This file explains some of the considerations necessary to deploy Nightfall on a production network.
People will need confidence that the trusted setup was not backdoored. Several approaches are possible. But this is very simple and can be a minimal process.
- Start session on ASCII Cinema, for assurance (this is our "ceremony")
- Use Azure, Amazon, or Google cloud to spin up a new instance and login
- Repeat TEST FLIGHT steps with mainnet configuration
- SHA hash the keys (included in the ASCII session)
- End ASCII Cinema session
- (From outside the session) secure copy (scp) the keys out, 7 GB
Much more elaborate trusted setup ceremonies can provide additional protection and assurance against backdoors. Such ceremonies are currently outside the scope of this document.
We need a practical way to distribute 7 GB of files. This is based on a study of Zcash and the problems users had when downloading keys. Here is a possible approach.
- Publish the 7 GB of files to an Amazon S3 bucket
- Publish the keys to any alternate source, e.g. Dropbox
- Create a Torrent, publish to a reputable Torrent service (still searching), or create our own tracker (not preferred)
- Create magnet URL to everyone to download in parallel from torrent and webseeds
- Create a web page (should NOT be part of Nightfall, to discuss) to document how to download keys, install locally and connect to this Nightfall instance
- Discuss policies for that server instance
- As current, the NFTokenMetadata contract is deployed which allows anybody to mint tokens. I don't see a problem with this for production uses
- Zcash issues with key deployment zcash/zcash#2695