We thank to all the registered contributors for joining this activity to provide security guarantees. This document aims to give a detailed explanation and a step-by-step guidance for contributors to accomplish the ceremony.

The Process

Registration

There will be a registration phase through the whole ceremony. Contributors can choose one or both of the underlying elliptic curves, BLS12–381 and BN254, to participate. Note different zero knowledge proof systems based on Plonk could use different underlying curves.

A back-end server will start the ceremony based on a list of all registered contributors. such a list will be continuously updated during the registration phase. All the registered contributors will be scheduled by the back-end server.

Running the client

Contributors can use our open source client software (https://github.com/PlatONnetwork/Lumino/tree/main/setup-mpc-client) to simply launch the ceremony step-by-step in a proper time.

To maintain the maximum flexibility of all the contributors, we use a first-come-first-serve (FCFS) strategy based on a randomized shuffle. Specifically, a list of pre-registered participants prior to the launch of the ceremony will be maintained, and randomly re-ordered via a committed future block height.

During the relay computation, server always catches one client with highest priority among the current active clients in the network. This allows the contributors to run their clients whenever they want. However, to make the whole ceremony more seamless, we encourage all the registered contributor to be aware of his position and the current progress. Contributors could always check Lumino’s status via the ceremony page (https://lumino.latticex.foundation/home). Participants can contact lumino@latticex.foundation for any problems encountered during the computation.

Two Curves

Lumino targets the security as the first priority, and that motivates the design and the organizing of the ceremony to be universal and broad. In general, Lumino provides two elliptic curves for contributors to freely participate. These CRSs computed in the ceremony will be used in Alaya and PlatON networks with concerns to both application security and efficiency.

zk-SNARKs protocols rely on pairing-friendly curves to be effectively implemented and integrated in the DApps.

Barreto-Naehrig (BN) curves are a class of pairing-friendly elliptic curve constructions built over a base field $F_q$ of order $r$, where $r approx q$. Blockchain communities use BN curves such as BN254 (also called BN256 for some unknown reason) . Another class of pairing-friendly elliptic curves are Barreto-Lynn-Scott curves (BLS) proposed in 2002. BLS curves are now appear to be commonly used in projects like Ethereum, ZCash, Chia, Dfinity, Algorand etc.

Verify-and-Compute

Lumino performs sequential computations by randomly scheduling the contributors. Each contributor follows a verify-and-compute paradigm to ensure the correctness and integrity of the output scripts.

Within one round, a contributor $P_i$ first downloads the output script $tau{i-1}$ of the previous contributor $P{i-1}$. He verifies the correctness of $tau{i-1}$ by checking the ratio equality of the points. $P_i$ also checks the inheritance of $P{i-1}$, to ensure $tau{i-1}$ is computed based on $P{i-2}$’s script.

$P_i$ uses $tau_{i-1}$ as the input, to compute his own script $tau_i$, and destroy the used secret randomness.

The final result computed by the last contributor in the ceremony will be formally output and stored.

More Transparency

The client software including the cryptographic code is fully open-sourced. In addition, a light-weighted verification tool is provided for publicly review the correctness within arbitrary round of computation.

To make the whole process more transparent, each contributor’s script will be permanently recorded in the blocks of Alaya network.

Configuration and Rewards

We recommend a basic machine configuration as: 4 cores 8 GB RAM, plus a free storage of 12 GB. For the Internet, we recommend at least 1 Mb for upload and download.

Lumino is a public crypto-asset for constructing ZK-based applications in blockchains, and we encourage you to contributing your power to build the security foundation.

We thank to the contributors by providing a special type of incentives as Google cloud instances in a first-come-first-serve manner. Details of this incentive can be found in the later article.

Acknowledgement

As proposed and supported by LatticeX Foundation, Lumino aims to build a trust-less initialization for zk-SNARKs, and in particular, Plonk systems. We sincerely thank ZCash and Aztec team for their previous efforts (Powers of Tau and Ignition) on the trusted setup open problem.

Lumino ceremony home page
https://lumino.latticex.foundation/home
Open source code and software downloads are available at https://github.com/PlatONnetwork/Lumino