![]() There was a coordinator server which acted as a bridge between the participants, and performed some deterministic initialization steps and other expensive computations. Participants needed to communicate with each other during the ceremony, but none of the communication was considered sensitive, and all of it is available in a public transcript. It also decreased the surface area of attack for participants and avoided the need for expensive synchronization.Īll of the participants had a similar role: their machines randomly sampled a “shard” of the toxic waste and used this shard to perform computations. This allowed the ceremony to scale to a large number of participants and take place over a longer period of time. The Sapling MPC allowed participants to join the protocol, do their part and leave immediately. Participants needed to maintain custody of their hardware throughout the process, so this meant the ceremony could not scale beyond a handful of people. This meant that all of the participants needed to be available for the entire duration of the protocol, and nobody could abort without causing the entire protocol to abort. In the Sprout MPC, all participants needed to commit to their share of the “toxic waste” in advance in order to protect against adaptive attacks. The second was generated in 2018, anticipating the Sapling network upgrade later that year. The first ceremony happened in October 2016 just before the launch of Zcash Sprout. Through 2018, Zcash had created two distinct sets of public parameters. These protocols had the property that, in order to compromise the final parameters, all of the participants would have had to be compromised or dishonest. ![]() In order to ensure the toxic waste did not come into existence, our team designed multi-party computation (MPC) protocols which allowed multiple independent parties to collaboratively construct the parameters.
0 Comments
Leave a Reply. |