Inferensys

Glossary

Universal Setup

A single, one-time trusted setup procedure that generates a structured reference string capable of supporting any circuit up to a pre-defined maximum size, as used in Plonk.
Knowledge engineer constructing knowledge base on laptop, document hierarchy visible, casual office setup.
TRUSTED SETUP PARADIGM

What is Universal Setup?

A universal setup is a one-time, upfront cryptographic ceremony that generates a single structured reference string capable of supporting any computation up to a pre-defined circuit size limit.

A universal setup is a cryptographic procedure that generates a single, reusable Common Reference String (CRS) from a Trusted Setup Ceremony. Unlike circuit-specific setups (as in Groth16), this monolithic string contains structured parameters, often encoded as powers of a secret scalar in a polynomial commitment scheme, that can be used to prove any Arithmetic Circuit whose gate count does not exceed the pre-determined maximum bound of the setup.

This paradigm, popularized by the Plonk proving system, decouples the toxic waste generation phase from application development. Once the ceremony is completed and the toxic waste is destroyed, developers can deploy new circuits without repeating the multi-party computation. The setup is 'universal' because the single Verification Key and prover parameters are sufficient for all circuits within the size limit, dramatically simplifying the deployment of zkSNARK-based systems.

PLONK'S REFERENCE STRING

Key Characteristics of Universal Setup

The defining properties of a universal setup ceremony, which generates a single structured reference string capable of powering any application-specific circuit up to a fixed size bound.

01

One Ceremony, Many Circuits

Unlike circuit-specific setups (e.g., Groth16), a universal setup generates a Structured Reference String (SRS) once. This single SRS can then be reused to prove any statement, provided the arithmetic circuit representing that statement does not exceed the pre-defined maximum number of gates. This decouples the expensive, security-critical setup phase from application development.

02

Updatable Security

The security of the initial SRS can be strengthened over time through updatable setup ceremonies. New participants can contribute randomness to the existing SRS without invalidating prior proofs. As long as a single participant in the entire chain of updates destroys their secret randomness (the 'toxic waste'), the final SRS is secure. This allows for continuous, trust-minimized security hardening.

03

Preprocessing with Polynomial Commitments

The universal SRS is fundamentally a sequence of powers of a secret scalar encoded in an elliptic curve group, structured to support polynomial commitment schemes like KZG. During a preprocessing phase, the specific constraint system of an application circuit is encoded into polynomials and committed to using this universal SRS, generating a circuit-specific proving key and verification key without a new trusted setup.

04

Fixed Upper Bound on Circuit Size

The 'universality' is bounded. The SRS is generated with a parameter n, representing the maximum number of gates the system can support. A circuit with n+1 gates cannot be proven using an SRS generated for size n. This requires developers to estimate an upper bound for their application's complexity before the ceremony, balancing future flexibility against the size and generation cost of the SRS.

05

Foundation for Plonk and Its Variants

The universal setup is a core architectural innovation of the Plonk proving system and its derivatives. It enables a single, large-scale ceremony to serve an entire ecosystem. This contrasts sharply with Groth16, which requires a unique, application-specific setup for each new circuit, making universal setups far more practical for platforms and protocols with evolving logic.

06

Ceremony as a Multi-Party Computation (MPC)

The generation of the universal SRS is a Multi-Party Computation (MPC) protocol. Participants contribute randomness sequentially, and the final parameters are a composite of all contributions. The protocol is designed so that the output is correct if at least one participant is honest and destroys their contribution. This '1-of-N' trust assumption is the bedrock of the ceremony's security model.

TRUSTED SETUP COMPARISON

Universal Setup vs. Circuit-Specific Setup

A comparison of the one-time universal trusted setup used in Plonk against the per-circuit trusted setup required by Groth16, highlighting trade-offs in security, flexibility, and performance.

FeatureUniversal SetupCircuit-Specific Setup

Setup Frequency

One-time for all circuits up to max size

New ceremony per unique circuit

Reusability

Updatability

Proof Size

~400 bytes

~128 bytes

Verification Time

~3 ms

~1.5 ms

Prover Time

Slower (more polynomial ops)

Faster (fewer constraints)

Security Assumption

1-of-N honest participant

1-of-N honest participant per circuit

Example Protocol

Plonk

Groth16

UNIVERSAL SETUP

Frequently Asked Questions

Clear, technical answers to the most common questions about universal trusted setups, their role in zkSNARKs, and how they differ from circuit-specific ceremonies.

A universal setup is a one-time, updatable trusted setup procedure that generates a Structured Reference String (SRS) capable of supporting any arithmetic circuit up to a pre-defined maximum size. Unlike circuit-specific setups (e.g., Groth16), the SRS is not tied to a single computation. It works by generating a sequence of powers of a secret scalar tau encoded in an elliptic curve group: [tau^0]_1, [tau^1]_1, ..., [tau^n]_1. This monomial basis allows provers to commit to polynomials of degree up to n using a polynomial commitment scheme like KZG. The universal property means a single SRS can be used for any circuit with n or fewer gates, enabling multiple applications to share the same setup without re-running the ceremony.

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.