a survey on trusted setups

  1. Semaphore
    1. Phase 1 (non-circuit specific) run VDF on an ETH1 mainnet block hash to produce a random number and applied it to a chosen challenge file from the Perpetual Powers of Tau Ceremony (similar to Phase 2, so detailed below)
    2. Phase 2 (circuit-specific)
      1. use the output of Phase 1 as a starting point
      2. 50 participants on a first-come-first-serve basis, following the ceremony guide, take turns to apply a secret random number to the previous participant's output
      3. after participants’ contribution, another block hash is picked and VDF is applied on it, using this final output to produce a proving key and verifier key for the Semaphore circuit
  2. Tornado.cash similar to Semaphore, but in phase 2 the 30th contribution to the ceremony is picked to produce the keys, and then similarly a future block hash is chosen and VDF calculated
  3. InterRep plan is to use Semaphore for anonymous membership, so I assume the setup will be similar
  4. zCloak uses zk-STARK over zk-SNARK, thus a trusted setup is NOT needed!