Many hands
on one seal.
A Groth16 circuit needs a one-time trusted setup. As long as a single contributor is honest and discards their secret, the final key is safe. This page runs the multi-party phase 2 in your browser: each person mixes in fresh randomness on top of the previous key, then hands the chain to the next.
The keys shipped with Jat today (seal_final.zkey and withdraw_final.zkey) are an initial single-party development setup. They are fine for devnet, but a single party knows the toxic waste, so they are not suitable for mainnet on their own. This ceremony is how that gets fixed: the final keys will come from independent contributors, none of whom can reconstruct the secret unless every one of them colludes. It is not finished, and these keys are not yet used for mainnet. Nothing here is audited, and no claim of security is made until the chain is sealed and reviewed.
Reading the chain…