refactor: use randomness for trusted setup

ananas-block · ananas-block · commit 52b0f2990cd0 · 2025-10-20T20:04:18.000+01:00
diff --git a/.github/actions/setup/action.yml b/.github/actions/setup/action.yml
@@ -108,6 +108,13 @@ runs:
       shell: bash
       run: npm install -g @lightprotocol/zk-compression-cli
 
+    - name: Cache Powers of Tau file
+      if: inputs.install-circom == 'true'
+      uses: actions/cache@v4
+      with:
+        path: ${{ inputs.example }}/pot/powersOfTau28_hez_final_16.ptau
+        key: ptau-powersOfTau28_hez_final_16-v1
+
     - name: Cache circom installation
       if: inputs.install-circom == 'true'
       id: cache-circom
diff --git a/zk-id/scripts/setup.sh b/zk-id/scripts/setup.sh
@@ -169,12 +169,18 @@ fi
 # Contribute to the ceremony
 echo ""
 echo "Contributing to the ceremony..."
+# Generate real randomness from /dev/urandom combined with system entropy
+# This creates 256 bits of entropy for the contribution
+RANDOM_ENTROPY=$(head -c 32 /dev/urandom | xxd -p -c 256)
+SYSTEM_ENTROPY="${RANDOM}${RANDOM}${RANDOM}$(date +%s%N)$(uname -a | sha256sum | cut -d' ' -f1)"
+COMBINED_ENTROPY="${RANDOM_ENTROPY}${SYSTEM_ENTROPY}"
+
 npx snarkjs zkey contribute \
     build/circuit_0000.zkey \
     build/compressed_account_merkle_proof_final.zkey \
     --name="First contribution" \
     -v \
-    -e="$(date +%s)"
+    -e="$COMBINED_ENTROPY"
 
 if [ $? -eq 0 ]; then
     echo -e "${GREEN}✓${NC} Contribution complete"
