For zk-proofs to be compact and fast, they require what are called 'trust parameters' — secret numbers established during the system generation.
If someone knows these numbers in advance, they can forge proofs.
That is why the Sprout and Sapling trust ceremonies were held: involving many participants from around the world, each of whom added their part of the secret and then immediately destroyed the original data.
The security of the entire system relies on a very simple rule:
if at least one participant acted honestly, the entire process is considered secure.
Trust parameters create the initial 'primary polynomial' (or set of polynomials), which then allows building private proofs based on it, without the need to recreate the system each time.
Important:
• They do not contain the personal secrets of the users themselves.
• They are needed to define the mathematical structure to which the proofs will be 'attached'.
• If someone knew all the internals of the setup (i.e., the entire secret completely), they could forge proofs, creating seemingly correct zk-proofs for fake data.
Trusted setup = create a 'fair game', where each participant will then play by the established rules, not fearing that the field has been tampered with.#ZECUSDT $ZEC
Imagine a fair game: everyone has wrappers in their pockets, but no one is obliged to show how many exactly.
If someone hands two wrappers to another, everyone is sure that these are real wrappers made from special paper approved at the start of the game.
Creating new wrappers is impossible just like that: special paper is needed that cannot be forged.
And this paper itself appeared thanks to the ceremony:
at the start of the game, each participant added a secret ingredient to it.
Even if someone wanted to make fake paper later, they would not be able to — because they do not know all the ingredients that were added during the ceremony...
$ZEC to the moon
