- Topic1/3
6k Popularity
55k Popularity
9k Popularity
19k Popularity
701 Popularity
- Pin
- #Gate 2025 Semi-Year Community Gala# voting is in progress! 🔥
Gate Square TOP 40 Creator Leaderboard is out
🙌 Vote to support your favorite creators: www.gate.com/activities/community-vote
Earn Votes by completing daily [Square] tasks. 30 delivered Votes = 1 lucky draw chance!
🎁 Win prizes like iPhone 16 Pro Max, Golden Bull Sculpture, Futures Voucher, and hot tokens.
The more you support, the higher your chances!
Vote to support creators now and win big!
https://www.gate.com/announcements/article/45974
- 🎉 Hey Gate Square friends! Non-stop perks and endless excitement—our hottest posting reward events are ongoing now! The more you post, the more you win. Don’t miss your exclusive goodies! 🚀
1️⃣ #ETH Hits 4800# | Market Analysis & Prediction: Boldly share your ETH predictions to showcase your insights! 10 lucky users will split a 0.1 ETH prize!
Details 👉 https://www.gate.com/post/status/12322612
2️⃣ #Creator Campaign Phase 2# |ZKWASM Topic: Share original content about ZKWASM or its trading activity on X or Gate Square to win a share of 4,000 ZKWASM!
Details 👉 https://www.gate.com/post/st
Why is Vitalik optimistic about ZK hardware acceleration?
Author: Loopy Lu, BeWater
Recently, Vitalik Buterin's sudden visit to the Hong Kong Blockchain Conference excited all the participants. This also reflects the current situation of the crypto market to a certain extent. Recently, the trend of Ethereum has been slightly weaker than the Bitcoin ecosystem. The fragmentation of Ethereum's liquidity and limited performance have once again made it questioned.
At this conference, Vitalik gave clear suggestions for the future development of Ethereum. In his keynote speech "Reaching the Limits of Protocol Design", Vitalik actively looked forward to the role of ASIC chips. With the help of ASIC chips for hardware acceleration of ZK computing, the efficiency and security of Ethereum can be improved to a new level.
To interpret ZK hardware acceleration, we naturally have to start with ZK. ZKP is not a new concept. Computer scientists have been exploring in this direction since the 1980s. Currently, popular ZK Rollup projects are launched one after another, and more ZK applications are emerging, corresponding to the continuous evolution of ZK technology and the market. We found that ZK hardware acceleration is maturing, and the ZK + DePIN model is emerging. ZKP in this cycle seems to be different from before.
Zero-Knowledge Proof (ZKP) is known as the "holy grail" of encryption technology. It not only introduces a new solution to the long-standing problem of privacy protection, but also provides a powerful solution to the blockchain expansion problem that has existed for many years.
As we all know, the efficiency problem of ZK has always been a problem for many users. **Vitalik said at the Hong Kong conference that although protocols based on advanced cryptography such as ZK-SNARKs, MPC, FHE (fully homomorphic encryption) and BLS aggregation are developing rapidly, they also have efficiency and security issues. **
(Image source: Foresight News)
Among them, the Ethereum Slot block time is 12 seconds, the "normal" block verification time is about 400 milliseconds, the ZK-SNARK proof time is about 20 minutes, and Ethereum's goal is to achieve real-time proof.
To solve this problem, Vitalik gave three solutions, namely "parallelization and aggregation tree", using SNARK algos and hashing to improve efficiency, **using ASIC for ZK hardware acceleration. **
We do not judge the pros and cons of the three solutions, but only discuss ZK's hardware acceleration in depth. This article attempts to explain to investors from the perspective of ZKP why Vitalik is optimistic about "hardware acceleration", a track that is rarely mentioned at present? What are the differences between similar terms such as "ZK acceleration", "ZK", and "ZK Rollups", and how to accurately distinguish them?
From the perspective of the entire ecosystem, why is the hardware acceleration track important? What value does it provide for Ethereum, ZK, and the entire crypto world? We will take Cysic as an example to discuss in detail the past, present, and future of hardware acceleration.
What is the role of the hardware acceleration that Vitalik is optimistic about?
For the crypto world, ZKP (SNARKs/STARKs) is regarded as the holy grail of scaling technology. zk-SNARKs verifies the correctness of the original computation through Verification Computation, that is, the prover first generates a succinct proof for the original computation, and the verifier uses a smaller-scale computation to verify the correctness of the proof.
Among various expansion plans, ZKP has promoted the development of off-chain computing. That is, transactions are no longer executed on the first layer of the network, but are completed in the rollup off the chain, and partial data such as the status root of multiple transactions are packaged and published to the main network for verification and settlement. The main network node can verify the transaction history on the Rollup through ZKP, and its security is still guaranteed by the first layer. ZKP uses zero-knowledge proof to solve the trust problem in the verification process through mathematical means, and the required on-chain space is small. ZK Rollup can achieve dozens of times the transaction processing speed and efficiency compared to the first layer.
L2 BEAT data shows that the total TVL of the top five ZK Rollups has reached about $3 billion. This figure is still quite far from Ethereum's TVL of $50 billion and the entire DeFi market's $91 billion. We believe that as ZK technology matures, the penetration rate of ZK Rollup is bound to increase further. After Ethereum completed the Cancun upgrade, the introduction of EIP-4844 significantly reduced the cost of Layer 2. After the mainstream Layer 2s adapted to "Blob transactions", measured data showed that the gas fees of each ZK Rollup dropped significantly. For example, Starknet dropped by about 85% and zkSync Era dropped by about 65%.
ZK-based projects in the market are growing rapidly. Among the ZK-based projects with a market value of more than $1 billion, Polyhedra, Immutable, StakNet, zkSync, Mina, dYdX, etc. are widely known. This track can be roughly divided into three layers: infrastructure, ZK-Rollup, and ZK applications.
The infrastructure mainly includes programming frameworks and tools, ZKP proof market, hardware acceleration of proof generation, ZK machine learning, etc. Most of the projects in these tracks revolve around the generation and calculation of ZKP, and they provide a technical foundation for the deployment of ZK applications (whether it is a network or a dApp).
The most eye-catching one is ZK Rollup. The outbreak of ZK Rollup provides sufficient support for the narrative of scalability and "mass adoption". Of course, there are also various dApps that use ZK technology, most of which use the characteristics of ZK to provide other applications such as privacy for encrypted users.
However, the excessive computing resources required to generate ZK proofs is a bottleneck that restricts further progress.
How far are we from the implementation of use cases?
Since ZK technology is so powerful, why is it still not widely adopted? The main reason is that the core algorithm and implementation mechanism of ZK technology are extremely complex. At present, there are two main ZK proof systems that are widely used - zk-SNARKs and zk-STARKs. For example, zkSync, Aztec, Axiom, Scroll, Taiko, etc. all use proof systems based on zk-SNARK, while StarkNet, dYdX, Polygon, etc. use proof systems based on ZK-STARKs.
The use of zero-knowledge proof systems usually includes: "flattening the calculation", "generating proof", "verifying proof". The "producing proof" step requires a lot of computing power support.
"Flattening computation" is to express an original computation in the form of a ZK circuit through a certain constraint language (such as R 1 CS). Taking zk-SNARKs as an example, the commonly used proof systems include Groth 16, Marlin and Halo/Halo 2. Among them, Groth 16 uses R 1 CS as the constraint language for flattening computation. For newer proof systems, such as Halo/Halo 2, the circuit constraint language of the Plonk system is used, which is widely used in some newer ZK projects, such as Scroll, Taiko, Aximo, etc.
As we mentioned before, the generation of ZK proofs requires a lot of computation. Let's use KGZ-based Halo 2 as an example to briefly analyze the types of these computations. First, after we construct the ZK circuits through the front-end constraint language, we will need to convert these circuits into polynomials in some way, and the order of the polynomial is positively correlated with the scale of the circuit. After that, some cryptographic methods, such as KZG, will be used to finally convert these polynomials into proofs. In this process, the main time-consuming computation types include MSM and NTT.
MSM (Multi-Scalar Multiplication) calculations are used to process calculations related to elliptic curves. MSM is a core component of elliptic curve cryptography and is mainly used to generate and verify proofs. MSM type calculation tasks account for about 60-70% of the calculation tasks.
NTT (Number Theoretic Transform) is a fast Fourier transform (FFT) performed on a finite field. NTT is used to process calculations related to polynomials. In the calculations generated by ZK proofs, NTT-type computing tasks account for about 25% of all computing tasks.
Although ZK-STARKs uses a different algorithm, it also has its own performance bottlenecks. In the process of generating a proof, the prover needs to create a system consisting of multiple constraints that must be satisfied at the same time to generate a valid proof. These constraints are usually generated randomly. The FRI algorithm (Fast Recursive Integer Gaussian Sampling) ensures the randomness of these constraints by generating and verifying Gaussian sampling in the proof. Therefore, the efficiency of the FRI algorithm is crucial to the performance of ZK-STARKs.
But no matter which route is adopted, the huge amount of calculation makes the calculation time very slow. Therefore, how to speed up these calculations and improve the efficiency of proof generation has become the key to limiting the popularity of ZKP at present.
In order to solve this problem, using hardware to accelerate computing has become a feasible solution. Currently, there are multiple hardware acceleration solutions on the market, but there is no standard answer as to which hardware to choose.
**There are three mainstream hardware acceleration solutions in the current ZKP market, and their flexibility is from high to low: GPU, FPGA, and ASIC. **
ASIC has the most powerful computing power, but its limitation lies in flexibility. Due to the diversity of ZK algorithms, acceleration solutions still need to accelerate multiple algorithms. Considering that ZKP proofs are constantly being innovated in the market, the rapid reconfiguration capability of FPGA gives it the advantage of reuse in multiple scenarios and can flexibly adapt to the needs of different proof systems. Therefore, under the current market conditions, as a hardware acceleration service provider, it can only provide ASIC chip services that only accelerate a single proof system, which is not the best choice "at this moment".
But doesn’t ASIC have the potential to explode in the future? The answer is naturally no.
Choosing the right proof system is a very cautious and important decision. Due to the extremely high design cost of ZK circuits, once the proof system is determined, ZK projects will hardly change the proof system easily. After the project party has invested resources to develop the circuit of a specific proof system, it is usually not easy to change the system. Although FPGA provides a certain degree of flexibility, for ZK projects that have been determined and put into development, ASIC can still provide a higher computing performance ratio, which is especially important for large-scale, computationally intensive ZK applications. Therefore, although the initial development cost of ASIC is high, the high return ratio brought by the successful tape-out will still have a place in the market. Therefore, ASIC solutions have a certain stability and demand in the market.
In the foreseeable future, ASIC acceleration will remain one of the ultimate solutions for hardware acceleration.
Let’s take the Cysic project in the hardware acceleration track as an example. Cysic provides full hardware acceleration services including FPGA, ASIC, and GPU. These acceleration services can not only improve the production efficiency of specific ZK proofs, but also adapt to the needs of different blockchain platforms/ZK projects.
For example, Cysic developed an FPGA-based MSM computing accelerator called SolarMSM. This solution significantly improves the efficiency of MSM calculations and can handle large-scale MSM tasks in a short time. Judging from the data, Cysic's SolarMSM can easily complete MSM calculations on a scale of 2³⁰ within 300 ms. This performance is at the top level in the industry.
Through this hardware acceleration, Cysic can effectively reduce the time required for ZK proof generation, making ZKP-based blockchain applications and protocols more efficient and practical. This is of great significance for promoting the widespread application of ZKP technology, especially in scenarios that require fast and efficient proof generation.
Currently, Cysic has implemented the POC design of the MSM acceleration solution. The FPGA-based POC has the highest performance among all publicly available FPGA-MSM hardware acceleration results, which is 1-2 orders of magnitude higher than the current public benchmark results. The design and tape-out of ASIC are also in progress. In the future, Cysic will develop 12 nm ASIC chips in the second phase. The goal is to achieve the computing power of a single ASIC chip to support MSM and NTT, and other underlying cryptographic operators, while reducing the power consumption of a single chip to two orders of magnitude.
In addition, Cysic has also actively embraced GPU-based acceleration solutions to provide more flexible ZK and even AI computing acceleration services.
As long as ZKP calculations are faster, the crypto world will be one step closer to seizing the ZKP "holy grail".
DePIN primitive drives market growth
The importance of hardware acceleration is unquestionable. Another major concern of investors is how big the market size of ZK hardware acceleration will be?
Paradigm has predicted that the market size of ZK acceleration is comparable to the market size of POW mining. As mentioned above, with the completion of the Cancun upgrade, the larger-scale adoption of ZK Rollup will bring a lot of demand for ZK computing.
Privacy protection is another major market demand. For example, Semaphore, MACI, Penumbra, and Aztec Network are exploring the use of ZK technology to enhance user privacy and promote large-scale adoption. At the same time, the field of identity authentication is also one of the main use cases of ZK technology, including the popular WorldID, as well as Sismo, Clique, Axiom and other projects, all of which are committed to applying ZK technology to identity management to provide more secure and privacy-protecting solutions.
ZKML (Zero-Knowledge Machine Learning) is another rapidly developing field. With the explosion of AI, verifying that AI works correctly and transparently has become a rigid demand. ZKML can put reasoning and other links on the chain, and in theory, verification can be performed without revealing the specific content.
Therefore, whether it is the widespread adoption of ZK Rollup, the emergence of dApp such as privacy, or the development of ZKML, all have increased the demand for ZKP acceleration.
However, the threshold for ZK acceleration is still high, and it is still extremely unfriendly to many small and medium-sized projects. Many ZKP demanders still need to purchase acceleration hardware in a centralized way and deploy acceleration services on their own. In addition, they also need to select the appropriate acceleration solution based on their own ZKP generation route.
A flexible verifier network (ZK prover network) has become the industry consensus solution. The new product form of ZK Compute-as-a-Service (ZK CaaS) formed on this basis will solve the above dilemma.
Take Cysic as an example. Cysic will use acceleration hardware to build a validator network. FPGA, ASIC or other hardware can provide users with ZK accelerated computing power in the network, and personal devices can also be connected to it. For ZK project parties, when computing power support is needed for ZKP verification, they can directly access Cysic's ZK computing power network without purchasing hardware. There is no need to pay too much attention to the details of the specific acceleration plan. At present, Cysic has launched tens of thousands of high-end graphics cards, which has reserved sufficient ZK computing power for the validator network.
Currently, Cysic has reached cooperation with many projects such as Scroll, zk P2P, Inference, Kinetex, etc., covering various types of projects such as ZK Rollup, ZKML, application layer, etc. The proof systems it adopts include Halo 2, RapidSnark, Plonky2x and other systems. Therefore, Cysic's accelerated computing solution has high flexibility and versatility.
Cysic configures the supply and demand of computing power through a crypto-native decentralized approach. The supply side of ZK computing power has been upgraded from centralized, non-scalable hardware to a computing power network that supports access by all users, which also provides individual investors with the opportunity to participate in the market more deeply. On the demand side, ZK CaaS can provide greater flexibility and stability for ZK computing, and the decentralized market can more efficiently dispatch and match the supply and demand of computing power through smart contracts.
Therefore, ZK CaaS turns hardware acceleration into an "out-of-the-box" service and creates a scenario where everyone can perform ZK computing acceleration. It uses DePIN's decentralized hardware facility network to transform the ZK field and provide revenue for proprietary or idle computing power, making it possible for us to once again usher in the ZK + DePIN mining blue ocean.
Reference:
《ABCDE: Why did we invest in Cysic? 》**, Siyuan Han
《New Paradigm in Designing ZK-ASICs, the zkVM way》**, Cysic
《ZK Hardware Acceleration: The Past, the Present and the Future》 ,Luke Pearson & Cysic 团队