OBrezhniev
commented
1 year ago Hi @jcqjamesbond
These blog posts can give you some understanding of trusted setup ceremonies: https://blog.hermez.io/hermez-zero-knowledge-proofs/ https://blog.hermez.io/hermez-trusted-setup-phase-2/ https://blog.hermez.io/finishing-hermez-trusted-setup-ceremony/
You don't need to do these ceremonies. First phase (Perpetual Powers of Tau) is universal for all circuits. We are using ptau files generated for Hermez. Second phase is circuit specific, and needs to be run each time circuit changes. You can see details of this setup phase for our current circuits here: https://github.com/iden3/phase2ceremony
For the next release of Polygon ID & iden3 protocol we at iden3 will do this ceremony again, because there will be changes to the circuits. Anyone can participate, so if you are interested, you can leave you contact details and we will contact you to do a contribution. The more contributions done - the better, because as long as at least one participant is honest and destroys the toxic values, the whole system stays secure.
Witness file is generated from public and private inputs of the circuit by a special program called witness calculator (which is generated by circom for each specific circuit). In case of a mobile wallet, witness and proof (based on this witness and using proving key - zkey) is generated on the mobile. Then proof together with public inputs is given to the verifier, which can verify their correctness using a verification key. All of these trusted setup artifacts are public, in the repo I mentioned.
Hi Kaleido-iden3 team members: we have several questions when executing the demo in https://github.com/iden3/snarkjs