The KZG Ceremony represented the largest multi-party computation of its nature (in terms of participant count). Through an open and inclusive approach, it established a secure cryptographic base for EIP-4844.
Discover more about how the Ceremony was conducted in Carl Beekhuizen’s Devcon presentation: “Summoning the spirit of the Dankshard”
As the Dencun upgrade nears, this article will act as a thorough record of the achievements and individuals who brought the Ceremony to fruition in 2023.
Results and Approaches
The Ceremony lasted for 208 days: commencing on Jan 13 13:13 UTC 2023 and concluding on Aug 08 23:08 UTC 2023
141,416 contributions made this the most significant setup of its kind at the time of publication.
Participants were required to log in through Github or verify using an Ethereum address to mitigate spam.
- 132,021 (93.36%) used Sign in with Ethereum
- 9,395 (6.64%) used Github
For extra spam deterrence, Ethereum addresses needed to have conducted a specific number of transactions (also known as “nonce”) prior to the commencement of the Ceremony at block 16,394,155 2023/01/13 00:00 UTC. This stipulation was adjusted periodically, according to the requirements at those times.
- Jan 13 – March 13: nonce 3
- March 13 – April 01: no new logins, but the lobby was allowed to clear out, meaning anyone already logged in could finish their contribution.
- April 01-16: public contributions ceased to allow for Special Contributions
- April 16-25: 128
- April 25-May 8: 64
- May 8-25: 32
- May 25 – June 27: 16
- June 27 – Aug 23: 8
To guard against bots or scripts disrupting sincere contributors, the system was structured to blacklist any accounts with excessive logins/pings. To reset honest accounts mistakenly placed on the list, the blacklist was removed four times during the contribution period.
Please be aware that we do not advise utilizing KZG contributions as a dependable list of unique identities for instance, for airdrops. Although the sign-in and nonce prerequisites promoted honest entropy contributions, these ultimately posed minor barriers to actors wishing to contribute multiple times. Evaluations of the transcript and on-chain activity clearly indicate that numerous contributions originated from linked addresses operated by single entities. Fortunately, as these contributions continued to add entropy, it does not affect the reliability of the final transcript output.
Validating the transcript
8ed1c73857e77ae98ea23e36cdcf828ccbf32b423fddc7480de658f9d116c848: is the sha-256 hash of the final transcript output.
The transcript is 242 MB, and can be accessed on GitHub in the ethereum/kzg-ceremony repository or via IPFS under the CID QmZ5zgyg1i7ixhDjbUM2fmVpES1s9NQfYBM2twgrTSahdy.
There are various methods for validating the transcript. It can be examined and confirmed on ceremony.ethereum.org, or with a specific verification script written in rust.
Learn more about the checks implemented here in Geoff’s blog entry: Validating the KZG Ceremony Transcript.
There was a commemorative POAP NFT that contributors who logged in with their Ethereum address could claim. The design of the POAP aligns with that of the original hosted interface, featuring the hash of the transcript in the border (8ed…848). To date, over 76k NFTs have been claimed by participants. Anyone who verified the transcript output was also able to tweet as social proof of their success: see recent verification tweets here.
As mentioned earlier, we do not endorse using the list of minted POAPs as a solid anti-sybil indicator, for example, for airdrop eligibility.
Special Contributions
From April 1-16 2023, it was the Special Contribution Period for the KZG Ceremony, allowing participants to contribute in ways that may not have been feasible during the Open Contribution phase.
While the Ceremony only requires one honest participant to achieve a secure output, Special Contributions offer extra assurances beyond a standard entropy contribution:
- computing over the entropy in an isolated environment (for example, on an air-gapped machine, erasing and physically destroying hardware) implies it’s improbable for a malicious entity to have extracted the entropy at any moment
- comprehensive documentation (explore links below)attached to authentic reputations are improbable to all have been usurped or fabricated by a harmful coordinating agent. The archives are accessible for upcoming observers to investigate.
- varied hardware and software constraints related risk
- distinct entropy production (for instance, quantifying an explosion) safeguards the Ceremony output from being jeopardized by some malfunction in the standard entropy production (like the hosted interface)
- initiatives involving extensive collectives of individuals are more challenging to counterfeit compared to those with merely a single individual
Refer to the original Ethereum blog post that catalogs the 14 special contributions: specifics on methodology, locations within the transcript, and references to supportive media.
- Cryptosat: entropy from space
- The KZG Marble Machine: 3D printed marble machine
- Mr. Moloch’s Ephemeral Album II: a full-day musical journey
- Dog Dinner Dance Dynamics: a good boy receives dinner
- CZG-Keremony: a pure JS KZG ceremony client
- Improvised Theatre: unpredictable improvisation
- A Calculating Car: Self-driving vehicle collects data
- A noisy city: Sydney shares its tales
- Exothermic Entropy: chemicals react explosively
- The Sferic Project: lightning never strikes the same location twice
- The Great Belgian Beer Entropy Caper: documenting a night of beer with a companion
- KZGamer: conjuring Dankshard with a dice tower
- Catropy: felines remain essential to the internet
- srsly: an iOS KZG Ceremony client
The resources here provide valuable information to gain further insights into how these constructs function, both broadly and in relation to Ethereum’s specific framework.
| Title | Venue | Participants | Release Date |
|---|---|---|---|
| Danksharding and the KZG Ceremony w/ Carl Beekhuizen (Ethereum Foundation) | Strange Water Podcast | Rex, Carl Beekhuizen | November 2023 |
| KZG Ceremony Duo Summons The Ethereum Road Map | The Defiant | Tegan Kline, Carl Beekhuizen, Trent Van Epps | April 2023 |
| Episode 262: Ethereum’s KZG Ceremony with Trent & Carl | Zero Knowledge | Anna Rose, Kobi Gurkan, Carl Beekhuizen, Trent Van Epps | Feb 2023 |
| Ethereum’s KZG Ceremony | Bankless | David Hoffman, Trent Van Epps, Carl Beekhuizen | Jan 2023 |
| Peep an EIP – KZG Ceremony | EthCatHerders | Pooja Ranjan, Carl Beekhuizen | Jan 2023 |
| Ethereum Foundation – EIP-4844 & KZG Ceremony | Epicenter | Friederike Ernst, Trent Van Epps, Carl Beekhuizen | Jan 2023 |
| Building the KZG Ceremony | PSE Learn and Share | Nico Serrano, Geoff Lamperd | Dec 2022 |
| The KZG Ceremony – or How I Learnt to Stop Worrying and Love Trusted Setups | Devcon | Carl Beekhuizen | Oct 2022 |
Audits
Given the highest significance of security within this initiative, two examinations were undertaken, each focusing on distinct components.
Client Implementations
There existed multiple independent implementations that Ceremony participants could execute locally, featuring a diverse array of functionalities.
CLI Interfaces
| Implementation | BLS Library | Language | License | Author | Notes |
|---|---|---|---|---|---|
| Chotto | blst (jblst) | Java | Apache 2.0 | Stefan Bratanov (@StefanBratanov) | |
| go-kzg-ceremony-client | gnark-crypto | Go | MIT | Ignacio Hagopian (@jsign) | Features include: transcript verification, usage of supplementary external entropy sources, such as drand network or a custom URL provided by the user. Caution: double signing is not feasible due to the absence of hash-to-curve in gnark. |
| eth-KZG-ceremony-alt | kilic | Go | GPL-3.0 | Arnaucube (@arnaucube) | |
| Towers of Pau | blst | Go | MIT | Daniel Knopik (@dknopik), Marius van der Wijden (@MariusVanDerWijden) | Linux exclusive, no signatures. |
| cpp-kzg-ceremony-client | blst | C++ | AGPL-3.0 | Patrice Vignola (@PatriceVignola) | Features encompass: BLS/ECDSA signing, transcript verification, compatibility with Linux/Windows/MacOS |
| czg-keremony | noble-curves | JavaScript | MIT | JoonKyo Kim (@rootwarp), HyungGi Kim (@kim201212) | |
| kzg-ceremony-client | blst | C# | MIT | Alexey (@flcl42), CheeChyuan (@chee-chyuan), Michal (@mpzajac), Jorge (@jmederosalvarado), Prince (@prix0007) |
Browser Interfaces
- audit: QmevfvaP3nR5iMncWKa55B2f5mUgTAw9oDjFovD3XNrJTV
- doge: QmRs83zAU1hEnPHeeSKBUa58kLiWiwkjG3rJCmB8ViTcSU
BLS Libraries
An enormous round of applause for the numerous individuals from the larger Ethereum community who engaged in design, coordination, audits, devops, and coding. This initiative would not have been possible without your contributions!
Additional gratitude is owed to the countless individuals who dedicated their time to contributing, reporting issues, and assisting in the growth of Ethereum.