Announcing the KZG Ceremony
High fees have made life difficult for travelers through these Dark Forests. The Pools of Mem once clouded, now clarified by the filter of 1559, reveal that they are not deep enough to sustain.
Legends tell of a society flourishing under the abundance brought about by DankShard, of giant Roll-Ups subsisting on fields of nourishing Data Blobs, each supporting their own fractal nutrient layers.
To summon DankShard, our guides point us to a Ceremony. All members of the Lands of Ether and abroad are encouraged to contribute. Each will add their unique contribution to the collective and in doing so, illuminate the path forward. 🕯
The KZG Ceremony is a coordinated public ritual which will provide a cryptographic foundation for Ethereum scaling efforts like EIP-4844 (aka proto-danksharding). These types of events are also known as “Trusted Setups,” famously used by Zcash to bootstrap the chain’s privacy features. However, they can also be used to support scaling mechanisms, as Ethereum plans to do.
Proto-danksharding requires a new cryptographic scheme: KZG Commitments. These will generate a “structured reference string” (SRS) which is needed for the commitments to work. An SRS is secure as long as a single ceremony participant successfully conceals their secret.
It’s a multi-party ceremony: each contributor creates a secret and runs a computation to mix it with previous contributions. Then, the output is made public and passed to the next contributor. The final output will be included in a future upgrade to help scale the Ethereum network.
Source: Vitalik’s blog “How do trusted setups work?”
To learn more, Carl Beekhuizen’s Devcon Talk explains both at a high level and in-depth. Or, check out the links provided in the Resources repo.
Why it is important
Your participation has meaningful impact beyond the technical output of the Ceremony itself and the scaling mechanisms it would enable.
Here, the broader Ethereum community has a rare opportunity to contribute directly to core protocol development. In fact, the Ceremony credibility now and maintaining it long into the future depends on many contributions from a number of differentiated paths.
As we build our own infrastructure, we remind ourselves of what we hope Ethereum will bring to the world: accessible protocols anyone can use or contribute to. This is engagement in the practice of collective construction, the maintenance of our community ideals. Our summoning manifests new meaning for a changing world.
How to participate
There are four main ways for the Ethereum community can help build out this important infrastructure (ordered by technical difficulty, low to high):
- Browser interfaces
- create and contribute your own randomness through your preferred browser
- The main resource for information and participation is ceremony.ethereum.org. Make sure you are at this URL and not another one! There may be phishing/impersonation attempts
- can be through the hosted interface or on IPFS
- participants will need to provide an Ethereum address (which has sent at least 4 transactions as of 2023/01/13) or Github account to prevent spam contributions.
- Command line implementations
- if you’re comfortable using a command line, check out some of the CLI implementations to contribute from your local machine
- Generate entropy in a unique way
- You can generate some randomness using some unique & crazy method and use one of the above methods to add it to the ceremony. (If, for some reason, you need more time for your contribution, reach out to firstname.lastname@example.org)
- eg. in 2018 as part of the Zcash Sapling ceremony, Ryan Pierce and Andrew Miller used a geiger counter and an artifact from Chernobyl to generate entropy in an airplane – link
- Funding available: Apply here
- Write your own implementation
- Lots of effort has gone into making writing your own implementation for the ceremony as simple as possible, (some have even done it in an afternoon). Check out the comprehensive ceremony specs.
- If you really want to convince yourself that the secret hasn’t been leaked, consider rolling your own BLS12-381 implementation. You only need G1 and G2 integer multiplication and incorrect contributions will simply be rejected by the Sequencer, so you cannont harm the ceremony.
- If, for some reason, you need more time for your contribution, reach out to email@example.com
- Funding available: Apply here
The project has been in development since mid-2022: explore the full timeline here. The main areas of work included an implementation of the underlying cryptographic components, the Sequencer, and an interface to support browser based participation. These efforts saw broad ecosystem engagement, with contributions from dozens of teams and individuals: these include a few teams within the Ethereum Foundation (Protocol Support, Privacy & Scaling Explorations (PSE), Devops, Eth.org, and Research) Worldcoin, and independent contributors (names below!).
The first contribution period will last for two months, running Friday the 13th until March 13th 2023. Following that, there will be a special contribution period for bespoke implementations and unique entropy generation which may require additional support.
After both of these are concluded, the Sequencer will revert to accept general contributions until EIP-4844 is ready to be scheduled for a network upgrade.
At this point, the Sequencer will stop accepting new contributions and produce its final output. There will be at least one public verification that this is the correct output – individuals are also invited to verify this as well using simple scripts like this one.
Here are a few more questions that people commonly have.
Do I need to have registered beforehand to contribute?
Nope! You just need an Ethereum address that has sent at least 4 transactions before Jan 13 2023.
How long does it take to participate?
Participating itself is very quick, less than a minute, but it might take longer to wait for your turn. Everyone trying to contribute gets put in a lobby together and the next person to contribute is chosen at random.
What needs to go wrong for the ceremony to break?
The ceremony has a “1-of-N” trust assumption, which means that only a single participant in the entire ceremony needs to have not revealed their secret input for everything to be secure. This means that to break it, every single participant would need to collaborate to extract their secret and recombine it or there would have to be a bug in every single implementation.
See the full list of FAQs at ceremony.ethereum.org.
And a huge shout out to Nico Serrano, Geoff Lamperd, Chiali, and Takamichi Tsutsumi from Privacy & Scaling Explorations, Remco Bloemen, Marcin Kostrzewa, Grzegorz Świrski and Philipp Sippl from Worldcoin, Rafael Matias, and Parithosh Jayanthi from EF DevOps, in addition to Kevaundray Wedderburn, Marius Van Der Wijden, Daniel Knopik, Ignacio Hagopian, Antonio Sanso and Paul Wackerow among many others for doing an incredible amount of work to enable this Ceremony.
Published at Sun, 16 Jan 2022 01:00:00 +0100