KZG Trusted Setup

Because Axiom uses the Halo2 proving system with the KZG polynomial commitment scheme, all Axiom ZK circuits rely on a one-time universal trusted setup (also known as a powers-of-tau ceremony). This is the same kind of ceremony that the Ethereum Foundation is performing in preparation for EIP-4844 (aka proto-danksharding).

The Axiom circuits are larger and require a larger setup than the one used for EIP-4844. They use the existing perpetual powers-of-tau ceremony used in production by Semaphore and Hermez, specifically this challenge. The challenge file was converted from its original format compatible with snarkjs and the Groth16 proof system to a format usable by halo2 using our open-source code.

To verify the conversion of the file challenge_0078, download the file and run:

git clone https://github.com/axiom-crypto/phase2-bn254.git
cd phase2-bn254
git switch halo2 
# https://github.com/axiom-crypto/phase2-bn254/commit/0bd58f1311bdb54329686e4d0914006d602e0082
cd powersoftau

wget https://pse-trusted-setup-ppot.s3.eu-central-1.amazonaws.com/challenge_0078

cargo build --release --bin convert_to_halo2
time cargo run --release --bin convert_to_halo2 -- challenge_0078 28 2097152

To reduce the time of conversion, only the the first 2^25 powers were converted. For the convenience of future developers using halo2, the resulting halo2-compatible trusted setup files are hosted below (k means 2^k powers of tau):