The KZG Ceremony is an execution of the Powers-of-Tau MPC protocol with a large number of participants. It is essentially a decentralized alternative to a trusted setup that outputs public parameters for a polynomial commitment scheme called KZG (standing for Kate, Zaverucha, and Goldberg — the authors of that scheme). This ceremony is part of implementing proto-danksharding for Ethereum. In proto-danksharding, polynomial commitments are used to create small commitments, on the L1 chain, to larger data blobs hosted off-chain at the data availability layer.

To ensure the polynomial commitment scheme can be used reliably, we need to know that its public parameters were generated correctly by either a trusted party that performs the entire trusted setup or a decentralized ceremony that guarantees integrity as long as at least one of the participants acted honestly in generating the contribution and disposed of the “toxic waste” (artifacts computed throughout the generation of the contribution that must not be known post setup). To strengthen the security of the ceremony, the Ethereum Foundation called for special contributions, including unique sources of randomness.

Warm-up: Cryptosat as a unique source of randomness

First, Cryptosat used its Random Beacon service to feed randomness harvested aboard our first satellite, Crypto1, into the first contribution we generated for the ceremony. Each beacon is signed by the satellite and verifiable using Crypto1’s public key, which was generated in space after its launch in May 2022.

Next-level: a KZG contribution generated entirely in space

While this is a great measure for adding a unique source of entropy to the mix, the parameters update still takes place on earth, and there isn’t a bulletproof guarantee of keeping the toxic waste out of reach, so we wanted to take it a step further, and generate the entire contribution in space, leaving the toxic waste out of human reach. To achieve that, we used our Crypto2 satellite, which can run Linux applications aboard some of its boards that have ARM processors. Thanks to Ignacio Hagopian and Patrice Vignola, we had two options for client software we could use to generate the contribution, one implemented in Go and the other in C++. Normally, the clients assume internet connectivity and work directly with the KZG Sequencer API. Here, we used an offline mode that was added by both implementations to support special cases where the contribution is generated in an isolated environment. The offline mode enables downloading the current state from the KZG Sequencer to a file, using the file offline to generate an updated state, and then submitting the new state to the KZG Sequencer via the online API. For the actual contribution, we ended up using Ignacio Hagopian’s client written in Go, as this was the option we worked with early on and had extensively tested prior to the operation.

Powers-of-Tau is a sequential protocol — when a certain party generates a contribution, the coordinator essentially locks the state, preventing other contributors from updating it in parallel. This is due to the nature of the protocol, which is essentially a sequence of exponentiations accompanied by zero-knowledge proofs that prove that the new state is a transformation over the previous state. Hence, when one contributor generates its contribution, the others wait in line. As we aimed to cause as little disruption as possible to the special contributions phase, we wanted to ensure that the sequencer is locked for our contribution for as little time as possible. To ensure a smooth operation, we wanted to minimize the risk of any failures occurring, which would require us to repeat some or all of the steps. To that end, we carried out a mock operation that concluded on March 29th, 2023. At this point, we were ready to perform the actual contribution. Since it takes some time to upload the state to our satellite, generate a contribution based on it, and download the updated state, we worked with the Ethereum Foundation to lock the sequencer for our contribution over a period of 48 hours.

We started the operation on April 3rd, 2023 when we uploaded the current Powers-of-Tau state to Crypto2 and generated the contribution in space. We completed downloading the contribution on April 5th and submitted it to the KZG Sequencer API. Below are the Crypto2 contribution details as can be seen at https://ceremony.ethereum.org/. The contribution details can be fetched by searching for the following Ethereum wallet address 0x15be596f2245ab321d8a357f827006520330a98c.

Executing such a large decentralized ceremony take a lot of development, community coordination, and documentation and constitutes a huge communal effort. Often, an organization would like something that doesn’t involve development and operational efforts that can be plugged into their CI/CD pipeline. Moreover, for many other cryptographic schemes that require a trusted setup, an MPC protocol might not yet exist at all. This is why Cryptosat provides the option of running a full trusted setup to support the bootstrapping of various cryptographic schemes. Such a trusted setup can be executed on a single Cryptosat satellite or using multiple satellites in case an MPC protocol such as Powers of Tau applies to that setup.