Trusted Setup Concerns


#1

Getting closer to Genesis Block, I'd love to get an update and more transparency about the Trusted Setup. The community deserves know the risks. For example, even with the planned multi-party setup, the codebase is still a single point of failure… will there be an independent audit? What plans are there for the ceremony and its public broadcast? Will the Trusted Setup be performed exclusively in Five Eyes countries? Who will the members of the setup committee be, and do they all have shares in Zcashco? These are extremely important questions critical to the security and success of Zcash and the community should expect a great deal of transparency about it.


#2

I agree with you 100% I know Zooko and team take the Trusted Setup very seriously and I'm confident that they will be releasing more details closer to Launch.

BTW, here is an interesting article about the Audit process I came across today, worth a read: http://www.coindesk.com/auditing-zcash-anonymous-blockchain-spent-250k-trial-fire/


#3

Tim, I know at this point you have significant skin in the game and I'm glad you're asking this.

What gets me is, through all the details of the trusted setup, we have no way of knowing for sure of a compromise. ZcashCo could publicly disclose and discuss the trusted setup with complete thoroughness and there'd still be a tradeoff between closing loopholes and thinking of bad actors' attack vectors for them.

There may even be a secret, "security through obscurity" private protocol in place to secure the publicly known plan for the trusted setup, which hinges on internal eyes only-- similar to the way a compromise or attack would be, but white hat. In such a case, if we're to build and establish trust for the team and the setup in the first place, there may be a point at which diminishing trust returns on additional transparency would compromise this secret failsafe.

The best sysnopsis of criticisms of the trusted setup I've read so far is by Greg Slepak here:

https://blog.okturtles.com/2016/09/how-to-compromise-zcash-and-take-over-the-world/

While I think it's constructive, it also places a lot of importance on chat excerpts or individual posts that may not be fully representative of ZcashCo's position. The human individual element comes into play, and in the absence of the disclosures Tim asked for, it raises some extra conjecture that's not so constructive.

I guess I'm not 100% sure of where I'm going with this. I do agree that as far as the trusted setup is concerned there's a disclosure gap that needs to be filled. But I'm also cognizant that maybe complete disclosure could do more harm than good.