The Namada Trusted Setup Ceremony generates the public parameters for the Multi-Asset Shielded Pool (MASP) circuit and guarantees its security. For more context, see the article Announcing the Namada Trusted Setup. This repository contains the coordinator code and CLI for the Ceremony.
- Participants signed through a public mailing list.
- The registrations closed at 00:00 UTC on the 15th of November 2022.
During the ceremony, valid contributions will appear on the Namada Ceremony Dashboard
Namada is a Proof-of-Stake layer 1 protocol for asset-agnostic, interchain privacy. Namada is Anoma's first fractal instance.
To learn more about the protocol, we recommend the following resources:
- Introducing Namada: Interchain Asset-agnostic Privacy
- What is Namada?
- Namada protocol specifications
The Namada Trusted Setup CLI exposes two ways to contribute:
- default, performs the entire contribution on the current machine
default
- offline, computes the contribution on a separate (possibly offline) machine (more details here)
This documentation provides instructions to contribute:
- By building the CLI from source
- From prebuilt binaries (manual setup)
- From prebuilt binaries (automated setup)
Participants are also encouraged to participate via their custom clients. For more suggestions on best practices, refer to RECOMMENDATIONS.md
.
- Each participant needs a unique token (
$TOKEN
) in order to participate in the ceremony. If your slot was confirmed, you should've received it by email before the start of the ceremony (09:00 UTC on the 19th of November 2022). - If you didn't receive a token but wish to participate, you can use the first come, first served list of tokens during the free-for-all cohorts in the ceremony. Follow @namadanetwork on Twitter for updates.
First, you will need to install some dependencies. On debian-based systems you can use:
sudo apt update && sudo apt install -y curl git build-essential pkg-config libssl-dev
After that, you'll need to install Rust by entering the following command:
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
If you already have Rust installed, make sure it is the most up-to-date version:
rustup update
Once everything is installed, clone the Namada Trusted Setup Ceremony GitHub repository and change directories into namada-trusted-setup
:
git clone https://github.com/anoma/namada-trusted-setup.git
cd namada-trusted-setup && git checkout v1.1.0
Build the binary:
cargo build --release --bin namada-ts --features cli
Move binary on $PATH
(might require sudo):
mv target/release/namada-ts /usr/local/bin
Start your contribution:
namada-ts contribute default https://contribute.namada.net $TOKEN
We provide prebuilt x86_64
binaries for Linux, MacOS and Windows. For this, go to the Releases page and download the latest version of the client.
After download, you might need to give execution permissions with:
chmod +x namada-ts-{distrib}-{version}
Finally start the client with:
./namada-ts-{distrib}-{version} contribute default https://contribute.namada.net $TOKEN
If you are on Linux or MacOS, we also provide an install script to automate binary setup. You can run the following command:
curl --proto '=https' --tlsv1.2 -sSf https://raw.githubusercontent.com/anoma/namada-trusted-setup/main/install.sh | sh
and you are ready to contribute:
namada-ts contribute default https://contribute.namada.net $TOKEN
In MacOS, you might see appearing the warning "cannot be opened because the developer cannot be verified". To solve this, open the "Security & Privacy" control panel from System Preferences. In general
tab, next to the info that the binary was prevented from running, click Allow Anyway
. Run the binary again. This time a different prompt is shown. Click Open
- the binary should run as you expect.
Advanced features are available to encourage creativity during your contribution.
You can generate the parameters on a machine that is offline or never connected to internet. Some examples are an air-gapped machine, a brand-new computer or a Raspberry PI. You will still need a second machine connected to the internet to carry out the necessary communication with the coordinator.
On the online machine give the following command:
cargo run --release --bin namada-ts --features cli contribute another-machine https://contribute.namada.net $TOKEN
This will start the communication process to join the ceremony and download/upload the necessary files. On the offline machine use the following command:
cargo run --release --bin namada-ts --features cli contribute offline
which will compute the contribution itself. This second command expects the file challenge.params
got from the online machine to be available in the cwd and it will produce a contribution.params
to be passed back to the online machine for shipment to the coordinator. The user will be responsible for moving these files around.
If you want to verify a contribution you can do it via CLI. After you have successfully contributed, a file called namada_contributor_info_round_${round_height}.json
will be generated and saved in the same folder of the namada-ts
binary, together with the parameter file namada_contribution_round_{ROUND}_public_key_{PUBLIC_KEY}.params
. The file contains a json structure. You should copy the values of following fields:
public_key
contribution_hash
contribution_hash_signature
parameter_path
- This is an optional argument, and it's the absolute path to the parameter file generated by the CLI (mentioned above)
and input them to:
namada-ts verify-contribution $public_key $contribution_hash $contribution_hash_signature $[parameter_path]
With the same procedure you can also verify any other contribution: you'll find all the data that you need at https://ceremony.namada.net
.
-
The client will ask you if you want to contribute anonymously:
- If yes, your contribution will show as "anonymous" on the dashboard.
- If no, you'll be asked to provide a name and an email address.
-
Generation of a mnemonic: every participant will be asked to generate a mnemonic. These are compatible with accounts on Namada and you will need it if you end up being rewarded for your contribution!
- The CLI will request you to verify 3 phrases of your mnemonic.
- If you fail the verification, the CLI will crash and you'll have to start anew.
-
You will need to wait a bit until it is your turn. Each round lasts between 4 min and 20 min. During the whole ceremony, please neither close your terminal, nor your internet connection. If you stay offline for more than 2 min, the coordinator will kick you out from the queue.
-
When it is your turn, the client will download the challenge from the coordinator and save it to the root folder. The client will request you to enter:
- A frenetically typed string
- Or a string representation of your alternative source of randomness
-
You have at most 20 minutes to compute your contribution and send it back to the coordinator.
-
After successfully contributing, you can optionally submit a public attestation url (e.g. link to a tweet, article documenting your setup, video, etc). Note that the url must be
http
orhttps
. -
If your contribution was valid, it'll show up on the dashboard!
This repository contains several Rust crates that implement the different building blocks of the MPC. The high-level structure of the repository is as follows:
phase2-cli
: Rust crate that provides a HTTP client that communicates with the REST API endpoints of the coordinator and uses the necessary cryptographic functions to contribute to the trusted setup.phase2-coordinator
: Rust crate that provides a coordinator library and a HTTP REST API that allow contributors to interact with the coordinator. The coordinator handles the operational steps of the ceremony like: adding a new contributor to the queue, authentificating a contributor, sending and receiving challenge files, removing inactive contributors, reattributing challenge file to a new contributor after a contributor dropped, verifying contributions, creating new files, etc.phase2
andsetup-utils
: contain utils used in both the client and the coordinator.- The remaining files contain configs for CI and deployment to AWS EC2 and S3 bucket.
The original implementation of the coordinator for the Aleo Trusted Setup was audited by:
All code in this workspace is licensed under either of
- Apache License, Version 2.0, (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
- MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)
at your option.
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.