ebfull / powersoftau Goto Github PK

In order to make it easier for participants to follow "Eliminating the possibility of backdoors with high probability", it would be good if the system RNG could be disabled so that only user-provided entropy is used.

The user would then be able to record the input entropy in randomly-chosen N-1 of N compute runs and verify that no tampering took place using alternative software and environments.

Something like --disable-rng or --without-rng?

Since measuring entropy is kind of difficult/onerous, I'm tempted to say that only the most basic checks should be used (number of input characters), and leave the rest up to the user?

I'm interested in seeing if it's possible to leverage the powers of tau as they exist in the zcash downloads for constructing the reference string needed in KZG10.

KZG10 is constructed via pairings meaning it needs a reference string in bls12381 G1 and g^alpha in G2.

After speaking with @ebfull the G1 portion can be extracted from the h parameter here, but the question still remains as to where / how to extract g^alpha in G2.

Any insight would be greatly appreciated

the original snarkjs setup is too slow. consider support bn128?

I know that the trusted setup requires random numbers and circuits to be used together, and if the random numbers are not random enough or leaked, the entire zkp may have security risks

And I also know that zcash held the powers of tau ceremony in 2017, and more than 90 people participated, and generated this random number (in theory as long as one person deletes the original data, we are safe enough now )

But I want to ask:

1. Why multi-party secure computing can be expanded from six people to more than 90 people, and as long as one of these 90 people deletes the original data, we are safe enough

2. In powersoftau, are we using the public random number they generated at the time and we are enhancing its security every time we use it?
   This is an interesting question, because I know that during ceremony, someone even ran into a helicopter to generate numbers, in order to prevent themselves from being attacked and eavesdropped, what a crypto world!

3. I see that the initialization of snarkjs needs to use powersoftau, so are we contributing every time we generate random numbers? What is the relationship between these two projects before, or is it just a simple call, if necessary, I can also take a look at the source code myself

All in all, I am deeply attracted by cryptography and look forward to the future that zkp can create, not just privacy and scale

Hope you guys can answer my question or even give me some information for my own research

I'm having trouble locating the code that zeroes memory containing the seed that is is computed in src/bin/compute.rs.

As far as I can tell the following bytes need to be zeroed so the value isn't leaked after the program terminates:

• the private key
• bytes gathered from OsRng (r)
• the text entered by the user (user_input)
• the hash computed from the previous two (h)
• the buffer seed that holds a copy of h (digest is only a pointer as far as I can tell)
• rng, the ChaChaRng that is created from that seed
• possibly some temporary variables in keypair(...) and Accumulator::transform(...)

can i change some parameters to support >2^22 circuit?