Open kobigurk-clabs opened 3 years ago
The announcement as a file with hash 03b909b9fb7f8f09d44402aac97676b148a84155e801c05e36ed4f988246514e53f89de1e74c88367a30a5e8014d870c4623b077510f15e80fc98cec756a819a
Concretely, we will apply the beacon with a modified version that takes a shortcut rather than verifying the entire transcript, but produces the same output as 1.2.1
.
For reference, the output of Phase 1 is the output of round 8, and the combined contribution has hash d84048c48de5eac702984fc6bee7e10f2853f92f4feef6d649c9d5cb337cefe8928b1ba524859d52940c1df04c183209584a275f69bb689e7765c6f268b53900
.
Value has been obtained!
{"round":923709,"randomness":"57794ada50a068cab08dd4c62866180ef7ffc42b82fa223d7d9e6f910dea6ac9","signature":"866370764c610a37d76c64e6238b38e810d77675271d505a990fbcc7ef04b24fcd202df08ff83dd57b72a90ec9668e34112ed645f393cccef89f57e83e5394a01106bf01a5ed4df46988f42b76ee35d28a70bc923a1b815d28dc02ad8ac2f5ce","previous_signature":"b029859887d232d51638c481b6462620ef47b093bcc0387c63acb493fb07fc8946a72c05cf6afc386defa102d48df06613e6cf9dcd5d6542f864c7dda6177d7a532b15004e12b2dc4b91b2a4da04e99a5c57e7ed908f6e16b3aacf03a13539f3"}
Applying it now.
The beacon has been applied. The resulting file has b2sum
hash of 06d108d8a0abbc4e0c22b2e387cc62ae592a5f25ac04c471037fa027a837c2d5c3f0854682a3269f15276d0dc7b13ef7fb2bc030e35a00bbaa76508919ff5ade
.
As part of the Groth16 Phase 1 setup for Plumo, we apply a public random beacon value as the last contribution. As described in the MMORPG paper, a random beacon is applied to the SRS in order to randomize secret values and prevent adaptive attacks. This value must not be known by the adversary before the contributions finish and they cannot be able to influence it.
While recent works have shown that the random beacon is not required in some models, there's no major downside in applying it.
We will use the drand random beacon, that generates a random value every 30 seconds. At the time of writing, the data returned from the info API call is:
We will take the value at round 923709, which will occur around June 8th 9am UTC and apply it directly using version
1.2.1
ofverify_transcript
in snark-setup-operator.The value will be obtained using the public/{round} API call and will be posted here.
The value can be verified using drand-client, which can be obtained as follows.
Then it can be obtained as follows.
./drand-client --url https://api.drand.sh --chain-hash 8990e7a9aaed2ffed73dbd7092123d6f289930540d7651336225dc172e51b2ce --round 923709
. Note that this call also verifies the value matches the public key and chain.8990e7a9aaed2ffed73dbd7092123d6f289930540d7651336225dc172e51b2ce
is the chain hash of main drand deployment.