The tidex6 Trusted Setup Ceremony

A public, multi-party ceremony to generate the parameters that secure every private transaction in tidex6 — so that no single person can ever forge a proof.

What is a trusted setup, and why does it need a ceremony?

The short version of the cryptography.

tidex6 proves things in zero knowledge with Groth16 — the same proof system used across the ZK ecosystem. Groth16 is fast and tiny to verify on-chain, but it needs a set of public parameters (a Common Reference String) that must be generated once, up front.

Generating those parameters produces a piece of secret randomness — the “toxic waste.” Whoever knows the toxic waste can forge fake proofs: mint value from nothing, or withdraw money that was never deposited. If it is destroyed, the parameters are perfectly safe. If it is kept, the whole system can be counterfeited.

So the only question that matters is: was the toxic waste really destroyed?

1 party A single machine generates the parameters and promises to delete the secret. You have to trust that one party. That is what we run today (clearly marked “development only”).
N parties In a ceremony, contributors take turns. Each one adds their own fresh randomness on top of the previous result and destroys it. The final parameters are safe as long as at least one contributor was honest.
Break the setup only if every single contributor colludes.
With 10–20 independent people, that is practically impossible. This is the “1-of-N” trust model.

That is the whole point of a public ceremony: it removes the “trust one party” assumption and replaces it with “trust that not everyone is dishonest.” The more independent contributors, the stronger it gets — which is exactly why we want you.

What already works

This is not a whitepaper. The protocol is live on mainnet today.

Shielded pool on mainnet
Deposit + withdraw, Groth16 / BN254, per-nullifier double-spend protection. verifier ↗
Verified & immutable
OtterSec source-verified; the verifier's upgrade authority is renounced — it can never change.
Two layers of privacy
The link is hidden by the Groth16 pool; the amount is hidden by Token-2022 confidential transfers (wUSDC and wUSDT). Neither who↔whom nor how-much is visible on-chain.
Client-side proving
Proofs are generated in your browser via WebAssembly (~1.7 s). The secret never leaves the tab.

Don't take our word for it — it's all checkable on-chain. Open the pool program ↗, the verifier ↗, or run the full two-layer flow yourself from the app. Nothing here is a promise — it is running right now.

Where we are

The honest current state — not a wishlist.

Two-layer flow + browser-native app, on mainnetdone
  • Wrap → deposit → withdraw to a fresh address → confidential payout → cash out — verified live
  • Client-side wrap + deposit + withdraw with memo & auditor — the secret and the amount never leave the tab (WASM)
  • Multi-asset: hidden amounts for both USDC and USDT on mainnet
Trusted setup ceremonyin progress
  • Public, multi-party generation of the production parameters — this page

Add your randomness

One click, entirely in your browser: fresh entropy is generated locally, mixed into the parameters with our Rust prover (WebAssembly), and destroyed immediately. Your secret never leaves this tab — only the new parameters are uploaded, tagged with your connected wallet. Every honest contributor makes the setup safer for everyone.

contributions so far
connecting…