The KZG Ceremony was the largest multi-party computation of its kind (by number of participants). Through an open, accessible process, it produced a secure cryptographic foundation for EIP-4844.
Learn more about how the Ceremony worked in Carl Beekhuizen's Devcon talk: "Summoning the spirit of the Dankshard"
As the Dencun upgrade approaches, this post will serve as a comprehensive record of outcomes and people that brought the Ceremony to life in 2023.
141,416 contributions made this the largest setup of this kind at the time of publishing.
Contributors were required to sign-in via Github or authenticate using an Ethereum address for spam prevention.
132,021 (93.36%) used Sign in with Ethereum
9,395 (6.64%) used Github
As additional spam prevention, Ethereum addresses were required to have sent a certain number of transactions (also referred to as "nonce") before the start of the Ceremony at block 16,394,155 2023/01/13 00:00 UTC. This requirement was modified throughout, depending on the needs at that time.
Jan 13 - March 13: nonce 3
March 13 - April 01: no new logins, but the lobby was allowed to clear out, ie. anyone already logged-in was able to complete their contribution.
April 01-16: public contributions closed to accommodate Special Contributions
April 16-25: 128
April 25-May 8: 64
May 8-25: 32
May 25 - June 27: 16
June 27 - Aug 23: 8
To prevent bots or scripts from interrupting honest contributors, the process was set up to blacklist any accounts with excessive logins/pings. To reset honest accounts accidentally added to the list, the blacklist was cleared four times throughout the contribution period.
Please note that we do not recommend using KZG contributions as a reliable list of unique identities e.g. for airdrops. While the sign-in and nonce requirements encouraged honest entropy contributions, these were ultimately minor impediments to actors wanting to contribute multiple times. Analysis of the transcript and onchain activity clearly show that many contributions came from linked addresses controlled by single entities. Fortunately, because these contributions were still adding entropy, it doesn't detract from the soundness of the final transcript output.
Verifying the transcript
8ed1c73857e77ae98ea23e36cdcf828ccbf32b423fddc7480de658f9d116c848: is the sha-256 hash of the final transcript output.
The transcript is 242 MB, and is available on GitHub in the ethereum/kzg-ceremony repo or via IPFS under the CID QmZ5zgyg1i7ixhDjbUM2fmVpES1s9NQfYBM2twgrTSahdy.
There was a commemorative POAP NFT which could be claimed by contributors who logged in with their Ethereum address. The design of the POAP matches that of the original hosted interface, and includes the hash of the transcript in the border (8ed...848). To date, over 76k NFTs have been claimed by participants. Anyone who verified the transcript output was also able to tweet as social proof of success: see recent verification tweets here.
As noted above, we do not recommend using the list of minted POAPs as a strong anti-sybil signal, eg. for airdrop eligibility.
Special Contributions
April 1-16 2023 was the Special Contribution Period for the KZG Ceremony. This allowed participants to contribute in ways that may not have been possible in the Open Contribution period.
While the Ceremony only needs a single honest participant to provide a secure output, Special Contributions provide additional assurances beyond a standard entropy contribution:
computing over the entropy in an isolated environment (eg. on an air-gapped machine, wiping and physically destroying hardware) means it's unlikely for a malicious entity to have extracted the entropy at any point
detailed documentation (explore links below) attached to real reputations are unlikely to all have been coopted or faked by a malicious coordinating entity. The records are available for future observers to explore.
different hardware and software limits correlated risk
differentiated entropy generation (eg. measuring an explosion) prevents the Ceremony output being compromised by some failure in the regular entropy generation (eg. the hosted interface)
contributions involving large groups of people are harder to fake than those with only one person
See the original Ethereum blog post which documents the 14 special contributions: details on methodology, where to find them in the transcript, and links to documenting media.
Cryptosat: entropy from space
The KZG Marble Machine: 3d printed marble machine
Mr. Moloch’s Ephemeral Album II: a day-long musical adventure
Dog Dinner Dance Dynamics: a good boy get dinner
CZG-Keremony: a pure JS KZG ceremony client
Improvised Theatre: unpredictable improv
A Calculating Car: Self-driving car collects data
A noisy city: Sydney whispers its stories
Exothermic Entropy: chemicals go boom
The Sferic Project: lightning never strikes in the same place twice
The Great Belgian Beer Entropy Caper: recording a night of beer with a friend
KZGamer: summoning Dankshard with a dice-tower
Catropy: cats continue being integral to the internet
srsly: an iOS KZG Ceremony client
Resources + Media
The resources here are helpful to learn more about how these constructions work, both generally and with regard to Ethereum's particular context.
Features: transcript verification, using additional external sources of entropy, eg. drand network, an arbitrary URL provided by the user. Note: double signing not supported due to lack of hash-to-curve in gnark.
A massive shout out to the dozens of people from the broader Ethereum community involved in design, coordination, audits, devops-ing, and writing code. This project would not have existed without your efforts!
Another thank you to the tens of thousands of people who took the time to contribute, report bugs, and help scale Ethereum.