Skip to main content
Version: v2.x

Trusted setup

MACI currently uses Groth16 zk-SNARKs written in circom. Teams who wish to build on MACI may choose to perform a multi-party trusted setup. This allows observers to have a higher degree of confidence that the coordinator cannot generate fake proofs. Some teams, however, may forgo the trusted setup.

There are two possible reasons for doing so: if a team does not intend to manage a large amount of value, and if their users accept that the risk of coordinator misbehaviour is insufficient to justify doing the work of a trusted setup. After all, MACI's security model presumes a trusted coordinator.

The PSE team is making available a trusted set of zKeys for MACI's circuits, which are available and accessible on p0tion's website. For more info on trusted setup ceremonies please refer to p0tion's docs.

Maci v2.0 Trusted Setup Ceremony (most recent)

info

Maci v2.0 Trusted Setup Ceremony is now completed and the circuits can be used in production.

For this release, we plan to run two ceremonies, one with smaller size circuits (more accessible to contributors) due to smaller batch sizes for proving on chain, and one with larger circuits and large batch sizes for proving. Smaller size artifacts can be used for smaller rounds or for operators that want to run everything on a local computer vs using a beefy server. On the other hand, we plan to use the artifacts with larger batch sizes for large rounds and solely on a server.

Small Batch Size Ceremony

info

To download the artifacts, please run the following command from within MACI monorepo's root directory:

pnpm download-zkeys:ceremony

Here are the maximum values supported by these artifacts:

ProcessMessages

  • users: 214=163842^14 = 16384
  • votes: 59=19531255^9 = 1953125
  • batch size for proving: 52=255^2 = 25
  • vote options: 53=1255^3 = 125

TallyVotes

  • users (ballots): 214=163842^14 = 16384
  • batch size for proving: 25=322^5 = 32
  • vote options: 53=1255^3 = 125

Large Batch Size Ceremony

info

Please note that this ceremony has not started yet. We will inform when it will start and when the artifacts are available for use.

Here are the maximum values supported by these artifacts:

ProcessMessages

  • users: 214=163842^14 = 16384
  • votes: 59=19531255^9 = 1953125
  • batch size for proving: 53=1255^3 = 125
  • vote options: 53=1255^3 = 125

TallyVotes

  • users (ballots): 214=163842^14 = 16384
  • batch size for proving: 27=1282^7 = 128
  • vote options: 53=1255^3 = 125

Maci v1.2 Trusted Setup Ceremony

danger

Please be advised that you will not be able to use these artifacts with MACI v2.

info

MACI v1.2 artifacts are stored on Amazon S3. Please either download directly, or checkout any of the maci v1.2 tags to access the artifacts using the following commands:

git checkout v1.2.5
download:ceremony-zkeys

Here are the maximum values supported by these artifacts:

ProcessMessages

  • users: 56=156255^6 = 15625
  • votes: 59=19531255^9 = 1953125
  • batch size for proving: 52=255^2 = 25
  • vote options: 53=1255^3 = 125

TallyVotes

  • users (ballots): 56=156255^6 = 15625
  • batch size for proving: 52=255^2 = 25
  • vote options: 53=1255^3 = 125

For your convenience, here is a list of the artifacts that can be used in production:

ArtifactDescriptionParametersLink
processMessages zKeyThe production-ready zKey for the processMessages circuit.6-9-2-3processMessages_6-9-2-3_final.zkey
processMessagesNonQv zKeyThe production-ready zKey for the processMessagesNonQv circuit.6-9-2-3processMessagesNonQv_6-9-2-3_final.zkey
tallyVotes zKeyThe production-ready zKey for the tallyVotes circuit.6-2-3tallyVotes_6-2-3_final.zkey
tallyVotesNonQv zKeyThe production-ready zKey for the tallyVotesNonQv circuit.6-2-3tallyVotesNonQv_6-2-3_final.zkey
processMessages r1csThe Rank-1 Constraint System file that was used to generate the zKey6-9-2-3MACI-ProcessMessages_6-9-2-3.r1cs
processMessagesNonQv r1csThe Rank-1 Constraint System file that was used to generate the zKey6-9-2-3MACI-ProcessMessagesNonQv_6-9-2-3.r1cs
tallyVotes r1csThe Rank-1 Constraint System file that was used to generate the zKey6-2-3tallyvotes_6-2-3.r1cs
tallyVotesNonQv r1csThe Rank-1 Constraint System file that was used to generate the zKey6-2-3tallyvotesnonqv_6-2-3.r1cs
processMessages wasmThe WASM file that can be used to generate proofs6-9-2-3MACI-ProcessMessages_6-9-2-3.wasm
processMessagesNonQv wasmThe WASM file that can be used to generate proofs6-9-2-3MACI-ProcessMessagesNonQv_6-9-2-3.wasm
tallyVotes wasmThe WASM file that can be used to generate proofs6-2-3tallyvotes_6-2-3.wasm
tallyVotesNonQv wasmThe WASM file that can be used to generate proofs6-2-3tallyvotesnonqv_6-2-3.wasm
processMessages vKeyThe verification key that can be used to verify the processMessages circuit's proofs6-9-2-3maci-processmessages_6-9-2-3_vkey.json
processMessagesNonQv vKeyThe verification key that can be used to verify the processMessagesNonQv circuit's proofs6-9-2-3maci-processmessagesnonqv_6-9-2-3_vkey.json
tallyVotes vKeyThe verification key that can be used to verify the tallyVotes circuit's proofs6-2-3tallyvotes_6-2-3_vkey.json
tallyVotesNonQv vKeyThe verification key that can be used to verify the tallyVotesNonQv circuit's proofs6-2-3tallyvotesnonqv_6-2-3_vkey.json
processMessages Solidity verifierThe Solidity smart contract which can be used to verify the processMessages circuit proofs on-chain6-9-2-3maci-processmessages_6-9-2-3_verifier.sol
processMessagesNonQv Solidity verifierThe Solidity smart contract which can be used to verify the processMessagesNonQv circuit proofs on-chain6-9-2-3maci-processmessagesnonqv_6-9-2-3_verifier.sol
tallyVotes Solidity verifierThe Solidity smart contract which can be used to verify the tallyVotes circuit proofs on-chain6-2-3tallyvotes_6-2-3_verifier.sol
tallyVotesNonQv Solidity verifierThe Solidity smart contract which can be used to verify the tallyVotesNonQv circuit proofs on-chain6-2-3tallyvotesnonqv_6-2-3_verifier.sol

Maci v1.1 Trusted Setup Ceremony

Here are the maximum values supported by these artifacts:

ProcessMessages

  • users: 56=156255^6 = 15625
  • votes: 58=3906255^8 = 390625
  • messages per batch: 52=255^2 = 25
  • vote options: 53=1255^3 = 125

TallyVotes

  • users (ballots): 56=156255^6 = 15625
  • batch size: 52=255^2 = 25
  • vote options: 53=1255^3 = 125

For your convenience, here is a list of the artifacts that can be used in production:

ArtifactDescriptionParametersLink
processMessages zKeyThe production-ready zKey for the processMessages circuit.6-8-2-3processmessages_6-8-2-3_final.zkey
tallyVotes zKeyThe production-ready zKey for the tallyVotes circuit.6-2-3tallyvotes_6-2-3_final.zkey
processMessages r1csThe Rank-1 Constraint System file that was used to generate the zKey6-8-2-3processmessages_6-8-2-3.r1cs
tallyVotes r1csThe Rank-1 Constraint System file that was used to generate the zKey6-2-3tallyvotes_6-2-3.r1cs
processMessage wasmThe WASM file that can be used to generate proofs6-8-2-3processmessages_6-8-2-3.wasm
tallyVotes wasmThe WASM file that can be used to generate proofs6-2-3tallyvotes_6-2-3.wasm
processMessages vKeyThe verification key that can be used to verify the processMessages circuit's proofs6-8-2-3processmessages_6-8-2-3_vkey.json
tallyVotes vKeyThe verification key that can be used to verify the tallyVotes circuit's proofs6-2-3tallyvotes_6-2-3_vkey.json
processMessages Solidity verifierThe Solidity smart contract which can be used to verify the processMessages circuit proofs on-chain6-8-2-3processmessages_6-8-2-3_verifier.sol
tallyVotes Solidity verifierThe Solidity smart contract which can be used to verify the tallyVotes circuit proofs on-chain6-2-3tallyvotes_6-2-3_verifier.sol