Notes from Deep - lessons learned

Created

Feb 28, 2022 3:00 PM

Trusted setup

The whole nature of a zero knowledge protocol depends on there being secret values that the prover does have full knowledge of
"I have a proof" OK TEST WITH RANDOM INPUTS TO PROVE IT
Simple ones don't scale at millions
Goal is to create a proof once, and anyone can come and test against it
This is => N = Noninteractive in sNark
Doesn’t require a back and forth
Input needs to be treated as random
Parameters need to be created in a way that no one should know what they are
Process for this is called the trusted set up
There is a video on this - ask Porcu about this
Circuit is the input to the trusted setup
Software that is deterministic for how values will flow through arithmetic operations
Circuit needs to be correct
THIS is what gets audited
First, need a non-circuit proof
The thing actually makes sense (to a person?)
Without this, we can't then make a circuit that will actually do something useful
Then we make a circuit
Write the spec, software
Internal audit
on the spec
on the code implementing the spec
External audit
As above, but additional software considerations
Then circuit is good
Begin trusted setup
Time can force us to start the trusted setup <2 weeks before end of audits
Trusted setup process (help Jake (dev) to do this)
Recruit people through some means - JV
Scheduling them so they know what to do and when
Download the bucket (output of the previous person setup)
Do verification
Perform some operation (an hour+)
Create checksums, sign messages saying they did specific operations to make it auditable, traceable, verifiable
Send back outputs to coordinator
Get rid of any trace of toxic waste
Toxic waste = residual randomness that needs to be disposed off
Validate that the secret was applied correctly (without knowing the secret)
Then send this on to the next person
Get parameters
Publish parameters
If people don't use the same parameters, then it won't work. Consensus will agree these are the right parameters to use.

Trusted setup

The whole nature of a zero knowledge protocol depends on there being secret values that the prover does have full knowledge of

"I have a proof" OK TEST WITH RANDOM INPUTS TO PROVE IT

Simple ones don't scale at millions

Goal is to create a proof once, and anyone can come and test against it

This is => N = Noninteractive in sNark

Doesn’t require a back and forth

Input needs to be treated as random

Parameters need to be created in a way that no one should know what they are

Process for this is called the trusted set up

There is a video on this - ask Porcu about this

Circuit is the input to the trusted setup

Software that is deterministic for how values will flow through arithmetic operations

Circuit needs to be correct

THIS is what gets audited

First, need a non-circuit proof

The thing actually makes sense (to a person?)

Without this, we can't then make a circuit that will actually do something useful

Then we make a circuit

Write the spec, software

Internal audit

on the spec

on the code implementing the spec

External audit

As above, but additional software considerations

Then circuit is good

Begin trusted setup

Time can force us to start the trusted setup <2 weeks before end of audits

Trusted setup process (help Jake (dev) to do this)

Recruit people through some means - JV

Scheduling them so they know what to do and when

Download the bucket (output of the previous person setup)

Do verification

Perform some operation (an hour+)

Create checksums, sign messages saying they did specific operations to make it auditable, traceable, verifiable

Send back outputs to coordinator

Get rid of any trace of toxic waste

Toxic waste = residual randomness that needs to be disposed off

Validate that the secret was applied correctly (without knowing the secret)

Then send this on to the next person

Get parameters

Publish parameters

If people don't use the same parameters, then it won't work. Consensus will agree these are the right parameters to use.