-
Notifications
You must be signed in to change notification settings - Fork 58
Home
So, you want to participate in the Powers of Tau ceremony? This is a guide that will walk you through the steps, but it's important to go over why the ceremony exists and what the threat model is first.
- Why does the ceremony exist? I highly recommend reading our blog post announcing the ceremony to understand the motivations. In short, zk-SNARKs are awesome, but the parameter setup for them is currently really expensive and risky. Powers of Tau is a ceremony which takes the most expensive parts of parameter setups and performs them in a single, gigantic, communal ceremony for the benefit of all. The result is that individual parameter setups are cheaper and more scalable.
- What is the threat model? How does the ceremony succeed? The ceremony succeeds as long as one participant is successful in destroying some random information they used to participate. Thus, the threat model is an adversary capable of compromising every participant, or every participant being dishonest and colluding with each other. Ensuring a diversity in the approaches each participant takes is essential for reducing the ways in which an adversary could attempt to compromise each participant.
- Who is allowed to participate? Everybody is allowed to participate! We'll be running the ceremony until about February 2018, so that lots of people can contribute. Only one participant goes at a time, and sometimes the process requires several hours, so we need to carefully schedule people. Also, because we're trying to "finish" sometime in February, we'll prioritize reputable people if there are lots of requests to participate.
-
How do I participate? The ceremony is currently coordinated by Sean Bowe. If you're comfortable, you can publicly request to participate on the
zapps-wgmailing list. You can also privately contact Sean ([email protected]) to request to participate.
When it's your turn, you'll be sent a challenge file that's about 1.2 GB in size. You need to run a program on this challenge file, and for that you have a few options:
- There is a program written in Rust that you can use. You can compile this using the Rust compiler.
- You can also compile that program using an alternative Rust compiler and build process.
- You can also use an independent Go implementation of the software.
These programs randomly sample some information (called the toxic waste), read in the challenge file, perform a computation, and spit out a response file. Then, you have to upload the response file to us. We'll send instructions for that as well.
The ceremony succeeds so long as at least one person's toxic waste is destroyed. Some participants might be convinced it's destroyed just by restarting their computer afterward. Others may want to go further:
- You might want to destroy the computer afterward.
- You may want to use DVDs to form an air gap for communicating with the machine.
- You may want to use an auditable process for computing your
responsefile which reduces the risk of the machine being backdoored. - You may want to use someone else's code, or write your own code!
Of course, you can just keep it simple too and just run the standard Rust implementation and restart your computer after you've sent the response file, if you think your machine is not compromised. What's important is that there is diversity in the approaches people take, so that there are fewer ways an adversary could compromise everyone's contribution.
We ask that participants write an attestation afterwards describing what they did and any pertinent hashes of files or code involved. PGP signing and posting to the zapps-wg mailing list is preferred.
Let's say that you've been sent the challenge file. The code is on github. Grab it, and put the challenge file in that directory.
The code is written in Rust, so to compile it, you'll need a Rust compiler. You can run this command inside the powersoftau directory once you have the compiler:
cargo run --release --bin compute
This will start by asking you to supply some extra random information to improve the entropy of the secret randomness your machine samples. It will then perform a large computation that could take an hour or longer.
When the computation is finished, it will spit out a response file and it will print a hash of the response file. This hash is very important: it's the only way you (or others) know that you participated in the ceremony. You're encouraged to post this hash publicly after you're done participating.
You also need to upload the response file to us after you're done. The response and challenge files are not secret, so you are free to publish them, but we will host a mirror of what you upload.
At this point it's your job to make sure the toxic waste was destroyed from the machine. So, do whatever makes you feel comfortable!
If you want to test this process out with a dummy challenge file, you can run cargo run --release --bin new to create one. Just remember to delete the challenge and response files before you actually participate in the ceremony.
We'll need to schedule you in. One way to do this is to post to our mailing list and ask to participate. Give some rough estimate of when you can participate. If you're uncomfortable doing this, you can also privately ask to participate: shoot an email to [email protected] and ask for a time slot.
Once it's your turn, you'll be sent a challenge file and a way to upload the response file when you're done.