# Verifying the KZG Ceremony Transcript Ethereum's KZG Ceremony has come to an end, and the result has been finalised. The response from contributors was astounding, but we have more to ask from the community. Verification of the ceremony transcript is something that anyone can do, and everyone who does the verification improves confidence in the ceremony result. The [ceremony contribution site](https://medium.com/r/?url=https%3A%2F%2Fceremony.ethereum.org%2F) has been adapted to allow verification of the transcript. A number of checks are performed, including an optional check of your own contribution, for those who verified their identity with an Ethereum address. The checks are discussed in detail below. In brief, the tests are to verify that the structure of the transcript is correct; that the cryptographic properties of the result are valid; and, optionally, signature checks on individual contributions. --- Click the 'Verify transcript' button to get started.  Before the search and verify functions can work, the full transcript will be downloaded to memory. It's a large file, so be patient while it downloads. Enter your Ethereum address if you wish to include the signature check for your contribution. Click 'Verify' to run the suite of checks.  --- ## The Verification Checks ### Sanity Checks The structure of the file is checked. The transcript is provided in the form of a JSON document. The names of fields, and their hierarchy within the document, must correspond to the [specifications](https://medium.com/r/?url=https%3A%2F%2Fgithub.com%2Fethereum%2Fkzg-ceremony-specs). The file will contain four transcript sub-sections, one for each of the four separate powers of tau: 2¹², 2¹³, 2¹⁴, and 2¹⁵. This structure is verified, including a check that the number of points in each of the sub-sections is correct. ### Non-zero Contributions The end result of the ceremony is a product of the multiplication of the secrets for each of the 141,416 contributions. This is done in elliptic curve mathematics, so that those secrets remain unknown, but the result can be made public. Multiplying any number by zero yields zero, and it's the same in elliptic curve mathematics. So, if a contributor were to use a secret of zero, the result would cancel out all the prior contributions. Therefore, such contributions are disallowed. These cases will have been rejected by the sequencer at the time of submission, but repeating the checks here is a defence against this kind of attack elsewhere in the pipeline. ### Powers-of-Tau Cryptographic Checks The transcript contains a series of elliptic curve BLS12–381 points in both the G1 group and the G2 group. The points are 𝜏, raised to the power of each successive integer (hence, powers of tau), as a point in the group. The first part of this test will ensure that all points are valid points within the appropriate group. A requirement of the ceremony specification was that a different secret be used for each of the four sub-sections. This can be easily checked by comparing the 𝜏¹ elements to ensure they are all different. The powers of tau in the transcript must be two series of points: 𝜏ⁿ.𝓰₁ and 𝜏ⁿ.𝓰₂ with the exponent, n, increasing continuously from 0. A multi-scalar multiplication check will confirm this pattern. ### Transcript Hash The final transcript's SHA256 hash is `8ed1c73857e77ae98ea23e36cdcf828ccbf32b423fddc7480de658f9d116c848`. This was [publicly attested](https://x.com/CarlBeek/status/1694566774375698789?s=20) when the ceremony closed. This test will confirm a match with the hash of the transcript, as downloaded for verification.  ### Contribution Sequence This test looks at elements of the witness history, which records summary data for each contribution. The running product records 𝜏.𝓰₁. The public key records the secret used by the contributor as a G2 point. Now, the running product for contribution n, 𝜏ₙ = s.𝜏ₙ₋₁ So, the ratio between a running product value, 𝜏ₙ.𝓰₁ and its predecessor is the same as the ratio of the public key (s. 𝓰₂) to 𝓰₂. Bilinear pairings enable us to verify that those ratios are equal without ever knowing the value of the secret (s), which, of course, has been discarded. ### ECDSA Signature Those contributors who signed in with an Ethereum address may have provided their contribution with the optional ECDSA signature. This signature guarantees that the contribution was provided by the keyholder for that address. An ECDSA signature check will confirm that the contributor's address matches that of the signer.  The message signed with this signature is an EIP-712 data structure that includes the four public keys for the contribution. --- Some of these computations take some time to complete. Your participation in verifying the transcript is valuable in ensuring the integrity of the KZG ceremony. Your patience will not go unrewarded. A POAP may be claimed by those who complete the process. You can also send a tweet about your participation. Thanks to all participants for helping to make Ethereum greater.