Author: Loopy Lu, BeWater
Recently, Vitalik Buterin's sudden visit to the Hong Kong Blockchain Summit has excited the attendees. This also reflects to a certain extent the current situation in the cryptocurrency market. Recently, the trend of Ethereum has been relatively weak compared to the Bitcoin ecosystem, with Ethereum's liquidity fragmentation and performance limitations once again raising doubts.
At this summit, Vitalik gave clear recommendations for the future development of Ethereum. In his keynote speech "Reaching the Limits of Protocol Design," Vitalik looked positively at the role of ASIC chips, and the hardware acceleration of ZK calculations using ASIC chips can elevate the efficiency and security of Ethereum to a whole new level.
To understand ZK hardware acceleration, we naturally need to start with ZK. ZKP is not a new concept. Since the 1980s, computer scientists have been continuously exploring in this direction. Currently, popular ZKRollup projects are being launched one after another, and more ZK applications are emerging, indicating the continuous evolution of ZK technology and the market. We find that ZK hardware acceleration is maturing, and the ZK+DePIN mode is emerging, making this cycle of ZKP seem different from before.
Zero-Knowledge Proof (ZKP) is hailed as the "Holy Grail" of encryption technology, not only introducing new solutions to the long-standing privacy protection dilemma, but also providing powerful solutions to the long-standing blockchain scalability problem.
It is well known that the efficiency issue of ZK has always been a problem for many users and projects. At the Hong Kong summit, Vitalik stated that although protocols based on advanced cryptography such as ZK-SNARKs, MPC, FHE (Fully Homomorphic Encryption), and BLS aggregation are developing rapidly, they also have efficiency and security issues.
(Image source: ForesightNews)
For example, the Ethereum slot block time is 12 seconds, the "ordinary" block verification time is about 400 milliseconds, the ZK-SNARK proof time is about 20 minutes, and Ethereum's goal is to achieve real-time proof.
To address this issue, Vitalik proposed three solutions, namely "parallelization and aggregation trees," using SNARK algos and hash to improve efficiency, and using ASIC for ZK hardware acceleration.
We do not make judgments on the three solutions, but here we will delve into the hardware acceleration of ZK. This article attempts to start from ZKP and explain to investors why Vitalik is optimistic about "hardware acceleration," a race that is currently rarely mentioned. What are the differences between "ZK acceleration," "ZK," and "ZKRollups," and how to accurately distinguish them?
From the perspective of the entire ecosystem, why is the hardware acceleration race important? What kind of value does it provide for Ethereum, ZK, and the entire crypto world? We will take Cysic as an example to discuss in detail the past, present, and future of hardware acceleration.
What is the role of the hardware acceleration that Vitalik is optimistic about?
For the crypto world, ZKP (SNARKs/STARKs) is considered the Holy Grail of scalability technology. zk-SNARKs verifies the correctness of the original calculation through Verification Computation, where the Prover first generates a Succinct Proof for the original calculation, and the Verifier then uses a smaller-scale computation to verify the correctness of the proof.
Among various scalability solutions, ZKP has promoted the development of off-chain computation. Transactions are no longer executed in a single layer network, but are completed off-chain in a rollup, and parts of the data such as the state root of multiple transactions are packaged and published to the main network for verification and settlement. Mainnet nodes can verify the transaction history on the Rollup through ZKP, and its security is still guaranteed by a single layer. ZKP solves the trust issue in the verification process through zero-knowledge proof mathematically, and requires minimal on-chain space. ZKRollup can achieve tens of times the transaction processing speed and efficiency compared to a single layer.
L2BEAT data shows that the total TVL of the top five ZKRollups has reached approximately $3 billion. This number still has a considerable gap compared to Ethereum's TVL of $50 billion and the entire DeFi market's scale of $91 billion. We believe that with the maturity of ZK technology, the penetration rate of ZKRollup will inevitably increase further. After Ethereum completes the Cancun upgrade, the introduction of EIP-4844 significantly reduces the fees for Layer2. After various mainstream Layer2 adapt "Blob transactions," empirical data shows a significant decrease in gas fees for various ZKRollups. For example, Starknet has reduced by about 85%, and zkSyncEra has reduced by about 65%.
ZK-based projects in the market are growing rapidly. Projects based on ZK technology with a market value of over $1 billion, such as Polyhedra, Immutable, StakNet, zkSync, Mina, and dYdX, are well known. This race can generally be divided into three layers: infrastructure, ZK-Rollup, and ZK applications.
Infrastructure mainly includes programming frameworks and tools, ZKP proof markets, hardware acceleration for proof generation, ZK machine learning, etc. Most projects in this race revolve around the generation and computation of ZKP, providing a technical foundation for the deployment of ZK applications (whether network or dApp).
The most eye-catching is ZKRollup. The explosion of ZKRollup provides ample support for scalability and "mass adoption" narratives. Of course, on top of this, there are various dApps that use ZK technology, mostly utilizing ZK's features to provide privacy and other applications for encrypted users.
However, the high computational resources required for ZK proof generation have been a bottleneck for the further advancement of this race.
How far are we from the implementation of use cases?
If ZK technology is so powerful, why has it not been widely adopted? The main reason is that the core algorithms and implementation mechanisms of ZK technology are extremely complex. Currently, there are mainly two widely adopted ZK proof systems—zk-SNARKs and zk-STARKs. For example, zkSync, Aztec, Axiom, Scroll, Taiko, etc., use proof systems based on zk-SNARK, while StarkNet, dYdX, Polygon, etc., use proof systems based on ZK-STARKs.
The use of zero-knowledge proof systems usually includes: "flattening computation," "proof generation," and "proof verification." The "proof generation" step requires a large amount of computational support.
"Flattening computation" is the process of expressing an original calculation in the form of a ZK circuit through a certain constraint language (such as R1CS). For example, zk-SNARKs commonly used proof systems include Groth16, Marlin, and Halo/Halo2. Groth16 uses R1CS as the constraint language for flattening computation. For newer proof systems, such as Halo/Halo2, they use the Plonk system's circuit constraint language, which is widely used in some newer ZK projects, such as Scroll, Taiko, Aximo, etc.
As mentioned earlier, the generation of ZK proofs requires a large amount of computation. Let's take KGZ-based Halo2 as an example to briefly analyze the types of computations involved. First, after constructing the ZK circuit through the front-end constraint language, we need to transform these circuits into polynomial form in some way, where the order of the polynomial is directly related to the scale of the circuit. Then, cryptographic means, such as KZG, are used to finally convert these polynomials into proof form. In this process, the main time-consuming computation types include MSM and NTT.
MSM (Multi-Scalar Multiplication) calculation is used for processing calculations related to elliptic curves. MSM is a core component in elliptic curve cryptography, mainly used for generating and verifying proofs. MSM-type calculations account for about 60-70% of the computational tasks.
NTT (Number Theoretic Transform) is a type of Fast Fourier Transform (FFT) performed in a finite field. NTT is used for processing calculations related to polynomials. In the computation of ZK proof generation, NTT-type calculations account for approximately 25% of all computational tasks.
Although ZK-STARKs use different algorithms, they also have their own performance bottlenecks. In the proof generation process, the prover needs to create a system composed of multiple constraints, which must be simultaneously satisfied to generate a valid proof. These constraints are usually randomly generated, and the FRI algorithm (Fast Recursive Integer Gaussian Sampling) is used to generate and verify Gaussian samples in the proof, ensuring the randomness of these constraints. Therefore, the efficiency of the FRI algorithm is crucial for the performance of ZK-STARKs.
However, regardless of the route taken, the massive amount of computation makes the computation time extremely slow. Therefore, accelerating the speed of these calculations and improving the efficiency of proof generation has become a key factor limiting the widespread adoption of ZKP.
To address this issue, using hardware for computational acceleration has become a viable solution. Currently, the market has produced multiple hardware acceleration solutions, and there is no standard answer to which hardware to choose.
The mainstream hardware acceleration solutions for ZKP in the current market are divided into three types, with decreasing flexibility from high to low: GPU, FPGA, and ASIC.
Because some steps in ZKP algorithms (such as polynomial multiplication and FFT transformation) can be processed in parallel, using a GPU can naturally complete the computational process of ZKP algorithms more efficiently, similar to mining with graphics cards many years ago. However, the problem is that the flexibility and generality of GPUs make it difficult to surpass FPGAs in terms of performance.
FPGAs can implement specific logic functions through programming. This solution provides higher efficiency and maintains a certain level of flexibility, allowing circuits to be customized as needed. After optimizing for specific ZKP algorithms, FPGAs outperform GPUs.
ASICs are specialized chips tailored for specific tasks. Just as ASIC miners provide powerful computing power for Bitcoin, ASIC hardware acceleration for ZKP can provide the highest level of performance optimization for the computational process. However, ASICs can only adapt to a single solution and cannot be used for all existing ZKP proof tasks. More universal ASIC chips will require greater adjustments from design to fabrication.
ASICs have the most powerful computing power, but their limitation lies in flexibility. Due to the diversity of ZK algorithms, acceleration solutions still need to accelerate multiple algorithms. Considering the continuous emergence of new ZKP proofs in the market, the rapid reconfiguration capability of FPGAs gives them the advantage of reusability in multiple scenarios and the flexibility to adapt to different proof system requirements. Therefore, in the current market conditions, as a hardware acceleration service provider, offering only ASIC chip services for accelerating a single proof system is not the "best choice at this moment."
But does ASIC have no potential for future breakthroughs? The answer is definitely no.
Choosing the right proof system is a very cautious and significant decision. Due to the high design cost of ZK circuits, once a proof system is determined, ZK projects are unlikely to change proof systems easily. After investing resources in developing a specific proof system circuit, project teams usually do not change systems easily. Although FPGAs provide a certain level of flexibility, for ZK projects that have already been determined and developed, ASICs can still provide higher computational efficiency, which is particularly important for large-scale, computationally intensive ZK applications. Therefore, despite the high initial development cost of ASICs, the high return on investment after successful fabrication still gives them a place in the market. Therefore, ASIC solutions have a certain level of stability and demand in the market.
In the foreseeable future, ASIC acceleration solutions remain one of the ultimate solutions for hardware acceleration.
Taking the Cysic project in the hardware acceleration race as an example, Cysic provides a full range of hardware acceleration services, including FPGA, ASIC, and GPU, which not only improve the production efficiency of specific ZK proofs but also meet the needs of different blockchain platforms/ZK projects.
For example, Cysic has developed a SolarMSM accelerator based on FPGA for MSM calculation acceleration. This solution significantly improves the efficiency of MSM calculations and can handle large-scale MSM tasks in a short time. According to data, Cysic's SolarMSM can easily complete 2^30-scale MSM calculations within 300ms, placing its performance at the top level in the industry.
Through this hardware acceleration, Cysic can effectively reduce the time required for ZK proof generation, making blockchain applications and protocols based on ZKP more efficient and practical. This is crucial for promoting the widespread application of ZKP technology, especially in scenarios requiring fast and efficient proof generation.
Currently, Cysic has completed the POC design work for MSM acceleration solutions. The FPGA-based POC is currently the highest-performing among all publicly available FPGA-MSM hardware acceleration results, surpassing the publicly available benchmark results by 1-2 orders of magnitude, and the design and fabrication work for ASICs is also underway. In the future, Cysic will develop 12nm ASIC chips in the second phase. The goal is to achieve single-chip ASIC computational power to support MSM and NTT, as well as other cryptographic underlying operators, while reducing single-chip power consumption by two orders of magnitude.
In addition, Cysic has actively embraced GPU-based acceleration solutions, providing more flexible acceleration services for ZK and even AI computations.
As long as ZKP computations are faster, the cryptographic world is one step closer to obtaining the "Holy Grail" of ZKP.
DePIN Primitive Drives Market Growth
The importance of hardware acceleration is beyond doubt. Another major concern for investors is the potential market size of ZK hardware acceleration.
Paradigm has made predictions that the market size of ZK acceleration is comparable to the POW mining market. As mentioned earlier, with the completion of the Cancun upgrade, the larger-scale adoption of ZKRollup will bring a significant demand for ZK calculations.
Privacy protection is another major market demand. Projects such as Semaphore, MACI, Penumbra, and Aztec Network are exploring the use of ZK technology to enhance user privacy and drive large-scale adoption. Additionally, the field of identity verification is one of the main use cases for ZK technology, including the popular WorldID, as well as projects like Sismo, Clique, and Axiom, which are dedicated to applying ZK technology to identity management to provide more secure and privacy-protecting solutions.
ZKML (Zero-Knowledge Machine Learning) is another rapidly developing area. In the current AI boom, the need for verifying AI to work correctly and transparently is essential. ZKML allows for reasoning and other processes to be verified on-chain, theoretically enabling verification without revealing specific content.
Therefore, whether it is the widespread adoption of ZKRollup, the emergence of privacy-related dApps, or the development of ZKML, all contribute to the demand for ZKP acceleration.
However, the threshold for ZK acceleration remains high and is still extremely unfriendly to many small and medium-sized project teams. Many ZKP demanders still need to purchase acceleration hardware in a centralized manner and deploy acceleration services on their own. They also need to choose the appropriate acceleration solution based on their own ZKP generation roadmap.
A flexible validator network (ZKprovernetwork) has become the industry consensus solution. The ZKCompute-as-a-Service (ZKCaaS) new product form based on this will solve the above dilemma.
Taking Cysic as an example, Cysic will build a validator network for hardware acceleration, where FPGA, ASIC, or other hardware can provide ZK acceleration computing power to users in the network, and personal devices can also connect to it. For ZK project teams, when they need computing power support for ZKP verification, they can directly connect to Cysic's ZK computing power network without the need for hardware procurement. There is no need to pay too much attention to the specific details of the acceleration solution. Currently, Cysic has deployed tens of thousands of high-end graphics cards to reserve sufficient ZK computing power for the validator network.
Currently, Cysic has partnered with several projects including Scroll, zkP2P, Inference, Kinetex, covering various types of projects such as ZKRollup, ZKML, and application layers. The proof systems used include Halo2, RapidSnark, Plonky2x, and other systems, making Cysic's acceleration computing solution highly flexible and versatile.
Cysic configures the supply and demand of computing power in a decentralized manner through native encryption. The supply side of ZK computing power has been upgraded from centralized and non-scalable hardware to a computing power network accessible to all users, providing individual investors with more opportunities to participate in the market. On the demand side, ZKCaaS can provide stronger elasticity and stability for ZK computing, and the decentralized market can more efficiently schedule and match computing power supply and demand through smart contracts.
Therefore, ZKCaaS turns hardware acceleration into a "plug and play" service and creates a scenario where everyone can accelerate ZK computing, transforming the ZK field with the decentralized hardware infrastructure of DePIN, providing returns for proprietary or idle computing power, and giving us hope for another wave of ZK+DePIN mining blue ocean.
Reference:
"ABCDE: Why Do We Invest in Cysic?", SiyuanHan
"New Paradigm in Designing ZK-ASICs, the zkVM way", Cysic
"ZK Hardware Acceleration: The Past, the Present, and the Future" ,Luke Pearson & Cysic Team
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
