top | item 18886486

(no title)

There is nothing new about this article. The article is pointing out that in addition to the trapdoors of the proving system, it's possible to subvert the arithmetic circuit used as well. The ceremonies used by Zcash have the property that the parameters are perfectly bound to the circuit.

Not sure why this isn't mentioned in the article.

> This article is about the fact that there could be a backdoor, whose absence can only be proven by revealing all participants' toxic waste.

This is incorrect, as stated above. Instead of revealing their toxic waste, we reveal proofs-of-knowledge so we can use pairings to ensure the parameters encode the circuit correctly.

discuss

hendi_|7 years ago

I stand corrected. Thank you for the clarification!

I still learned something "new" from the article, I was only aware of the ceremony issue that "everbody knows" of.

ewillbefull|7 years ago

That's great! There are many issues with trusted setups that people aren't paying enough attention to.

_Drygin|7 years ago

You're right, I removed misleading information from the article. Thank you for your comment.