Is zero-knowledge tech well adopted or not? In what we call a pivotal response in the quest for privacy and compliance, zero-knowledge proof (ZKP) technology is at the forefront of digital innovation, with plenty of use cases in blockchain technology.
If we are to cite examples, which also happen to be the benefits, the list would grow long, but the most common ones are as follows: decentralized identity, privacy-preserving transactions, secure and scalable layer-2 rollups, voting systems, Internet of Things, supply chain traceability, confidential smart contracts, lending and trading privacy, multiparty computation, and so on…
Can the Cardano network utilize efficient zero-knowledge schemes in projects built on it? The answer is yes. Cardano’s commitment to scalability and security has been all too evident, as seen in projects such as zkFold, the zero-knowledge API in Aiken smart contract programming language, and recently, Proof of Innocence on Cardano, all of which are products of zero-knowledge technology. However, integrating Groth-16, a zk-SNARK scheme, with proper security standards is not feasible because Cardano’s elliptic curve lacks the trusted setup ceremonies required for zero-knowledge verification. A trusted setup — often referred to as a “ceremony” — enables us to use Groth-16 on Cardano, and it’s the lacking component.
In this article, we present the “Powers of Tau” ceremony as a foundational step towards integrating efficient zero-knowledge proofs in Cardano. Approaching the subject from a technical perspective, we will walk you through the underlying problem and introduce the solution, the development team, timelines, resource allocation, and the speculative impact on the Cardano ecosystem.
Understanding the Challenge: Need for a Trusted Setup on Cardano
Let’s begin with an example of a Groth-16 instance in action at the application level, of course, in an ecosystem outside Cardano.
Groth-16 and Trusted Setups
On the Google console, a search of Groth-16 lands you on SUI’s Groth-16 documentation, which is a practical guide on using zero-knowledge proofs in applications. This guide contains everything we need to get started. To generate a proof verifiable in Rust, the code sample below shows up. Check it.
This snippet needs a fair amount of explanation as several things are happening, but we’ll save that for a glance at the comments (and a potential future article). Our interest is in one specific line of code, as shown below, which generates a proving key (used to create a proof) and a verifying key (used to verify that proof).
In production, you’d typically replace the above setup with one from a ceremony, as seen below. The above example uses a random generator for illustration purposes.
A trusted setup ceremony, known as Powers of Tau, replaces the insecure random setup in the Rust script, but this time, we are on the Cardano blockchain. It forms the base of today’s subject’s discussion.
Limitations in Cardano
There are many existing zk-SNARK schemes for verifying zero-knowledge proofs, including SNARK, Halo, Bulletproofs, Malin, PLONK, and Plonky2. Cardano’s ecosystem continues to develop and integrate these schemes. Groth-16 is an efficient option compared to other schemes. This efficiency stems from Groth-16’s ability to generate small proofs that are fast and inexpensive to verify.
For projects that seek to integrate zero-knowledge proofs with optimization in mind, Groth-16 caters to constraints such as transaction size, computational budget limitations, or low fees. A trusted setup is one of Groth-16’s requirements for secure and reliable operations. Its absence, however, hinders the adoption of Groth16-based applications in Cardano. Let’s pause — what exactly is a trusted setup?
What is A Trusted Setup
Suppose you want to securely generate proofs using Groth-16. A preliminary step, named setup, is required, which is achieved through a Multiparty Computational (MPC) ceremony. At the end of this process, and to ensure the keys generated by the protocol are valid and secure, we get two cryptographic components: the prover key and the verification key.
Only when multiple parties participate can the trusted setup be complete, each taking turns to provide a random input. The input’s randomness remains a secret until contribution, after which participants discard it to avoid compromising the system, toxic waste being the discarded randomness. In fact, the security of the system relies on having at least one participant properly dispose of their toxic waste. In practice, when participants deceive and retain their inputs, they compromise the system’s integrity, leaving malicious actors to create false proofs. As a result, they can bypass Groth-16 measures. For the system to remain trustworthy, it requires a large number of contributors to reduce the risk of collusion.
Security Implications
If we are to implement zk-SNARK lacking a trusted setup, there are some key risks we’d be introducing into our systems. Set up secrets (toxic waste) that, when exposed, could be used to generate fake proofs, and in practice, this would result in something like minting unlimited coins. In such implementations, missing constraints lead to incorrect logic verification, which may allow an invalid proof to pass as if it were true.
If we implement such a system in smart contracts or economic data, we risk double spending and poor incentive designs, which discourage honest participants. When teams deploy and maintain such codebases for the future, breakthroughs in quantum computing might break the elliptic-curve cryptography that underpins zk-SNARKs. Put another way, it would enable signature forgery or proof falsification, but only in the event of a trusted setup’s absence.
The Solution: Organizing the Powers of Tau Ceremony
This solution unfolds in two key parts: the trusted setup process and the supporting portal.
Phase-Based Trusted Setup: Powers of Tau and Circuit-Specific Steps
In two phases, we can accomplish a trusted setup. The first is the Powers of Tau, a universal setup process for generating reusable parameters designed explicitly for different circuits or applications. The second phase is the Circuit-Specific phase, which involves adapting parameters from the Powers of Tau to a specific circuit or application. In the end, all we need is a prover and verifier key.
To function, zk-SNARK schemes rely on specific elliptic curves. Plenty of the existing setups are accomplished, only for other curves, except the one supported by Cardano. The scope of this project is to complete the Powers of Tau ceremony for the Cardano-compatible BLS12-381 curve. It is readily apparent that if Powers of Tau is to succeed, we’ll need many participants for the reasons we mentioned. Engaging 30 to 40 contributors will enable projects to proceed directly to phase 2 of the setup.
Please note that to complete the setup, projects using Powers of Tau will need to build the second phase. We need a general phase that can be reused for any ceremony, and phase one does precisely that. Phase 2, however, is circuit-specific — a particular circuit is needed to derive keys. One problem arises each time a new application is built, projects have to recreate the phase 2 circuits.
The Portal: Streamlining Ceremony Logistics and Adoption
If the Powers of Tau SDK is to be adopted, then we need to eliminate the difficulties ahead for projects. This juncture is where the portal comes in as a key component of the project, serving as a centralized platform that provides participants with access to the necessary tools and resources for building ceremonies effectively. If this project is to serve as a foundation for zero-knowledge in Cardano, then by acing the logistics with clear guidance, it reduces the complexity and overhead associated with the process. The portal is a communication platform for participants and will: (1) allow scheduling of ceremonies and (2) offer support when troubleshooting should any issues arise.
This initiative significantly eases the burden on developers building projects that require Groth-16. It enables developers to strike a balance between focusing on core objectives and complying with ZK-SNARK requirements.
Building the Ceremonies Portal: Milestones and Infrastructure
The gap between idealization and actualization awaits a clear technical roadmap to bring the Powers of Tau project to life. Key milestones required to complete the project, and this is how it goes:
- Step 1: Ceremony Preparation and Organization — The first step is to build all the necessary software required to contribute to the event, create participation guidelines, and compile a list of individuals involved in the ceremony. Milestone output expectations include a program script to facilitate contributions to the Powers of Tau repository, as well as documentation of the process and participation precepts, the schedule, contributors, and execution specifics of the ceremony. Only once the software enables participants to submit contributions to the organizers and the documentation live will this milestone be complete. This step is complete, as shown in GitHub.
- Step 2: Execution of the ceremony — Currently in progress, the second step involves executing the setup ceremony. It’s all about scheduling and organizing various participants to make contributions. A transcript of the output ceremony and documentation of how the ceremony was executed are the expectations for this milestone. A minimum of 30 participants must contribute to the ceremony. The evidence of completion for this step has two checkpoints. The documentation we have already mentioned. The second is social network posts that showcase contributor participation.
- Step 3: Ceremonies portal — In third place comes creating a website (portal) packed with educational resources. The website serves as a repository for ceremony tools and a means to organize ceremonies from execution. To mark the completion, the website itself, which matches the above characteristics, serves as evidence of successful milestone delivery.
- Step 4: Project Closure — The final milestone is all bout completing project reports and summarizing all activities, such as technical findings and key learnings. It will be marked as complete upon the availability of the published close-out report on GitHub and a project video demo that explains the objectives, outcomes, and potential future directions.
Stakeholders: Team and Budget Allocation
Accountability in Cardano is among the key aspects that showcase the transparency in the ecosystem. This project, in line with transparency, lists its members and their respective compensation as detailed below.
Budget Overview
The Powers of Tau project presents value to the community by addressing a critical challenge: implementing integrations of Groth-16 into the Cardano blockchain. An explanation of the criteria behind the construction of the budget does more good than harm. We have three parts to this: community involvement, technical development, and the overall impact on the Cardano ecosystem.
Allocating half of the budget to the community implies that approximately 30 to 40 technical personnel will drive the success of this proposal. Such a group contributing to the ceremony would take up to a month or more, justifying the requested ADA to incentivize participation and support this process. Second, the rest of the budget is allocated to at least two event organizers (project managers) to schedule, guide, and provide support for the contributions, as well as one developer to conduct a technical assessment of the protocol, build the ceremony software, and manage the portal website.
Third, by conducting the first phase of the setup, this project addresses the challenge of the absence of a Cardano-compatible setup for Groth-16, creating a foundational infrastructure that other projects can build upon. Being reusable means a multiplier effect across the ecosystem. Additionally, a dedicated portal for future setups ensures upfront investment with long-lasting benefits not only for this project but also for the future implementation of Cardano zk-SNARKs.
Considering the long-term benefits, the cost of this project represents a sound investment in the foundational tools necessary for integrating zero-knowledge proofs. The funds allocated to this project amount to ₳ 87,141, distributed to the following activities in this order:
- Project Management: ₳ 28,571
- Technical assessment: ₳ 14,285
- Ceremony contributors: ₳ 40,000 — 40 ceremony contributors (₳1000 per ceremony contributor).
- Infrastructure: ₳ 4,285 — 24 months for hosting the ceremony portal website.
Key Personnel
The team working on this project is also developing two other funded proposals focused on zero knowledge: designing a zero-knowledge API for Aiken and building the proof-of-innocence protocol on Cardano. This participation is a testament to the true expertise in technical projects on the Cardano network. The members are:
- Agustín Salinas, Plutus smart contract developer — A Cardano blockchain developer at Modulo-p. Agustín is a zero-knowledge pioneer who worked on Cardano’s early zk DApps, such as Mastermind and a port of the Semaphore protocol from Ethereum. In this project, he is the technical talent building the Powers of Tau ceremony.
- Agustín Franchella, Project Manager — An Encoins team member and Cardano ambassador. As a technical project manager, Agustín has successfully secured funding in Cardano’s Project Catalyst funds 12 and 13, with three projects in the zero-knowledge domain. In this project, he’ll be working on the documentation and helping participants contribute to the ceremony.
What, then, is the positive impact of this project on the Cardano family and the wider Web3 community?
Paving the Way for Secure and Private Applications in Cardano
This technology, as a means of achieving privacy without compromising compliance, benefits the entire ecosystem focused on developing zero-knowledge proofs. Many developers have observed that managing the setup process is a challenging and complex task (not as straightforward as you have learned), given the need for collaboration among many people. What we see is an initiative that simplifies the integration of Groth-16 into future zk DApps and advocates for the adoption of zero-knowledge cryptography, where efficiency is a key development constraint.
There is also a catalyst for ZK projects, providing essential resources and tools to facilitate smoother development and promote innovation within the community through the portal website. If your vision is as good as ours, we envision empowering developers, enhancing privacy protocols, and taking a bold step toward innovation. It is on account of the successful completion of the Powers of Tau ceremony project that developers will no longer bootstrap the process themselves. Instead, they will have a clear path toward secure, private applications.
For privacy-focused protocols like Encoins and other upcoming zero-knowledge (zk) decentralized applications (DApps), this foundational structure serves as a baseline upon which to build. It enhances privacy without compromising scalability or compliance. The availability of these resources empowers developers to focus on innovation rather than ceremony logistics. By fostering a developer-friendly environment and championing standards for secure zk-SNARK integrations, Cardano takes a critical step toward becoming a leading hub for zero-knowledge research, experimentation, and real-world deployment.
Learn more about this project by looking at the original proposal on Catalyst, the active GitHub repo, and the Modulo-p website.
