The KZG Ceremony was the largest multi-party computation of its kind (by number of participants). Through an open, accessible process, it produced a secure cryptographic foundation for EIP-4844.
Learn more about how the Ceremony worked in Carl Beekhuizen’s Devcon talk: “Summoning the spirit of the Dankshard”
As the Dencun upgrade approaches, this post will serve as a comprehensive record of outcomes and people that brought the Ceremony to life in 2023.
Outcomes and Methods
The Ceremony ran for 208 days: from Jan 13 13:13 UTC 2023 until Aug 08 23:08 UTC 2023
141,416 contributions made this the largest setup of this kind at the time of publishing.
Contributors were required to sign-in via Github or authenticate using an Ethereum address for spam prevention.
132,021 (93.36%) used Sign in with Ethereum9,395 (6.64%) used Github
As additional spam prevention, Ethereum addresses were required to have sent a certain number of transactions (also referred to as “nonce”) before the start of the Ceremony at block 16,394,155 2023/01/13 00:00 UTC. This requirement was modified throughout, depending on the needs at that time.
Jan 13 – March 13: nonce 3March 13 – April 01: no new logins, but the lobby was allowed to clear out, ie. anyone already logged-in was able to complete their contribution.April 01-16: public contributions closed to accommodate Special ContributionsApril 16-25: 128April 25-May 8: 64May 8-25: 32May 25 – June 27: 16June 27 – Aug 23: 8
To prevent bots or scripts from interrupting honest contributors, the process was set up to blacklist any accounts with excessive logins/pings. To reset honest accounts accidentally added to the list, the blacklist was cleared four times throughout the contribution period.
Please note that we do not recommend using KZG contributions as a reliable list of unique identities e.g. for airdrops. While the sign-in and nonce requirements encouraged honest entropy contributions, these were ultimately minor impediments to actors wanting to contribute multiple times. Analysis of the transcript and onchain activity clearly show that many contributions came from linked addresses controlled by single entities. Fortunately, because these contributions were still adding entropy, it doesn’t detract from the soundness of the final transcript output.
Verifying the transcript
8ed1c73857e77ae98ea23e36cdcf828ccbf32b423fddc7480de658f9d116c848: is the sha-256 hash of the final transcript output.
The transcript is 242 MB, and is available on GitHub in the ethereum/kzg-ceremony repo or via IPFS under the CID QmZ5zgyg1i7ixhDjbUM2fmVpES1s9NQfYBM2twgrTSahdy.
There are several means of verifying the transcript. It can be explored and verified on ceremony.ethereum.org, or with a dedicated verification script written in rust.
Learn more about the checks implemented here in Geoff’s blog post: Verifying the KZG Ceremony Transcript.
There was a commemorative POAP NFT which could be claimed by contributors who logged in with their Ethereum address. The design of the POAP matches that of the original hosted interface, and includes the hash of the transcript in the border (8ed…848). To date, over 76k NFTs have been claimed by participants. Anyone who verified the transcript output was also able to tweet as social proof of success: see recent verification tweets here.
As noted above, we do not recommend using the list of minted POAPs as a strong anti-sybil signal, eg. for airdrop eligibility.
Special Contributions
April 1-16 2023 was the Special Contribution Period for the KZG Ceremony. This allowed participants to contribute in ways that may not have been possible in the Open Contribution period.
While the Ceremony only needs a single honest participant to provide a secure output, Special Contributions provide additional assurances beyond a standard entropy contribution:
computing over the entropy in an isolated environment (eg. on an air-gapped machine, wiping and physically destroying hardware) means it’s unlikely for a malicious entity to have extracted the entropy at any pointdetailed documentation (explore links below) attached to real reputations are unlikely to all have been coopted or faked by a malicious coordinating entity. The records are available for future observers to explore.different hardware and software limits correlated riskdifferentiated entropy generation (eg. measuring an explosion) prevents the Ceremony output being compromised by some failure in the regular entropy generation (eg. the hosted interface)contributions involving large groups of people are harder to fake than those with only one person
See the original Ethereum blog post which documents the 14 special contributions: details on methodology, where to find them in the transcript, and links to documenting media.
Cryptosat: entropy from spaceThe KZG Marble Machine: 3d printed marble machineMr. Moloch’s Ephemeral Album II: a day-long musical adventureDog Dinner Dance Dynamics: a good boy get dinnerCZG-Keremony: a pure JS KZG ceremony clientImprovised Theatre: unpredictable improvA Calculating Car: Self-driving car collects dataA noisy city: Sydney whispers its storiesExothermic Entropy: chemicals go boomThe Sferic Project: lightning never strikes in the same place twiceThe Great Belgian Beer Entropy Caper: recording a night of beer with a friendKZGamer: summoning Dankshard with a dice-towerCatropy: cats continue being integral to the internetsrsly: an iOS KZG Ceremony client
The resources here are helpful to learn more about how these constructions work, both generally and with regard to Ethereum’s particular context.
Audits
Given the utmost importance of security in this project, two audits were conducted, each for different components.
Client Implementations
There were a number of independent implementations that Ceremony participants could run locally, with a variety of different features.
CLI Interfaces
Browser Interfaces
audit: QmevfvaP3nR5iMncWKa55B2f5mUgTAw9oDjFovD3XNrJTVdoge: QmRs83zAU1hEnPHeeSKBUa58kLiWiwkjG3rJCmB8ViTcSU
BLS Libraries
A massive shout out to the dozens of people from the broader Ethereum community involved in design, coordination, audits, devops-ing, and writing code. This project would not have existed without your efforts!
Another thank you to the tens of thousands of people who took the time to contribute, report bugs, and help scale Ethereum.