The C++ KZG Ceremony Client (or CKCC) is a fully-featured client for Ethereum's KZG Ceremony.
The KZG Ceremony is a way for all Ethereum users to help scale Ethereum (i.e. EIP-4844, aka Proto-Danksharding) by adding to the credibility that nobody knows what the final secret is. In other words, the ceremony is secure as long as at least one honest person using one honest client (i.e. a client without bugs or undesired behavior) contributes. The more people contribute and the more diverse the set of clients is, higher are the chances that the ceremony is secure.
For more information, take a look at the FAQ.
Multiple clients for the Go, Rust and Java languages already exist, but I haven't seen a C++ client yet. For the sake of client and language diversity, I decided to build a C++ client. A diverse set of clients, languages and libraries adds to the robustness of the ceremony.
- Supports Windows, Mac and a wide range of Linux distributions from the last 10 years
- Supports Ethereum and GitHub accounts
- BLS signing
- ECDSA signing for Ethereum accounts
- Failure tolerant; while waiting for a contribution slot, the client will retry many times and even attempt to automatically re-authenticate when the session expires or when connection problems occur.
- Transcript verification
- Contribution verification
- Multiple layers of entropy for secret generation; in addition to the user's seed phrase, the secret generator will use the platform's CSPRNG (Cryptographically Secure PseudoRandom Number Generator) to improve entropy.
- All generated secrets in a contribution are unique
- Completely automated; while some clients need to the user to perform manual steps like opening their browser and copying some values back to the app, CKCC automatically opens the browser for each step and directs the user to the next step. The only manual step that the user needs to perform is to login through their GitHub or Ethereum account.
- Dual computer option that allows the powers to be computed on an airgapped machine disconnected from the internet, which means that secrets cannot be leaked
- Download the executable from the releases page
- Run the exeutable:
./cpp-kzg-ceremony-client - Write your entropy sentence and press enter
More command-line options are also available:
______ __ __ ______ ______
/ \ | \ / \ / \ / \
| $$$$$$\| $$ / $$| $$$$$$\| $$$$$$\
| $$ \$$| $$/ $$ | $$ \$$| $$ \$$
| $$ | $$ $$ | $$ | $$
| $$ __ | $$$$$\ | $$ __ | $$ __
| $$__/ \| $$ \$$\ | $$__/ \| $$__/ \
\$$ $$| $$ \$$\ \$$ $$ \$$ $$
\$$$$$$ \$$ \$$ \$$$$$$ \$$$$$$
C++ KZG Ceremony Client
Usage:
./cpp-kzg-ceremony-client [OPTION...]
-s, --sequencer arg URL of the sequencer to use (default:
https://seq.ceremony.ethereum.org)
-a, --auth arg Authentication provider to use. Choices:
[ethereum, github] (default: ethereum)
-m, --mode arg Mode to use. `complete` mode goes through
the whole process on a single machine.
`internet` mode downloads the transcript
from and submits the contribution to the
sequencer, but doesn't generate any secrets
or sign anything. `airgapped` mode is meant
to be used on a computer without internet
connection and takes a `contribution.json`
file generated by a machine in `internet`
mode, computes the powers of tau and
updates the `contribution.json` file.
Choices: [complete, internet, airgapped]
(default: complete)
-c, --contribution-file-path arg
Path to the contribution.json file used for
the `internet` and `airgapped` modes.
-e, --entropy arg Type of entropy to use for the first layer.
Additional CSPRNG entropy will be applied
on top of it. Choices: [stdin] (default:
stdin)
-n, --no-signing Disable the signing of the contribution.
Although signing contributions is not
mandatory, it is recommended to verify that
the contributions listed in the transcript
are actually generated by the addresses
listed.
-p, --port arg Port to run the authentication server on.
If not provided, a random port will be
chosen.
--sessionid arg Manually specify the session id to use for
authentication. The session ID can be
generated on a machine that has browser
support, and then manually entered here for
machines without a browser.
--nickname arg Manually specify the nickname to use for
authentication. For Ethereum
authentication, the address is required;
for GitHub authentication, the GitHub
username is required instead. This option
is required when --sessionid is specified.
-h, --help Print usage
Even when all precautions have been taken to not leak the secrets, a machine connected to the internet will always be somewhat vulnerable to attacks. To be 100% sure that your secrets will not be leaked, you can follow the dual computer setup:
-
On a computer connected to the internet, run the following command:
./cpp-kzg-ceremony-client --mode=internet --contribution-file-path=path/to/contribution.json -
When the program tells you to
move this file over to an airgapped machine, copy the file to an USB drive. -
Connect the USB drive to an airgapped machine and run the following command:
./cpp-kzg-ceremony-client --mode=airgapped --contribution-file-path=path/to/contribution.json -
When instructed, enter your entropy and, if using the Ethereum authentication, sign your contribution.
-
Finally, copy the file back to the internet-connected computer at the same location that it was initially written to and press
enter. The program will now submit your contribution and your internet-connected computer will have no way to know what your secrets are!
Note that the same authentication provider has to be used on both the internet-connected machine and the airgapped machine.
| Platform | AMD64 | ARMV7 | AARCH64 |
|---|---|---|---|
| Windows | Download | ||
| MacOS | Download | ||
| Ubuntu 23.04 | Download | Download | Download |
| Ubuntu 22.10 | Download | Download | Download |
| Ubuntu 22.04 | Download | Download | Download |
| Ubuntu 20.04 | Download | Download | Download |
| Ubuntu 18.04 | Download | Download | Download |
| Debian 11.6 | Download | ||
| Debian 10.13 | Download | ||
| Alpine Linux 3.17 | Download | ||
| Alpine Linux 3.16 | Download | ||
| Alpine Linux 3.15 | Download | ||
| Alpine Linux 3.14 | Download | ||
| Alpine Linux 3.13 | Download | ||
| Alpine Linux 3.12 | Download | ||
| Alpine Linux 3.11 | Download | ||
| Alpine Linux 3.10 | Download | ||
| Alpine Linux 3.9 | Download |
- Clone the repo
- Download CMake
- Run
./build.shon Linux or.\build.baton Windows
- jarro2783/cxxopts for command-line arguments parsing
- Corvusoft/restbed for the local HTTP server
- libcpr/cpr for the HTTP client
- nlohmann/json for JSON serialization and deserialization
- tristanpenman/valijson for JSON schema validation
- supranational/blst for BLS signing and powers of tau functionality
- Duthomhas/CSPRNG for easy cross-platform CSPRNG
- abseil/abseil-cpp for helpers that allow C++14 programs to use modern C++ semantics and follow good practices