MPC Pedersen Key

[0xForerunner]

Hey all. I'm working on an MPC setup and I'd like to generate the pedersen key via MPC. I'm currently stuck at generating the commitmentBases. My current strategy was copy what was happening in groth16.Setup() but it seems it's sampling from the toxic waste to generate these bases. Ideally we'd have a deterministic setup for the pedersen keys, and then each additional participant can go ahead and contribute.

Here is a link to the project if you'd like to take a look.

For running the actual contributions I have something like this:

type PedersenKeys struct {
	PK []pedersen.ProvingKey
	VK pedersen.VerifyingKey
}

func (pks *PedersenKeys) Contribute() error {
	var modMinusOne big.Int
	modMinusOne.Sub(fr.Modulus(), big.NewInt(1))
	sigma, err := rand.Int(rand.Reader, &modMinusOne)
	if err != nil {
		return err
	}
	sigma.Add(sigma, big.NewInt(1))

	var sigmaInv big.Int
	sigmaInv.ModInverse(sigma, fr.Modulus())

	pks.VK.GRootSigmaNeg.ScalarMultiplication(&pks.VK.GRootSigmaNeg, &sigmaInv)

	for _, pk := range pks.PK {
		for _, basisExpSigma := range pk.BasisExpSigma {
			basisExpSigma.ScalarMultiplication(&basisExpSigma, sigma)
		}
	}
	pks.VK.GRootSigmaNeg.ScalarMultiplication(&pks.VK.GRootSigmaNeg, &sigmaInv)

	return nil
}

Where I'm currently stuck is actually generating the original commitmentBases to get the process started.
In groth16.Setup there is:
https://github.com/Consensys/gnark/blob/db299cef6c78dc5acff8453b66c910c15ea88123/backend/groth16/bn254/setup.go#L113C2-L196C3

But I'm not exactly sure how that would translate to what I'm trying to do here. Any guidance is appreciated!

[0xForerunner]

I'm initializing the pedersen keys like this:

func InitPedersen(bases ...[]curve.G1Affine) (pks PedersenKeys, err error) {
	_, _, _, g2 := curve.Generators()

	pks.VK.G = g2

	var modMinusOne big.Int
	modMinusOne.Sub(fr.Modulus(), big.NewInt(1))

	// set sigma to 1
	sigma := big.NewInt(1)

	// Todo: simplify
	var sigmaInvNeg big.Int
	sigmaInvNeg.ModInverse(sigma, fr.Modulus())
	sigmaInvNeg.Sub(fr.Modulus(), &sigmaInvNeg)
	pks.VK.GRootSigmaNeg.ScalarMultiplication(&pks.VK.G, &sigmaInvNeg)

	pks.PK = make([]pedersen.ProvingKey, len(bases))
	for i := range bases {
		pks.PK[i].BasisExpSigma = make([]curve.G1Affine, len(bases[i]))
		for j := range bases[i] {
			pks.PK[i].BasisExpSigma[j].ScalarMultiplication(&bases[i][j], sigma)
		}
		pks.PK[i].Basis = bases[i]
	}
	return
}

And the overall workflow would look something like this:

   fmt.Println("Initializing phase2...")
   phase2, evals := mpcsetup.InitPhase2(r1cs, &phase1)

   // TODO: This is completely broken.
   fmt.Println("Initializing Commitment Bases...")
   commitmentBases, err := InitCommitmentBases(r1cs, &evals)
   if err != nil {
   	t.Fatal(err)
   }

   fmt.Println("Initializing Pedersen Keys...")
   pedersenKeys, err := InitPedersen(commitmentBases...)
   if err != nil {
   	t.Fatal(err)
   }

   fmt.Println("Running phase2 contribution...")
   phase2Final := phase2
   phase2Final.Contribute()

   fmt.Println("Running pedersen contribution...")
   pedersenKeysFinal := pedersenKeys
   pedersenKeysFinal.Contribute()

   fmt.Println("Running phase2 verification...")
   mpcsetup.VerifyPhase2(&phase2, &phase2Final)

   fmt.Println("Extracting keys...")
   pk, vk := mpcsetup.ExtractKeys(&phase1, &phase2Final, &evals, r1cs.NbConstraints)
   pk.CommitmentKeys = pedersenKeys.PK
   vk.CommitmentKey = pedersenKeys.VK

[0xForerunner]

Update Here #1180