
The ceremony for groth16 (what we all use now) has two phases, Phase 1 is generla and phase 2 is circuit specific. We are running Phase 1 now and will run it for a long time so you can joni anytime. Phase 2 we will run for semaphore but you will probably use a differnt version of semaphore so will need to re run it then.