KZG Trusted Setup

The perpetual powers of tau trusted setup used in our ZK proofs.

Because Axiom uses the Halo2 proving system with the KZG polynomial commitment scheme, all Axiom ZK circuits rely on a one-time universal trusted setup (also known as a powers-of-tau ceremony). This is the same kind of ceremony that the Ethereum Foundation is performing in preparation for EIP-4844 (aka proto-danksharding).

The Axiom circuits are larger and require a larger setup than the one used for EIP-4844. They use the existing perpetual powers-of-tau ceremony used in production by Semaphore and Hermez, specifically this challenge. The challenge file was converted from its original format compatible with snarkjs and the Groth16 proof system to a format usable by halo2 using our open-source code.

To verify the conversion of the file challenge_0078, download the file and run:

git clone https://github.com/axiom-crypto/phase2-bn254.git
cd phase2-bn254
git switch halo2 
# https://github.com/axiom-crypto/phase2-bn254/commit/0bd58f1311bdb54329686e4d0914006d602e0082
cd powersoftau

wget https://pse-trusted-setup-ppot.s3.eu-central-1.amazonaws.com/challenge_0078

cargo build --release --bin convert_to_halo2
time cargo run --release --bin convert_to_halo2 -- challenge_0078 28 2097152

To reduce the time of conversion, only the the first 2^25 powers were converted. For the convenience of future developers using halo2, the resulting halo2-compatible trusted setup files are hosted below (k means 2^k powers of tau):

k
Link

15

16

17

18

19

20

21

22

23

24

25

Last updated