What is Lumino?
“Lumino” is the term of illumination. In PlatON and Alaya networks, Lumino is a Multi-Party Computation Ceremony, for creating the necessary security parameters of the zero-knowledge proof protocols.
As one of the important privacy-preserving computation technologies, zero-knowledge proof (ZKP) allows a prover to convince a verifier that the he knows a secret information without directly disclosing the information itself. As a cryptographic primitive with both privacy protection and authentication capabilities, zero-knowledge proof is widely used in providing payment privacy, authentication privacy, and scalability. Most of ZKP protocols adopted in blockchain are mainly called “zk-SNARKs”, which has the following characteristics rather than traditional interactive proof systems:
– Succinct: The proof generation should be short enough;
– Non-interactive: the prover only needs to send the proof information to the verifier once, and the latter will perform the local verification without repeated interaction;
– Knowledge argument: The prover can be succeeded in the verification only if he knows the knowledge of the substantive secret (also called “witness”).
– Zero-knowledge: The verification process will never reveal any information except the fact that the verifier believes the statement is valid.
Why do we run Lumino?
All zk-SNARKs systems faces the same issue prior to be deployed, i.e., how to generate the system parameters? The critical thing is that, anyone who created the system parameters (also called “common reference string”, CRS), will know the secret information behind, which is also called “toxic waste”. Therefore, he is able to forge any proof without knowing the witness, and ruin the whole system.
A simple solution is that we can create these parameters through a trusted third party. Once created, these parameters will be used to generate a “proving key” and a “verification key”, respectively. And the prover and the verifier will use these keys to complete the proof generation and verification.
In fact, there is no trusted third party in decentralized world. Therefore, multiple participants are allowed to participate a Multi-party Computation for generating the CRS. It is undoubtedly a great idea to complete the creation of these randomization parameters together. In fact, ZCash has successfully generated their system parameters for Groth16 algorithm in November 2017 through the Powers of Tau ceremony, https://z.cash/technology/paramgen/.
In Lumino, we focus on Plonk algorithm, which is a brilliant work proposed by Ariel Gabizon, Zachary J. Williamson and Oana Ciobotaru in 2019. Plonk has the main advantage that the same CRS can be used for statements about all statements of a certain bounded size, while the traditional zk-SNARKs like GGPR13, PGHR13, Groth16 and GM17, shall prepare different CRSs for different statements. Plonk has been quickly developed in many blockchain projects like zkSync, Dusk, Aztec, etc. Due to its significant improvement in solving trusted setup issue, we believe Plonk will be the mainstream zk-SNARK in the near future.
Participants will perform multiple rounds of computations sequentially. In particular, the current participant will use the results of the previous participant as the input, and his output will also become the input by the next participant. In order to ensure the security and reliability of this relay, each participant needs to check his input prior to start his computation, i.e., the transcript of the previous participant, shal be in well-formatted, and computed based on its previous transcript. logic. Each participant should immediately and safely delete the secret information created during his round to contribute to the security of the entire ceremony.
More details about Lumino
The whole ceremony will be divided into two groups, which will create different system parameters for different elliptic curves (BN254 curve and BLS12–381 curve), allowing the creators to choose the appropriate curve based on their environment.
Lumino started on 2021–06–01T10:00:00, UTC+08:00, and it is expected to run for about 60 days, The last round of valid output before the deadline will be used to build Plonk-based zero-knowledge proof protocols in PlatON/Alaya.
How to join Lumino?
You can learn more about recruitment details (https://medium.com/platon-network/welcome-to-join-lumino-65c9b8e49209), and choose a specific group or both groups to become a “relayer”.
In order to give participants more flexibility, participants can be online and start the client software at any time during the whole ceremony. Our back-end server will adopt an optimized scheduling strategy to ensure the continuity of the entire process.
During the ceremony, you can check the ceremony page (lumino.latticex.foundation) to find the progress. Once you complete the computation, your transcript will be saved at the back-end server and will be downloaded by the next participant.
Lumino, to light up the evolving road for PlatON.
Publisher：PlatONWorld，Please indicate the source for forwarding：https://platonworld.org/?p=4052