Penumbra's Summoning Ceremony Begins

In order to provide private transactions, Penumbra makes heavy use of Zero-Knowledge Proofs. In particular, we use the Groth16 proving system, which allows us to have proofs that are quick to generate, even quicker to verify, and more compact than any other scheme.

Generating these proofs requires special parameters called proving keys for each circuit. The proving keys “precompile” the proof statements into a compressed, cryptographic form used by the proof system, providing speed and efficiency. Having recently completed two audits of our zero-knowledge circuits for the Penumbra protocol, we’re now ready to move on to the final step in preparing these parameters for mainnet: running a public “summoning ceremony” where many people participate in the creation of these keys.

This ceremony is open to the public, and we need your help in summoning. This is a great opportunity to be a part of the Penumbra project, and to get a hands-on feel for actually using Penumbra.

If you want to dive right in, you can go ahead and visit and participate, or you can read on for more details on the summoning ceremony.

What the Ceremony Is

Generating proving keys for the Groth16 proof system requires sampling randomness. This randomness should be deleted, since knowledge of the randomness used to generate the proving keys could allow forging proofs. During development, Penumbra testnets have used a trusted setup performed by a single person (whoever edited the proof code most recently).

In preparation for mainnet, we want to instead perform a decentralized setup, allowing everyone in the community to contribute to parameter generation. By participating in the summoning ceremony, Penumbra users can be sure that the proving keys were securely generated.

Two Phases

The ceremony will be run in two phases, for technical reasons. You can participate in each phase once, and the way you participate is basically the same for each phase. Each person participates sequentially: one after the other. There’s a queue of pending participants, and you can “bid” on your position in the queue by sending testnet funds to the coordinator managing contributions.

Phase 1 is currently ongoing, and we expect it to run for the next few weeks. After that, we’ll be taking a short break, before resuming with Phase 2. We’ll make sure to keep everyone updated as the ceremony progresses, and the summoning website will always have up-to-date information about the current phase and how to contribute.

Every Bit Helps

The nature of the ceremony is that we only require one participant in each phase to be honest in order for the security of the entire phase to be guaranteed. Because of this, every contribution only adds to the security of the ceremony, and any person wanting to trust the ceremony for themselves can contribute to ensure that.

How to Contribute

Detailed instructions for how to contribute are available at The gist of how contributing works is that you download our command-line wallet, pcli, use it to generate a new wallet, receive testnet funds from the faucet in our public Discord, and then use them to enter into the contribution queue for the current phase. Then you just leave this command open until you reach the front of the queue and the command prepares and submits your contribution.

You’re not limited to just contributing though, since you’ll have gone through the efforts of creating a wallet, we encourage you to try out the other features pcli offers, or to use the web interface to see the transactions you created when contributing!

Thanks again for helping to make Penumbra a reality: happy summoning!