Trusted Setup Leak vulnerability

From WEB3 Vulnerapedia
Jump to navigation Jump to search

The trusted setup procedure is a necessary step in the creation of a zero-knowledge proving system. It allows developers to segregate some of the computations beforehand to optimize the system.

One of the steps in a setup is the creation of a Common Reference String (CRS): randomness collection, which is achieved by aggregation of multiple parties' random values. These random values are called toxic waste and should be disposed of immediately after[1]. The Prover can predict the Verifier's challenges and forge malicious proofs if all the values are known. The system is sound if at least one of the values remains unknown. A CRS can also be created by only one centralized party, which makes the vulnerability more severe. It is also possible to update a CRS to improve the security over time[2].

Some protocols don't require a trusted setup, but they usually have drawbacks in the form of larger proofs and longer verification time.

  1. https://zkproof.org/2021/06/30/setup-ceremonies/
  2. https://snarkage.substack.com/p/snark-circuits-and-trusted-setup
Retrieved from "https://wiki.r.security/w/index.php?title=Trusted_Setup_Leak_vulnerability&oldid=1253"