Welcome to the resource topic for 2025/2000
Title:
Trust, But Verify When Using the Powers of Tau
Authors: Karim Baghery
Abstract:To mitigate trust concerns in the setup phase of pairing-based zk-SNARKs, the primary solution has been the sampling of the Structured Reference String (SRS) using an MPC protocol. In 2017, Bowe, Gabizon, and Miers introduced the Powers of Tau MPC protocol for sampling a universal SRS, which has since become the main SRS generation protocol for numerous practical projects. The protocol’s designers showed that for a circuit with 2^{21} multiplication gates, verifying the universal SRS for Groth16 zk-SNARK could take 55 minutes for a single update. However, they clarified that “the verification is not run by individual users; it is done by the coordinator and anyone who wishes to verify the transcript of the protocol after completion”. This note demonstrates the importance of verifying the final SRS by either \textit{each} individual end-user or \textit{all} ceremony participants to mitigate potential attacks. We discuss simple attack scenarios that highlight vulnerabilities if \textit{each} end-user or \textit{all} participants fail to verify the final SRS. Additionally, by leveraging batching and aggregating techniques, we introduce an efficient verification algorithm for the (original) Powers of Tau protocol, substantially reducing SRS verification time and making it practical even for large-scale ceremonies. In the case of rejection, a more efficient recursive verification approach aids in identifying malicious parties more effectively. This note aims to enhance procedural understanding of SRS generation ceremonies through the Powers of Tau protocol and improve the reliability of current ceremonies against potential threats.
ePrint: https://eprint.iacr.org/2025/2000
See all topics related to this paper.
Feel free to post resources that are related to this paper below.
Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.
For more information, see the rules for Resource Topics .