Sign in Subscribe

Verifying EthStorage V1 Trusted Setup Ceremony

EthStorage

6 min read
Verifying EthStorage V1 Trusted Setup Ceremony

The EthStorage V1 Trusted Setup Ceremony has been successfully completed—a critical milestone for securing our EthStorage system.

We’d like to thank everyone who took part in the ceremony. A total of 287 contributors joined and added their randomness, helping ensure that no one can create fake proofs or backdoors.

We also sincerely thank all those who tried to participate but were unable to complete their contribution — your effort and willingness to support the ceremony are deeply appreciated.

We would also like to extend our special thanks to the PSE team for providing the ceremony platform – P0tion and technical support. Their infrastructure enabled contributors worldwide to participate securely and transparently.

Thanks to your help, we’ve made EthStorage more secure and demonstrated how a decentralized community can work together to build reliable and trusted technology.

Introduction

EthStorage is building a modular and decentralized storage Layer 2 with programmable key-value storage powered by Data Availability (DA). To support secure and efficient zk-SNARK proofs for our storage circuits, we conducted a trusted setup ceremony using P0tion, a decentralized and auditable coordination tool.

This ceremony ensures that the proving keys incorporate entropy from multiple independent participants, thereby minimizing the risk of backdoors and enhancing the security of EthStorage’s long-term DA solutions.

Learn more about our project or the ceremony: Join the EthStorage V1 Trusted Setup Ceremony.

Ceremony Details:

With the ceremony concluded, this article explains how to verify the ceremony outputs, including the final .zkey files and their integrity against the original circuits, so users can independently audit the setup and trust the results.

Why is a Trusted Setup Necessary?

EthStorage leverages zk-SNARKs to prove that off-chain blob data is correctly encoded and stored. To make these proofs trustworthy, we need to generate specific cryptographic parameters through a process called a trusted setup.

The risk in any trusted setup lies in the private randomness ("toxic waste") used during the generation process. If this secret is not properly discarded, someone could forge proofs. To mitigate this risk, we run a multi-party trusted setup using p0tion: as long as one participant is honest and destroys their secret, the entire system remains secure.

The trusted setup ensures that:

  • No single participant has full control over the randomness used in the setup.
  • The entire process is transparent and can be independently audited.
  • The ceremony was specifically designed for the circuits used by EthStorage.

Why is Verification Needed?

Even though the trusted setup ceremony was designed to be transparent and secure, it's critical that the community can independently verify the final output. Verifying the .zkey files ensures that:

  • The final parameters were indeed generated from the intended circuits.
  • No tampering occurred between circuit compilation and parameter generation.
  • The contributions from each participant were properly included.

This verification process allows anyone to confirm that the trusted setup was executed honestly and that the resulting proving keys are safe to use. Transparency is not enough—verifiability is what builds trust.

What Needs to Be Verified

To ensure a trusted setup ceremony is truly secure, several key checks must be done. Kobi Gurkan shared a useful checklist showing how someone could fake a ceremony and secretly keep a backdoor. Based on that, we performed the following checks to ensure our setup is safe and transparent:

  • Circuit Validity – Open source and open for community review and verification.
  • Transcript Consistency – Check that the ceremony transcript matches these exact circuits.
  • Participant Attestations – Make sure each contributor’s attestation matches what’s recorded in the transcript.
  • Set up Integrity – Review the entire setup process to confirm it was done safely and without hidden risks.

Circuits

The trusted setup was performed for the following circuits in the zk-decoder repository, which is fully open source. We welcome the community to review and verify the code.

All Transcripts Match Their Circuits

The full ceremony transcript is embedded directly within the .zkey files, which can be downloaded from the “Download ZKey” tab on the EthStorage V1 Trusted Setup Ceremony page at ceremony.pse.dev.

Download Zkey

You can independently verify that the transcripts match the exact circuits by using Circom and snarkjs, as described below:

1. Install Tools

Install snarkjs and Circom. Below are the exact versions used in the ceremony:

  • snarkjs: v0.7.5 (commit: e0126f427f5c2c8ec753bc0d60dfacc6afece16)
  • circom: v2.2.2 (commit: e410b0d5cd2948a15931df0bc50d79ce56fa8c32)

2. Download the Circuits Source Code

Clone the circuits’ code from the zk-decoder repository

3. Download the Powers of Tau Files

We used the Powers of Tau files from the Hermez ceremony:

You can find these files linked in the Perpetual Powers of Tau.

4. Compile Circuits and Check Hashes

Both circuits were compiled with Circom v2.2.2 using the --O2 optimization flag. This level applies intermediate optimizations to reduce constraint count without altering circuit logic. Learn more about Circom optimizations here.

To compile the circuits and get their hashes, run the following commands:

git clone https://github.com/ethstorage/zk-decoder.git
cd ./zk-decoder/circom/circuits
npm install

circom ./blob_poseidon.circom --r1cs --O2
circom ./blob_poseidon_2.circom --r1cs --O2

shasum -a 256 blob_poseidon.r1cs
shasum -a 256 blob_poseidon_2.r1cs

Expected SHA-256 hashes:

  • blob_poseidon.r1cs: 9c0f44d168716ddf680a1f9b3a4b41ed08e4730d2d87d05d4e3816276af58f7a
  • blob_poseidon_2.r1cs: ba17a94a5edcc1d0b0ad10990e0aea4894f080ce571b0db79fb1c3a9c4a74a0d

These are the exact .r1cs files used in the EthStorage V1 trusted setup ceremony. 

5. Verify .zkey Files

To ensure the .zkey files are consistent with the corresponding .r1cs and .ptau files, use the following command:

snarkjs zkey verify blob_poseidon.r1cs ppot_0080_19.ptau blob-poseidon-circuit_final.zkey
snarkjs zkey verify blob_poseidon_2.r1cs ppot_0080_20.ptau blob-poseidon-2-circuit_final.zkey

If everything checks out, you’ll see a list of contribution hashes (attestations), followed by snarkJS: ZKey Ok! (as shown in the image labeled “Transcript” below). This confirms the ceremony transcript matches the compiled circuit and is safe to use.

Transcript

Contributor Attestations Match the Transcripts

Each contributor to the EthStorage V1 Trusted Setup Ceremony generates an attestation with a file name ethstorage-v1-trusted-setup-ceremony_attestation.log to their GitHub account as a Gist (as shown in the image labeled “Attestation” below).

Attestation

These attestations serve as public proof of contribution and should match the entries in the ceremony transcript.

How to Verify an Attestation4

1. Locate the Attestation in the Transcript

Each contribution is labeled in the transcript (as shown in the “Transcript” image above, generated by snarkjs) with a line like the following: 

[info] snarkJS: contribution #[seq-number] [github-username]-[number]
                xxxxxxxx xxxxxxxxx xxxxxxxxx xxxxxxxxx 
                xxxxxxxx xxxxxxxxx xxxxxxxxx xxxxxxxxx

Here, [github-username] corresponds to the contributor’s GitHub account.

2. Find the Contributor’s Gist

You can view your attestation (as shown in the "Attestation" image) in the Gist named ethstorage-v1-trusted-setup-ceremony_attestation.log at https://gist.github.com/[your-github-username].

To find someone else’s attestation, search on GitHub Gist using: filename: "ethstorage-v1-trusted-setup-ceremony_attestation.log" user:[github-username]

3. Compare Hashes

Open the Gist (as shown in the “Attestation” image above) and verify that the contribution hash matches the corresponding hash in the transcript for that contributor.

⚠️ Important Note on Attestations

Contributors have full control over their GitHub Gist attestations — they can delete or edit them at any time. However, only the original, unedited version of an attestation is considered valid. Any edits will be recorded in the Gist’s history and invalidate the attestation for verification purposes.

Even if a malicious contributor participates in the ceremony, they cannot compromise its security. However, they could try to discredit their contribution by deleting or altering their attestation Gist.

Please use your best judgment when interpreting a missing or edited attestation. It could indicate:

  • A malicious contributor attempting to disown their participation
  • A benign action, such as a user cleaning up old Gists
  • An operational issue or error unrelated to the ceremony’s integrity

Ceremony Security

To ensure a high level of security and transparency, we conducted the EthStorage V1 Trusted Setup Ceremony using two well-established open-source tools: p0tion and DefinitelySetup. The ceremony was carried out in close coordination with the PSE team.

By relying on external, battle-tested tooling that has been used in multiple previous ceremonies, we significantly reduced the risk of bugs or malicious behavior. Importantly, since these tools were developed and maintained by independent teams, they served as a safeguard, limiting our ability to tamper with or manipulate any part of the setup process.

⚠️ Security Assumptions

The security of the generated proving and verification keys relies on at least one honest participant contributing secure randomness and discarding their toxic waste. By using p0tion, we minimized trust by increasing the number of independent contributors.

References

If you have any questions or need help, feel free to reach out to us on Discord — we’re happy to support you!

To learn more about EthStorage and connect with our community, visit our community channels:

Sign up for more like this.

Enter your email
Subscribe