Verifying RISC Zero’s Trusted Setup Ceremony

RISC Zero’s trusted setup ceremony has successfully concluded. This monumental event marks the first milestone in our road to zkVM 1.0, enhancing the security and reliability of our Groth16 STARK to SNARK circuit and the general purpose verifier contract on mainnet. We want to extend our gratitude to our community who contributed to the ceremony. Your participation, dedication and entropy, were instrumental in making this ceremony a success. With a total of 238 total contributions, we witnessed the power of community in securing RISC Zero’s cutting-edge ZK tech.

Why A Trusted Setup Ceremony? 

A trusted setup ceremony is a fundamental process in ensuring the integrity and security of certain cryptographic systems, such as our STARK to SNARK circuit. By generating a unique and unpredictable “number” collectively, with contributions from multiple parties, we create a foundation of trust that prevents malicious actors from compromising the system. 

Trusted setup ceremonies employ complex security models and multiple artifacts to demonstrate authenticity and trustworthiness. Here are some aspects we can prove:

  • We included a wide variety of contributors
  • Contributors announced their participation via attestations that RISC Zero couldn't fake
  • The ceremony is specifically tailored for the circuit we intended to secure.

Here are some resources if you want to learn more or see examples:

The success of the trusted setup ceremony is crucial for the security of our proof system, but it's equally important to verify the ceremony's integrity.

Verifying the Trusted Setup Ceremony

To ensure the security of our zkVM, RISC Zero has successfully conducted a trusted setup ceremony for a Groth16 prover/verifier, securing our STARK verification circuit. This critical step enables us to publish compact receipts for RISC Zero’s general-purpose zkVM, ensuring compatibility with a wide variety of blockchains. 

Verifying the security of our ceremony is paramount. However, it's important to note that it's a more technical process than contributing. Much like releasing cryptographic software as open source increases everyone’s security, even those who never read the code, publishing all the artifacts needed to confirm the security of our ceremony makes everyone safer. That said, we invite everyone to confirm the security of our ceremony for themselves, and so are publishing this guide to help you do so.

Overview of Verification Steps: 

To ensure that anyone can verify the integrity of our trusted setup ceremony, we have outlined a robust guide for verifying the results. Here’s an overview of the key steps involved:
1. Verifying the Circuit: Confirming the integrity and security of the RISC Zero STARK Verify circuit, which is open-source and available on Github

Note: We are committed to transparency and will provide updates on our audit process shortly after the conclusion of the TSC. Stay tuned for more detailed information regarding audits. 

2. Matching Transcript and Circuit: Ensuring that the transcript generated during the ceremony corresponds accurately to the secured circuit. Our ceremony transcript is the zkey published on ceremony.pse.dev in the "Download ZKey" tab of the RISC Zero STARK-to-SNARK Prover page.

3. Validating Contributor Attestations: Verifying that contributors’ attestations match the transcript, providing clarity on who contributed to the ceremony and preventing manipulation of contributors’ entropy. 

4. Checking for Security Holes: Thoroughly examining the setup ceremony and circuit for any potential security vulnerabilities or backdoors.

Step-by-Step Verification Guide

For detailed instructions on how to perform each verification step, including installing necessary tools and accessing relevant files, refer to our robust verification guide.

Tools, Collaboration, and Security: 

We utilized open-source tools such as p0tion and DefinitelySetup for the ceremony, ensuring reliability and transparency. We collaborated with the PSE team and benefitted from their experience securely coordinating ceremonies. We also implemented internal security reviews and external audits to bolster the security of both the ceremony and the circuit, which will be shared in the near future. RISC Zero is committed to maintaining the highest level of security and dedicated to maintaining transparent communication with our community.

Appreciation

Thank you to everyone who participated in the Trusted Setup Ceremony. We deeply appreciate all contributors, as well as those who attempted to contribute but faced challenges such as ceremony timeout, hardware limitations, or software issues. Your efforts were invaluable in securing a large circuit and pushing the boundaries of what a ceremony can achieve, both from an engineering and social perspective.

We recognize that contributing may have been difficult or impossible for some individuals, and we want to express our gratitude for the dedication and support you provided in helping us secure our ceremony. If you joined our contribution queue, your Github avatar is shown on the contributions tab of our ceremony, regardless of whether the contribution was successful.

Closing Statements

Verifying the trusted setup ceremony is not just a technical process; it’s a crucial aspect of building trust and ensuring the integrity of our technology. Your engagement in this verification process strengthens our collective efforts to create a secure and transparent system. 

With Phase 1 of our zkVM 1.0 Roadmap now complete, we shift our focus to Phases 2 and 3: sharing the details of our security audits and Mainnet Verifier. These next steps are critical as we continue to refine and secure our system, leading up to the full implementation of zkVM 1.0.

Stay tuned for further updates and insights as we continue to enhance the security and reliability of RISC Zero’s tech stack. 

In other news: