|
15 | 15 | * [`ptau`](#ptau) |
16 | 16 | * [Online mode commands](#online-mode-commands) |
17 | 17 | * [`server`](#server) |
| 18 | + * [Using AWS S3 for artifacts storage](#using-aws-s3-for-artifacts-storage) |
18 | 19 | * [`client`](#client) |
19 | 20 | * [Offline mode commands](#offline-mode-commands) |
20 | 21 | * [`init`](#init) |
|
23 | 24 | * [`extract-keys`](#extract-keys) |
24 | 25 | <!-- TOC --> |
25 | 26 |
|
26 | | -**Warning** |
27 | | -Please note that this tool is under development. Please consider it unusable before the first release. |
28 | | - |
29 | 27 | ## Overview |
30 | 28 | This utility program allows for performing a Trusted Setup Ceremony in a Multi-Party Computation fashion. It is meant |
31 | 29 | to be used by the Coordinator of the ceremony, as well as by the Contributors. In the end, the Coordinator will obtain |
@@ -170,15 +168,132 @@ The server is configured with a JSON file. An example configuration is shown bel |
170 | 168 | "r1cs": "resources/server.r1cs", |
171 | 169 | // The path to the Phase 1 file (possibly generated from a ptau file - see the `ptau` command for details). |
172 | 170 | "phase1": "resources/server.ph1", |
| 171 | + // (optional) If true, AWS S3 is chosen as the storage backend. If false or not present, |
| 172 | + // the server will fall back to storing artifacts in tmpfs. |
| 173 | + "useS3": true, |
| 174 | + // (optional) Name of the AWS S3 bucket to store ceremony artifacts. The bucket must exist. |
| 175 | + // If not provided, this information is taken from a default source (env or AWS CLI config file). |
| 176 | + "s3Bucket": "my-ceremony-bucket", |
| 177 | + // (optional) Region of the AWS S3 bucket to store ceremony artifacts. |
| 178 | + // If not provided, this information is taken from a default source (env or AWS CLI config file). |
| 179 | + "s3Region": "us-east-1", |
| 180 | + // (optional) Profile of the AWS S3 bucket to store ceremony artifacts. |
| 181 | + // If not provided, this information is taken from a default source (env or AWS CLI config file). |
| 182 | + "s3Profile": "test", |
| 183 | + // (optional) Credentials file for AWS S3. |
| 184 | + // If not provided, this information is taken from a default source (env or AWS CLI config file). |
| 185 | + "s3CredentialsFile": "~/.aws/credentials", |
173 | 186 | } |
174 | 187 | ``` |
175 | 188 |
|
176 | 189 | Coordination of the ceremony is automatic. No action from the Coordinator is required besides starting the server |
177 | 190 | and stopping it with CTRL+C at any arbitrary moment. At CTRL+C, the server stops accepting new contributions and starts |
178 | 191 | key extraction from the existing contributions. |
179 | 192 |
|
| 193 | +At the end of the contribution, the artifacts are either saved in the temporary filesystem or in the AWS S3, depending |
| 194 | +on the provided configuration. The stored artifacts are: |
| 195 | +- SRS commons of the circuit, |
| 196 | +- all intermediate Phase 2 files, |
| 197 | +- Proving Key, |
| 198 | +- Verifying Key, |
| 199 | +- JSON structured log documenting the ceremony. |
| 200 | + |
| 201 | +These artifacts are enough to re-generate the keys again using the offline mode [`extract-keys`](#extract-keys) command. |
| 202 | + |
180 | 203 | - `--config` - Path to a JSON file containing the server configuration. |
181 | 204 |
|
| 205 | +Example usage: |
| 206 | + |
| 207 | +```shell |
| 208 | +$ ./trusted-setup server --config small.json |
| 209 | +2025/09/02 00:33:00 Loading config file: small.json |
| 210 | +2025/09/02 00:33:00 Loading R1CS from online/test/resources/server.r1cs |
| 211 | +2025/09/02 00:33:00 Loading Phase 1 from online/test/resources/server.ph1 |
| 212 | +2025/09/02 00:33:01 INF beacon=a40d1701974c7e804732d3bf21131137f6b05dc054b073d0e48110ed2099f11c |
| 213 | +2025/09/02 00:33:01 Ceremony artifacts will be stored in tmpfs |
| 214 | +2025/09/02 00:33:01 Initializing Phase 2 |
| 215 | +2025/09/02 00:33:02 INF new ceremony started name=testCeremony |
| 216 | +2025/09/02 00:33:02 Server started, waiting for Contributors on 127.0.0.1:7312... |
| 217 | +2025/09/02 00:33:02 Press Ctrl+C to end Ceremony and generate Keys |
| 218 | +2025/09/02 00:33:09 INF new contributor connected ip=127.0.0.1:64624 |
| 219 | +2025/09/02 00:33:09 INF contributor position update ip=127.0.0.1:64624 newQueuePosition=0 |
| 220 | +2025/09/02 00:33:09 INF sending last accepted contribution ip=127.0.0.1:64624 |
| 221 | +2025/09/02 00:33:09 INF sent last accepted contribution ip=127.0.0.1:64624 size=27147 |
| 222 | +2025/09/02 00:33:09 INF receiving new contribution candidate ip=127.0.0.1:64624 |
| 223 | +2025/09/02 00:33:09 INF new contribution candidate accepted ip=127.0.0.1:64624 size=27179 |
| 224 | +^C2025/09/02 00:33:15 Generating keys out of 1 contributions... |
| 225 | +2025/09/02 00:33:15 Artifacts generated in the ceremony: |
| 226 | +2025/09/02 00:33:15 /var/folders/jh/bj77hlmj3k50qyxt3tzlbrwc0000gn/T/testCeremony-srs-commons-1639893806 |
| 227 | +2025/09/02 00:33:15 /var/folders/jh/bj77hlmj3k50qyxt3tzlbrwc0000gn/T/testCeremony-phase2-1-3080991318 |
| 228 | +2025/09/02 00:33:15 /var/folders/jh/bj77hlmj3k50qyxt3tzlbrwc0000gn/T/testCeremony-pk-2115635955 |
| 229 | +2025/09/02 00:33:15 /var/folders/jh/bj77hlmj3k50qyxt3tzlbrwc0000gn/T/testCeremony-vk-2427354540 |
| 230 | +2025/09/02 00:33:15 /var/folders/jh/bj77hlmj3k50qyxt3tzlbrwc0000gn/T/testCeremony-log-454330672 |
| 231 | +2025/09/02 00:33:15 Operation successful |
| 232 | +``` |
| 233 | + |
| 234 | +Example structured JSON log from the above ceremony: |
| 235 | + |
| 236 | +```json |
| 237 | +{"level":"info","beacon":"a40d1701974c7e804732d3bf21131137f6b05dc054b073d0e48110ed2099f11c","time":"2025-09-02T00:33:01+02:00"} |
| 238 | +{"level":"info","name":"testCeremony","time":"2025-09-02T00:33:02+02:00","message":"new ceremony started"} |
| 239 | +{"level":"info","ip":"127.0.0.1:64624","time":"2025-09-02T00:33:09+02:00","message":"new contributor connected"} |
| 240 | +{"level":"info","newQueuePosition":0,"ip":"127.0.0.1:64624","time":"2025-09-02T00:33:09+02:00","message":"contributor position update"} |
| 241 | +{"level":"info","ip":"127.0.0.1:64624","time":"2025-09-02T00:33:09+02:00","message":"sending last accepted contribution"} |
| 242 | +{"level":"info","ip":"127.0.0.1:64624","size":27147,"time":"2025-09-02T00:33:09+02:00","message":"sent last accepted contribution"} |
| 243 | +{"level":"info","ip":"127.0.0.1:64624","time":"2025-09-02T00:33:09+02:00","message":"receiving new contribution candidate"} |
| 244 | +{"level":"info","ip":"127.0.0.1:64624","size":27179,"time":"2025-09-02T00:33:09+02:00","message":"new contribution candidate accepted"} |
| 245 | +``` |
| 246 | + |
| 247 | +##### Using AWS S3 for artifacts storage |
| 248 | + |
| 249 | +The server can store the ceremony artifacts in AWS S3. |
| 250 | + |
| 251 | +AWS S3 is chosen as the storage backend if `useS3` configuration field is set to `true`. If the field is `false` or not |
| 252 | +present, the server will use tmpfs for storage. Some S3 settings can be overridden. See [`server`](#server) |
| 253 | +for the details on the configuration file. |
| 254 | + |
| 255 | +AWS S3 credentials are loaded from the credentials file. This file is automatically generated by the |
| 256 | +[AWS CLI tool](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html). The file can be |
| 257 | +generated as follows: |
| 258 | + |
| 259 | +```shell |
| 260 | +$ aws configure --profile <profile name> |
| 261 | +AWS Access Key ID [None]: <ID> |
| 262 | +AWS Secret Access Key [None]: <key> |
| 263 | +Default region name [None]: <region name> |
| 264 | +Default output format [None]: |
| 265 | +``` |
| 266 | + |
| 267 | +After the ceremony, the bucket can be queried as follows: |
| 268 | + |
| 269 | +```shell |
| 270 | +$ AWS_PROFILE=test aws s3 ls s3://ceremony-bucket |
| 271 | +2025-09-02 01:58:10 998 log |
| 272 | +2025-09-02 01:58:05 27179 phase2-1 |
| 273 | +2025-09-02 01:58:09 59955 pk |
| 274 | +2025-09-02 01:58:04 98248 srs-commons |
| 275 | +2025-09-02 01:58:10 364 vk |
| 276 | +``` |
| 277 | + |
| 278 | +Artifacts can be downloaded as follows: |
| 279 | + |
| 280 | +```shell |
| 281 | +$ AWS_PROFILE=test aws s3 cp s3://ceremony-bucket/ ceremony_artifacts --recursive |
| 282 | +download: s3://ceremony-bucket/log to ceremony_artifacts/log |
| 283 | +download: s3://ceremony-bucket/vk to ceremony_artifacts/vk |
| 284 | +download: s3://ceremony-bucket/phase2-1 to ceremony_artifacts/phase2-1 |
| 285 | +download: s3://ceremony-bucket/pk to ceremony_artifacts/pk |
| 286 | +download: s3://ceremony-bucket/srs-commons to ceremony_artifacts/srs-commons |
| 287 | +
|
| 288 | +$ ls -l ceremony_artifacts |
| 289 | +total 384 |
| 290 | +-rw-r--r--@ 1 user group 998 Sep 2 01:58 log |
| 291 | +-rw-r--r--@ 1 user group 27179 Sep 2 01:58 phase2-1 |
| 292 | +-rw-r--r--@ 1 user group 59955 Sep 2 01:58 pk |
| 293 | +-rw-r--r--@ 1 user group 98248 Sep 2 01:58 srs-commons |
| 294 | +-rw-r--r--@ 1 user group 364 Sep 2 01:58 vk |
| 295 | +``` |
| 296 | + |
182 | 297 | #### `client` |
183 | 298 |
|
184 | 299 | Connect to a Ceremony [server](#server) and provide contributions. This step is performed by the Contributors. |
|
0 commit comments