Trusted setup

The whole nature of a zero knowledge protocol depends on there being secret values that the prover does have full knowledge of
"I have a proof" OK TEST WITH RANDOM INPUTS TO PROVE IT
Simple ones don't scale at millions
Goal is to create a proof once, and anyone can come and test against it
This is => N = Noninteractive in sNark
Doesn’t require a back and forth
Input needs to be treated as random
Parameters need to be created in a way that no one should know what they are
Process for this is called the trusted set up
There is a video on this - ask Porcu about this
Circuit is the input to the trusted setup
Software that is deterministic for how values will flow through arithmetic operations
Circuit needs to be correct
THIS is what gets audited
First, need a non-circuit proof
The thing actually makes sense (to a person?)
Without this, we can't then make a circuit that will actually do something useful
Then we make a circuit
Write the spec, software
Internal audit
on the spec
on the code implementing the spec
External audit
As above, but additional software considerations
Then circuit is good
Begin trusted setup
Time can force us to start the trusted setup <2 weeks before end of audits
Trusted setup process (help Jake (dev) to do this)
Recruit people through some means - JV
Scheduling them so they know what to do and when
Download the bucket (output of the previous person setup)
Do verification
Perform some operation (an hour+)
Create checksums, sign messages saying they did specific operations to make it auditable, traceable, verifiable
Send back outputs to coordinator
Get rid of any trace of toxic waste
Toxic waste = residual randomness that needs to be disposed off
Validate that the secret was applied correctly (without knowing the secret)
Then send this on to the next person
Get parameters
Publish parameters
If people don't use the same parameters, then it won't work. Consensus will agree these are the right parameters to use.

Notes from Deep - lessons learned

Trusted setup