Key Points:
The generation of ZK proof (ZK Proof Generation) is one of the core steps in the ZK project. Unfortunately, under existing ZK proof systems, generating ZK proofs usually requires a lot of computation. As the complexity of the project increases and the scale of the ZK circuit increases, the amount of calculation required for ZK proof generation will increase exponentially.
For example, for large-scale zkEVM/zkVM projects such as Scroll and zkSync, it may take hours or even days of calculation if it uses the CPU to generate ZK proofs. In real business, most projects need to limit the generation of ZK proofs to seconds and minutes. Computing time of several hours or longer is completely unacceptable for most ZK projects, especially for expansion projects such as zkEVM/zkVM.
In addition, the computational complexity of ZK proof generation is difficult to reduce theoretically in the time window of about two years before the ZK project is officially launched in the future.
Therefore, in order to ensure the usability of the project, before the project is officially launched, the ZK project party must adopt the technical solution of “accelerating the generation of ZK proofs” to accelerate the generation of ZK proofs to the second or minute level. The method of accelerating ZK-proof generation through high-performance hardware is currently the first choice.
In the process of ZK proof generation, the main time-consuming calculations can be divided into two types:
1. NTT (Number Theoretic Transform) calculation based on polynomials
2. MSM (Multi-Scalar Multiplication) calculations on elliptic curves. Generally speaking, in a calculation generated by a ZK proof, NTT-type computing tasks account for about 25% of all computing tasks, and MSM-type computing tasks account for about 60–70%.
Fortunately, these two types of computing tasks exist:
1. The logic is relatively simple
2. A large number of repetitions of the same computing logic
3. The characteristics of parallelism (similar to Bitcoin Mining computing). Therefore, it is theoretically feasible to use high-performance hardware to accelerate these two types of calculations.
As shown in the figure below, we can find that the NTT calculation (upper left part) and MSM calculation (right side) are lightly coupled in the workflow of ZK proof generation. Therefore, the ZK project party can choose according to actual needs:
1. Accelerate NTT calculation alone or
2. Accelerate MSM calculation alone
3. Accelerate NTT and MSM as a whole, three options.
Workflow of General ZK proof generation process
Similar to the mining solution, the current ZK hardware acceleration solution is mainly implemented through the following three types of hardware:
Currently, there are two main hardware acceleration solutions available on the market: GPU and FPGA. Acceleration schemes using GPU/FPGA are relatively easy to implement. Therefore, in order to seize the market faster, most manufacturers will first implement the GPU/FPGA solution. Due to the high hardware cost of GPUs and FPGAs, relatively high power consumption, and limited absolute performance. Therefore, the ASIC solution is a part that cannot be ignored in the ZK hardware acceleration ecosystem.
ZK hardware acceleration providers can provide ZK-proof generation acceleration services in two ways:
As we mentioned above, during the generation of ZK proofs, NTT and MSM calculations are lightly coupled. Therefore, according to different service granularities, hardware acceleration service providers can provide the following three granular services.
NTT and MSM computing problems have been studied extensively for many years. It is difficult for major manufacturers to achieve breakthroughs in computing theory in a short period of time. Therefore, the technical differences between various manufacturers lie more in engineering realization capabilities, control of algorithm details, technology stack (hardware) selection, cost control of hardware production, and product design capabilities. When customers choose an acceleration vendor, they will focus on the following three factors:
Cysic was founded in late August 2022 by Leo Fan and Bowen Huang. The main goal of Cysic is to provide hardware acceleration services for the ZK project’s ZK-proof generation process. California, USA, and Mainland China. The backgrounds of these founding members are mainly from the Ph. D.s from the Department of Computer Science of Top 20 Universities in the United States and the chip design team of the Institute of Computing Technology, Chinese Academy of Sciences.
At this stage, the project has realized the POC verification of FPGA-based MSM calculation, and the project code is SolarMSM. At this stage, SolarMSM will provide external services through SaaS.
At present, Cysic has reached cooperation intentions with several leading ZK project parties and will provide them with testing services in the near future. According to the evidence of many industry authorities, SolarMSM is in the Top-Tier position in the industry in accelerating MSM computing performance.
The two founders have strong technical backgrounds and are experts in cryptography and hardware design. Dr. Leo graduated from Cornell University under the tutelage of an internationally renowned professor of cryptography, Elaine Shi. Before joining Rutgers University as an assistant professor, Leo worked as a cryptography researcher at Algorand.
Another founder, Bowen Huang, worked in the Institute of Computing Technology, Chinese Academy of Sciences for 6 years before founding Cysic and going to Yale University to study for a Ph.D. Design landing.
At present, Cysic has implemented the POC design of the MSM acceleration solution based on Xilinx’s public FPGA, code-named SolarMSM. In POC verification, for the MSM computing task whose input size is 2³⁰, SolarMSM can accelerate it to less than one second. This is currently the strongest level among all public data results in the industry, and it is 1–2 orders of magnitude higher than the champion performance of the ZPrize competition.
Quick implementation of SolarMSM demonstrates:
At the same time, the POC at this stage is also an internal verification of the Cysic hardware design/development work. Because the error correction cost of ASIC chips is higher than that of FPGA solutions, full machine verification through SolarMSM at high bandwidth, high power consumption, and high interconnection levels can greatly reduce the risk of future ASIC chip errors.
Cysic plans to provide a complete ASIC hardware acceleration solution, including NTT and MSM computing. Currently, the project party adopts a two-stage R&D strategy.
Phase 1: FPGA-based POC
In the first phase of the project, a POC version of MSM and NTT acceleration based on Xilinx’s public FPGA: SolarMSM. At present, the MSM computing acceleration module has been completed, and the 2³⁰-scale MSM computing can be completed in less than one second, which is the highest performance among all the public FPGA-MSM hardware acceleration results, leading the competition by more than 1–2 orders of magnitude. If nothing else, SolarMSM will hold the highest performance record for MSM hardware acceleration until ASIC chips come out. Cysic has reached cooperation intentions with several leading ZK projects and will first provide MSM acceleration services for these projects.
In the next few months, Cysic plans to complete the NTT computing acceleration module SolarNTT based on SolarMSM. SolarNTT and SolarMSM will be deployed on the same server to perform accelerated computing based on the same large-scale FPGA interconnection system. These two sets of implementations will be integrated through the high-speed interconnection architecture designed by Cysic to become an all-in-one acceleration solution, SolarZKP. SolarZKP will provide API services externally through SaaS.
Phase 2: 12nm ASICs
After the POC stage, Cysic will start the 12nm ASIC development stage. The goal is to achieve the computing power of a single ASIC chip reaching the performance of the entire SolarZKP (supporting both MSM and NTT computing and other core functions specified by the project party) while reducing the power consumption of a single chip to two orders of magnitude.
How do customers choose hardware acceleration solutions?
In actual production, different ZK customers have different requirements for hardware acceleration, depending on how sensitive the ZK project is to the proof generation time. For example:
We believe that in the future, there will be tools that combine different hardware acceleration vendors’ solutions to help customers generate optimal solutions.
At present, many companies have participated in the competition on the ZK hardware accelerated track. There are project development delay risks and market risks for ASIC-based ZK hardware acceleration projects.
Project Development Delay Risk
There is a relationship of mutual cooperation and mutual achievement between the ZK project party and the ZK hardware acceleration manufacturer. As the ZK project party, it will first choose the first available hardware acceleration solution to seize the market share of the ZK project itself. For the zkEVM/zkVM project, being able to provide L2 block proofs stably is one of the most important considerations. Therefore, some ZK project parties will reach long-term cooperation intentions with hardware acceleration vendors in the early stage. If the project development is too slow, part of the market share may be lost in the early stage. At the same time, there is a risk of failure in ASIC tape-out. Affected by chip manufacturers’ capacity constraints, tape-out failures will force the project to re-schedule tape-out, causing project delays.
Market risk
The ZK project party can be divided into two categories: the privacy category and the expansion category. For privacy projects, using hardware acceleration may reduce the risk of side-channel attacks to some extent, but considering privacy issues, privacy projects will be more cautious in choosing ZK hardware acceleration solutions, such as choosing to purchase hardware directly instead of Not via SaaS service.
At present, there are three powerful competitors in the industry, namely Supranational, Ulvantanna, and Auradine.
Supranational has entered the GPU-accelerated ZK track since 2019 and recently began to involve the FPGA/ASIC field. Supranational already has a very mature open-source GPU-based acceleration solution, and its performance is at the forefront of the industry. At the same time, we expect that Supranational also has a commercial closed-source solution with better performance. Supranational entered the market earlier, with certain industry resources and good cash flow.
The founding team is from Jump Crypto and has received investment from paradigm and bain crypto. Its strength should not be underestimated.
Compared with the Senior, the founding team has rich entrepreneurial experience and a platform of top manufacturers and capital.
The rest of the teams, such as Ingonyama and Jump Crypto, entered the track before them, but their performance is not as good as that of SolarMSM at this stage, according to the public data.
At present, in addition to dedicated hardware acceleration teams, many ZK project parties are also exploring hardware acceleration solutions internally, such as zkSync and Scroll.
zkSync chooses GPU/FPGA acceleration solution. According to the published results on ZPrice, zkSync’s GPU solution takes 2.528 seconds when the input scale is 2²⁶ MSM. This performance is less than one-tenth of the Cysic SolarMSM solution (2³⁰ MSM calculation takes less than 1 second).
Scroll has been researched internally for GPU-based acceleration. At the same time, Scroll and some academic institutions are cooperating to explore better solutions, and their latest academic research results were published at ASPLOS 2023, the top conference in the field of computer architecture [3]. As the leading zkEVM project, it is worth looking forward to and tracking their follow-up progress.
DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
Join us to keep track of news: https://linktr.ee/coincu
Harold
Coincu News
So, you’re on the lookout for the next big thing in crypto? Aren’t we all?…
Miami, Florida, 13th November 2024, Chainwire
Robinhood Crypto has expanded its U.S. platform with the addition of Solana, Pepe, Cardano, and…
If you’ve been following the crypto space, you already know that Chainlink (LINK) has been…
BlackRock BUIDL funds have been expanded to Arbitrum, Aptos, Avalanche, Optimism, and Polygon.
Tokyo-based Metaplanet Bitcoin holdings grew by $28 million, doubling to 1,018.17 BTC since late September.
This website uses cookies.