To create tooling for trusted setup ceremonies to simplify the process and make it easier to bring larger numbers of participants, thereby increasing the trust in the process
To create a maximally useful Phase 1 trusted setup that can be used by as many projects as possible
To replace Tornado’s current trusted setup with a new one derived from this Phase 1, and then lock the contract open to prevent any future changes
Trusted Setup Background
Wei Jie is currently leading a Perpetual Powers of Tau ceremony which has 18 participants so far
There is a Phase 1 and a Phase 2 trusted setup ceremony required for all zk-SNARK projects
The Perpetual Powers of Tau can only replace Phase 1
Each project must complete their own Phase 2
The security of a trusted setup is the weaker of Phase 1 + Phase 2
e.g. if Phase 1 has 3 participants and and Phase 2 has 150, the extra participants in Phase 2 aren’t really contributing much security
The Phase 1 ceremony that WJ is leading is Heavy, meaning that it can be used for the maximum 2^28 powers of tau and 260 million constraints, which means it can be used for even the most complex of zk-SNARK projects(e.g. Loopring)
Being Heavy means that the process is slower, because each participant needs to download ~100GB, upload ~50GB, and perform a slow computation(12-24 hours) which has taken roughly 3-5 days per participant(6-10 new participants per month)
Being Heavy means that most projects will be able to use it
It is possible to fork off of the Heavy Perpetual Powers of Tau Phase 1 ceremony at any point and switch to a Light Phase 1 ceremony which could have a much smaller file size and thus take place much more quickly
The Light Phase 1 will only be able support less complex zk-SNARK projects, but would work for Tornado Cash
Phase 2 of the trusted setup ceremony can be done much faster(e.g. 1 min per person) and thus benefits far more from a UI to coordinate
Note - Phase 2 can also take longer per person if the zk-SNARK is complex, the 1 min per person above is for Tornado’s fast circuits
Phase 1 Heavy would need additional modifications in order for a UI to be able to coordinate, largely around the infrastructure around downloading / uploading 50-100GB of data
Current Status
MPC Source Code
Kobi has completed the code updates to re-purpose the Aztec Ignition ceremony
UI Work For Trusted Setup Ceremony(Phase 1 Light + Phase 2 only)
Brian Gu is leading UI development for a more general solution
Repurposing Aztec Ignition
Aiming to have something testable by this weekend
Roman Semenov is leading UI development for a Tornado-specific solution
Will discuss details of this project next week
Eta 2-4 weeks
MPC Audit
Kobi is currently looking for auditors for the updated MPC code for the Phase 1 + Phase 2 trusted setup ceremonies
there is a small chance that a mistake in Phase 1 is found and needs to be discarded
if ^ this happens, Tornado would opt-to use Phase 1 Light from the beginning instead of starting from 0 with Phase 1 Heavy, in an effort to save time
Once the auditor is found, we need to provide funding and start the auditing process ASAP
Moloch can help provide initial funding if timing is critical(ideally EF would follow on later) or cover the whole thing if the cost is reasonable(probably $20-40K)
Eta for a completed audit is 2 months(find, fund, complete)
The MPC Audit is currently the blocker(the UI should take less time)
There are likely some additional fixes that need to be made as a result of the audit
Roadmap
Once the UI and MPC Audit are complete, only then can the Phase 1 Light + Phase 2 parts of the trusted setup ceremonies begin
Tornado aims to get 100 people in each of phase 1 and phase 2, and coordinating this will likely take another 2-4 weeks after UI / MPC Audit are complete
Adding it all together, I estimate ~3-4 months before we have robust trusted setup and can remove the tornado cash admin privileges
Extra Credit—Circom-Lib Audit
Suggestion from Roman Semenov - Get a second audit on Circom-Lib(check with Barry) before locking the smart contract open(removing tornado team as operator)
$300K in the contract so far
The team is worried that there are still bugs and if they lock the contract open they won’t be able to upgrade to fix anything
Some of the bugs have been in the dependency libraries(Circom-Lib)
Kobi - Circuits audits are hard, there are no specialized auditors and Zcash had a huge budget for them. Some bugs weren’t found by previous auditors, but by some automated tools
Current Goals
Trusted Setup Background
Current Status
MPC Source Code
UI Work For Trusted Setup Ceremony (Phase 1 Light + Phase 2 only)
MPC Audit
Roadmap
Extra Credit—Circom-Lib Audit