# Trusted Setup Ceremony RAILGUN’s zk-SNARK circuits are proved using the [Groth16 ](https://eprint.iacr.org/2016/260.pdf)proof system, a [pairing-based zk-SNARK](https://zkproof.org/2021/06/30/setup-ceremonies/) [design. ](https://zkproof.org/2021/06/30/setup-ceremonies/)Groth16 is the most widely used zk-SNARK (with [Zcash notably using it for the first ZK shielded](http://www.zeroknowledgeblog.com/index.php/groth16)[protocol](https://www.zeroknowledgeblog.com/index.php/groth16)) as it allows for efficient verifier performance and short proof strings, requiring less computation time and power. Groth16 requires the generation of randomization for each circuit in what is called a [‘ceremony’.](https://zkproof.org/2021/06/30/setup-ceremonies/)​ zk-SNARKs need a common reference string (CRS), a public parameter that is used in proving and verifying and must be generated in advance by a trusted party. This is because zk-SNARK proving systems require the prover and verifier to have access to some public common knowledge (in this case the CRS), that has been pre-generated by a shared algorithm. CRS is generated using these ceremonies by having multiple, independent, and decentralized participants contributing random text. This setup ceremony type involving multiple parties is known as multi-party computation [(MPC), ](https://zeroknowledge.fm/the-power-of-tau-or-how-i-learned-to-stop-worrying-and-love-the-setup/)which prevents any single party involved in the ceremony from gaining knowledge of the underlying mathematic structure of the CRS. The CRS (derived from individual submissions) is a set of encrypted values where at least one of the original un-encrypted values (Toxic Waste) is destroyed to ensure that no actor is able to generate fake proofs to maintain system security. The setup ceremony type used in RAILGUN’s circuits was the [Perpetual Powers of Tau.](https://medium.com/coinmonks/announcing-the-perpetual-powers-of-tau-ceremony-to-benefit-all-zk-snark-projects-c3da86af8377) It is perpetual in the sense that there are no limits to the number of participants, and is what enables the security derived from the requirement of only 1 participant to destroy the CRS. The Perpetual Powers of Tau are points along the elliptic curve outputted from the ceremony and are used for private and public key derivation. This trusted setup is a requirement of Groth16 and allows for secure encryption, provided that the ceremony is performed correctly. One trusted setup ceremony is sufficient to secure the proving mechanisms, however, new ceremonies are required each time circuits are upgraded for performance, or when new features are added. As RAILGUN has optimized Groth16 zk-SNARK design for verification, the on-chain gas requirements are low considering the level of computation and encryption that is available in the RAILGUN privacy system. This is a more secure privacy system design than relying on an L2 for consensus. However, as above, new upgrades and circuit designs require new trusted setup ceremonies. The transcript of the RAILGUN setup ceremony is [here](https://ipfs.stibits.com/QmWAySHYhaZqioKi1ufrPJC1n1ZVtHP2w4hLA9XqqJCFne). --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.railgun.org/wiki/learn/privacy-system/trusted-setup-ceremony.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.