I would like to know more about the zkSNARKs that Concordium uses in its identity layer. For example:
What proof methodology is used? (Groth16 or PLONK, for example)
Was there a trusted set-up and if so, who participated? Is there any documentation about security measures taken during the ceremony?
Concordium does not use zkSNARKs at present.
Our ID layer uses only sigma protocols and bulletproofs.
Consequently there was no ceremony. There are some common constants (group elements) that are needed in this setup, and they are generated from a public seed (1000 digits of pi or so) via hashing to group.
Thanks, that is very good to know. I have three simple follow-ups:
Was the primary motivation to use Bulletproofs their lack of a trusted setup?
Concordium’s identity layer includes anonymity revokers (ARs) and from my understanding, a threshold of ARs can derive a user’s ‘real’ identity from their Concordium identity. Because of this, we must assume that not all ARs are malicious. This seems to make ARs a natural set of parties to run a trusted zkSNARK set-up. Was this considered, considering that zkSNARKs have appealing qualities (related to proof size and verifier complexity)?
In the Concordium FAQ, I see mention of a ‘curated list’ of ARs. Could you please tell me where I could find this list?