Have you ever considered the possibility of Proof of Work (PoW) making a comeback on Ethereum? With Cysic, it seems more possible than ever.
Last May, Vitalik Buterin stated in Montenegro that “in the next 10 years, zk-SNARKs, built on ZK technology, will be as important as blockchain itself,” marking Ethereum’s commitment to ZK. A year later, Vitalik made a surprise appearance in Hong Kong, reiterating that ZK is the future of Ethereum and highlighting hardware acceleration as the key to overcoming the limitations of zk-SNARKs.
The conversation around ZKP acceleration has been longstanding, with both the academic and industrial sectors exploring ways to optimize ZK algorithms for speed. However, it wasn’t until 2022 that hardware acceleration caught public attention as an alternative solution. That year could be considered the inaugural year for ZKP hardware acceleration, with the launch of ZPrize by Aleo, the highest quality and most technically profound hardware-accelerated ZKP technology competition in the field of zero-knowledge cryptography. Publications from Paradigm on “Hardware acceleration of ZKP“ and IOSG’s “Why we’re bullish on zero-knowledge proof hardware acceleration“ followed. Some have dismissed the idea with the phrase “if the algorithm doesn’t cut it, hardware will,” expressing skepticism towards hardware acceleration. Yet, as ZPrizes pointed out:
Despite significant advancements in software and algorithms in recent years, hardware acceleration has remained a path less traveled in zero-knowledge cryptography. Many forget that modern cryptographic techniques only became practically valuable after being natively implemented in CPUs. Hardware acceleration isn’t limited to ASICs—it also encompasses new methods for optimizing GPUs, CPUs, FPGAs, and mobile devices to generate zero-knowledge proofs faster.
The necessity of ZKP hardware acceleration became widely acknowledged in 2023 with Aleo’s introduction of PoSW, which introduced economic incentives for MSM and NTT computations. Today’s story, however, isn’t about Aleo but about Cysic, which aims to provide a comprehensive solution for real-time ZK proof generation using GPUs, FPGAs, and ASICs. They are set to launch two ZK DePIN devices, ZK Air and ZK Pro, and will soon start pre-sales for mining machines. Cysic aims to fulfill the computational needs across all ZK scenarios, not just as a B2B service provider but by building a DePIN network that opens up B2B services to C-end users with varying computational powers. In other words, anyone can join the Cysic network, and the more participants there are, the higher the computational power and the faster the ZK proofs. Eventually, ZK will become omnipresent and integrated into everyday life.
This narrative is captivatingly ambitious, making the once-distant dream of ZKP hardware acceleration seem within reach for the average person! Today, Foresight News delves into ZKP hardware acceleration, the features of Cysic and its hardware products, and the infrastructure of the DePIN network to see what Cysic aims to achieve and how significant its market potential could be.
Cysic, established in August 2022, operates as a real-time Zero-Knowledge Proof (ZKP) generation and verification layer, offering Zero-Knowledge Computing as a Service (ZK-CaaS) powered by its proprietary ASIC, FPGA, and GPU chips. In February 2023, Cysic secured $6 million in seed funding, led by Polychain Capital with contributions from HashKey, SNZ Holding, ABCDE, A&T Capital, and the Web3.com Foundation. By October of the same year, Cysic had earned the top prize in the ZPrize “Beat the Best (FPGA/GPU)” competition with its FPGA technology.
The founding team of Cysic boasts an impressive background and strong capabilities. Co-founder Leo Fan is responsible for the system architecture and cryptographic research at Cysic. After earning his master’s degree in computer science from the Chinese Academy of Sciences, he pursued a Ph.D. in computer science at Cornell University. During his academic career, he served as a researcher at prestigious institutions like IC3, Yahoo, Bell Labs, and IBM. Post-graduation, Leo joined Algorand to focus on cryptographic research and currently serves as an assistant professor in the computer science department at Rutgers University. Co-founder Bowen Huang, who left his Ph.D. program at Yale University to obtain a master’s degree, now leads chip and supply chain management at Cysic. Previously, he was a research engineer at the Institute of Computing Technology, Chinese Academy of Sciences. Recognizing the potential of ZK as the ultimate scaling solution for the blockchain industry and hardware acceleration as the inevitable technological path, they embarked on this venture before 2022.
Currently, the ZK field is dominated by two proof systems: zk-SNARKs and zk-STARKs. Projects like Zcash, Scroll, Taiko, Mina, Aztec, Manta, and Anoma utilize zk-SNARKs, while Starknet, StarkEx, and zkSync (which has transitioned to Boojum) employ zk-STARKs. Additionally, there are ZK projects such as the Ethereum historical data protocol Axiom and the ZK technology developer Nil Foundation. According to Cysic’s estimates, the market comprises over 50 leading ZK projects with a combined market value exceeding $100 billion, while the total valuation of the ZKP application track has surpassed $15 billion.
In the past two years, the ZK track has been criticized for the lengthy proof generation times and high resource demands. For instance, Scroll’s use of GPUs for ZK proof generation requires at least an hour and over 280GB of RAM. These issues not only hinder the widespread adoption of ZKP but also slow down Ethereum’s commercial progress. Although STARK proofs generate faster than SNARKs, both require hardware acceleration to boost proof speeds from hours to seconds. Without breaking through this bottleneck, the ZKP vision of synchronizing block production with Ethereum, as envisioned by Vitalik, remains unachievable.
Despite the Ethereum Foundation’s view of ZK as the future of scaling, ZK Rollups currently hold an unconvincing market share in the Ethereum L2 space. The top 5 L2s by TVL all use Optimism Rollup, with ZK Rollups accounting for only 8.5% of the market share. Starknet is the only ZK Rollup project valued over $1 billion, largely due to the foundation’s ecosystem incentives and airdrop expectations. Given the high valuation of the ZK track, if hardware acceleration can largely solve the current challenges, the market potential is substantial.
Cysic is setting its sights high with the ultimate goal of delivering a comprehensive GPU + ASIC hardware acceleration solution, targeting the computational needs across all ZK computation scenarios such as ZK Rollup, zkML, and ZK Bridge. As an interim step, over the past year, Cysic has developed its own FPGA acceleration hardware capable of supporting a variety of proof systems including Halo2, RapidSnark, Plonky2x. This move has not only showcased unprecedented versatility and flexibility but also opened up a vast universe of business opportunities.
Having discussed Cysic and the burgeoning field of ZKP hardware acceleration, it’s time to delve into what exactly this hardware aims to speed up. At its core, the objective is to hasten the computations involved in generating ZK proofs, essentially making it a contest of computing power. This is part of the reason behind my assertion that ZKP technology is reintroducing the concept of Proof of Work (PoW) to Ethereum. But looking closer, what specific computations are being accelerated by ZKP hardware? To shed light on this, let’s examine the zk-SNARKs proof system to understand the journey from arithmetization to the generation and verification of proofs.
First off, any user transactions on the blockchain are aggregated into off-chain Rollups. Thus, the nature and volume of these transactions directly influence the complexity of both the circuit design and the ZK proofs themselves.
Next comes the “arithmetization” phase, where transaction data is transformed into ZK circuits and subsequently into polynomial mathematical expressions. This process bears resemblance to the division between “front-end” and “back-end” in traditional software development. In the “front-end”, transaction data is structured into circuits using languages like R1CS and PLONK, converting them into a series of polynomials. This is akin to translating circuit diagrams into mathematical formulas, which then guide the construction and operation of the circuit. The more complex and numerous the transactions, the larger the circuit scale and the higher the polynomial degrees become.
With the groundwork laid by arithmetization, the next step is to develop the “back-end” - the ZK proof system itself, which is responsible for generating zero-knowledge proofs. The zk-SNARKs proof system, for instance, comprises two main components: PIOP and PCS. Prominent PIOPs include PLONK and GKR, while well-known PCSs (Polynomial Commitment Schemes) feature FRI and KZG. For example, combining PLONK with IPA can create the Zcash variant of the Halo2 proof system, PLONK with KZG can produce the PSE/Scroll version of Halo2, and PLONK with FRI leads to Plonky2. Present-day ZK proof systems predominantly utilize schemes like Halo2 and Groth 16, which are based on KZG.
Using the Groth16 protocol as an illustration, we can streamline the computation and represent it as a Circuit Satisfiability (C-SAT) problem using R1CS constraints. This C-SAT problem is then further distilled into a Quadratic Arithmetic Program (QAP) satisfiability problem, leading to the creation of public polynomials Ui(x), Vi(x), Wi(x), T(x), and a vector a. This vector a encompasses both public inputs and secrets (witnesses), adhering to the relationship depicted in the provided diagram. Solving the QAP satisfiability problem is straightforward when a is known, but deducing a from the public polynomials is a significant challenge. This challenge effectively shifts the proof of the computation process’s authenticity and completeness to demonstrating that the Prover holds the solution a(i), a crucial step in developing the ZKP’s backend framework.
The backend of the ZKP is structured into three primary phases: Setup, Prover, and Verifier. Each phase utilizes specific parameters. The process begins by feeding the arithmetized polynomials and a one-time secret random number R (introducing the concept of “trusted setup”) into the Setup phase. Following this setup, the Prover and Verifier can respectively generate and verify proofs using parameters Sp and Sv. Throughout this phase, the Prover calculates and crafts proofs using both public inputs and secrets, while the Verifier checks these proofs against the public inputs. Importantly, the Verifier remains unaware of the secrets involved.
During the proof generation phase by the Prover, extensive computation is needed. The question then arises: how can we speed up this computational process for generating proofs? This is precisely where the application of hardware becomes crucial. At present, leveraging hardware to enhance computational capacity represents the sole approach; naturally, greater computational power results in reduced processing time.
Each proof system encompasses distinct cryptographic operations that demand substantial computational effort. Within systems based on PLONK + KZG, the operations consuming the most time are Multi-Scalar Multiplication (MSM) and Number Theoretic Transform (NTT). For zk-STARK systems, the primary computational hurdles are NTT and Merkle Hash computations. MSM is concerned with calculations related to elliptic curves, whereas NTT is akin to a Fast Fourier Transform (FFT) but tailored for finite fields, serving as an optimized variant of FFT designed for polynomial-related computations. Almost all leading ZK protocols extensively utilize these two computational processes, which collectively constitute 80-95% of the time taken to generate proofs. Generally, MSM computations make up 60-70% of the total computational workload, with NTT contributing around 25%. However, these percentages can vary across different implementations. Depending on the distribution of computational tasks, it’s feasible to either target MSM or NTT for acceleration individually or to expedite both processes concurrently.
Viewing it from a broader perspective, the significant computational tasks essentially involve straightforward pipeline operations that merely require robust computational power. Given the deterministic nature of ZK proof computations, which necessitate repetitive calculations for generating proof outcomes, dedicated hardware tailored for specific functions offers clear advantages over software solutions. The complexity of computations could be substantially mitigated with the implementation of parallel processing. Interestingly, both MSM and NTT computations are well-suited for enhancement through high-performance hardware that facilitates parallel processing.
Cysic aims to pioneer in ZK ASIC acceleration, aspiring to deliver a comprehensive suite of ASIC hardware acceleration solutions that encompass MSM and NTT computations. As Leo Fan pointed out, “A considerable amount of testing and prototyping on FPGA is essential before progressing to ASIC development.”
In the last year, Cysic has successfully completed the initial phase of its Proof of Concept (POC) design, establishing FPGA-based accelerators for MSM, NTT, and Poseidon Merkle Tree computations, alongside a holistic end-to-end ZK hardware acceleration framework that spans the entire operational flow.
Cysic’s FPGA Prototype (Under Assembly)
Recent data reveals that Cysic’s SolarMSM is capable of executing MSM computations at the scale of 2³⁰ within 0.195 seconds, positioning it as the most efficient among all known FPGA-MSM hardware acceleration attempts to date. Similarly, SolarNTT achieves NTT computations of the same scale in 0.218 seconds. Moreover, Cysic’s FPGA acceleration technology is currently being utilized in Scroll’s ZK computations, managing to process MSM and NTT tasks of scale 2²² in approximately 1 millisecond (0.001 seconds).
Exploring the journey towards ASIC development requires a look at the comparative strengths of different types of acceleration hardware. The allure of hardware acceleration lies in its ability to cut down on power use, minimize delays, boost parallel processing capabilities, and enhance data throughput. This optimization enables a more efficient deployment of integrated circuit space and components. With CPUs falling out of favor due to their lengthy processing times and excessive power usage, the spotlight has turned to GPUs, FPGAs, and ASICs, each distinguished by their unique balance of flexibility and performance efficiency.
In the realm of ZK projects, GPUs have become the go-to for hardware acceleration, their widespread availability making them the interim solution pending the arrival of more specialized hardware. GPUs offer a cost-effective and adaptable option for ZK hardware acceleration developers, with tools like the CUDA SDK facilitating parallel processing tasks such as MSM. Yet, GPUs are not without their drawbacks, notably their dependency on the hardware environment, which can be restrictive when utilizing high-end models.
FPGAs present a different proposition, being programmable and reconfigurable to adapt to various algorithms based on the needs of specific systems or applications. This adaptability makes them particularly well-suited to computations like FFT and NTT. The development of FPGA hardware essentially transforms the process into a “software game,” where the collective power of multiple FPGAs can vastly surpass that of GPUs, all while being more cost-effective in terms of hardware expenditure and energy consumption. Despite these advantages, FPGAs carry higher initial costs and more complex supply chain demands compared to GPUs.
ASICs, on the other hand, are tailor-made to excel in specific tasks, their bespoke design marking them as the pinnacle of hardware acceleration solutions for ZK technology. This specialization comes with limitations, such as the inability to reprogram or multitask across different ZK algorithms. Despite these constraints, ASICs deliver unmatched performance and efficiency, albeit with longer production timelines and higher investment requirements. This makes ASIC development a high-stakes endeavor, promising unparalleled benefits for those able to navigate its complexities.
source:Amber Group
A closer look at the strategic choices reveals why Cysic opted to pioneer with FPGA acceleration hardware in its initial phase. Given the limitations of ASICs, including their lack of flexibility, steep costs, and prolonged development timelines, FPGAs emerge as the optimal choice for gaining a foothold in the market during this interim phase. Cysic’s FPGA technology is versatile enough to support various ZK proof systems, such as Halo2, RapidSnark, and Plonky2x, enabling it to handle the full spectrum of current mainstream ZK algorithms. This means FPGAs are capable of meeting the computational demands across all scenarios where ZK calculations are needed, from ZK Rollups to ZKML and ZK Bridges. Additionally, the process of generating ZK proofs is not only computationally intensive but also requires substantial memory resources. For instance, generating proofs for today’s Scroll zkEVM circuit necessitates at least 280 GB of RAM. In such cases, FPGAs offer the flexibility to scale memory capacity as needed.
Choosing to focus on FPGA development doesn’t imply that Cysic has abandoned GPUs and ASICs. On the contrary, Cysic is actively working on GPU-based acceleration solutions to offer a broader range of flexible services for accelerating ZK and AI computations. As part of this effort, Cysic has already established a GPU computing network that incorporates hundreds of thousands of advanced 3090/4090 GPUs, highlighting its commitment to leveraging diverse technologies to meet the evolving needs of ZK computations.
Cysic Graphics Cards and Server Rooms
Cysic’s internal benchmarks have revealed that their CUDA SDK outpaces the latest open-source frameworks by a significant margin, achieving speed improvements of 50%-80%. Leveraging this advanced GPU SDK, Cysic has been able to offer proof generation services to several leading ZK projects, showcasing their technical prowess. Concurrently, Cysic is making strides in ASIC development, with design and tape-out processes actively progressing, indicating their commitment to pushing the boundaries of computational hardware further.
At first glance, Cysic’s venture into ZKP acceleration hardware might seem straightforward. Yet, set against the backdrop of 2024, with the meteoric rise of Helium Mobile and the explosive growth of io.net, the advent of DePIN has broadened Cysic’s horizons significantly.
Cysic’s grand vision involves establishing a Prover Network powered by ZKP hardware acceleration. This ambitious project plans to not only incorporate Cysic’s proprietary hardware solutions, such as FPGA, GPU, and ASIC, into the Prover Network but also to empower community members to contribute a diverse array of computing resources. Through the creation of a decentralized computing network, Cysic aims to infuse the generation of ZK proofs with economic incentives and robust governance mechanisms.
In essence, Cysic’s Prover Network democratizes a service that was traditionally B2B, opening it up to individual users and serving as a pivotal connector among ZK projects, computing power suppliers, and community validators. This innovative approach is a first in the ZKP hardware acceleration arena. Previously, ZKP and the procurement of specialized acceleration hardware might have been daunting for the average user. The Cysic network, however, simplifies participation; users need only contribute their computing power to be part of the ZKP computing network. The vision is clear: as the network expands with more users and computing power, the efficiency of ZK proof generation will increase, bringing the dream of near-instantaneous “real-time proofs” closer to reality.
Post-Ethereum’s The Merge, a significant number of former PoW miners were left with underutilized GPUs, presenting a valuable opportunity for the Prover Network to tap into this existing resource. But what about those without the necessary hardware to join the DePIN network? Cysic has taken proactive steps to address this challenge, designing two innovative ZK DePIN chips/devices, the ZK Air and ZK Pro, slated for release in 2025. These developments are aimed at expanding the community base and scaling the market further, marking Cysic’s strategic move towards inclusivity and growth in the ZKP ecosystem.
As illustrated, the ZK Air device is designed to be as compact as a power bank or laptop charger, offering a portable solution for ZK DePIN tasks. This device boasts computing capabilities surpassing those of the highest-end consumer graphics cards, allowing users to connect it to laptops, iPads, or smartphones via a Type-C cable. Through the Prover Network, it facilitates acceleration for small-scale ZK proofs, rewarding users for their contributions. Additionally, ZK Air can generate ZK proofs directly on a local computer. Conversely, ZK Pro caters to business entities, optimized for extensive ZK initiatives like zkRollup and zkML, making ZK Air the go-to choice for most users due to its accessibility and utility.
The synergy between ZKP hardware acceleration and DePIN is evident. While io.net targets AI and ML with its decentralized GPU network, Cysic places its bets on ZK as the blockchain’s future. Its proprietary hardware is versatile enough to meet any ZK computational demands, supported by a ZK market worth over $15 billion, promising significant growth prospects.
Xiaofeng once remarked, “Blockchain’s essence is intertwined with DePIN, with Bitcoin’s hardware mining serving as DePIN’s rudimentary form.” ZKP hardware acceleration is reminiscent of Bitcoin’s PoW mechanism. However, the introduction of the Prover Network marks Cysic’s establishment of a dedicated ZKP computing network. Like PoW, ZKP mining within DePIN’s framework aims to be entirely permissionless. Unlike traditional PoW, where only the fastest miners are rewarded, leading to invalidated efforts for others, Cysic’s Prover Network ensures that all contributions are recognized and rewarded.
Users are invited to engage with Cysic’s early initiatives on Galxe, including earning badges, minting NFTs, and participating in the testnet scheduled for May to June this year. Cysic hints at rewarding early participants with exclusive NFT incentives, highlighting its commitment to community engagement and innovation in the ZKP space.
Have you ever considered the possibility of Proof of Work (PoW) making a comeback on Ethereum? With Cysic, it seems more possible than ever.
Last May, Vitalik Buterin stated in Montenegro that “in the next 10 years, zk-SNARKs, built on ZK technology, will be as important as blockchain itself,” marking Ethereum’s commitment to ZK. A year later, Vitalik made a surprise appearance in Hong Kong, reiterating that ZK is the future of Ethereum and highlighting hardware acceleration as the key to overcoming the limitations of zk-SNARKs.
The conversation around ZKP acceleration has been longstanding, with both the academic and industrial sectors exploring ways to optimize ZK algorithms for speed. However, it wasn’t until 2022 that hardware acceleration caught public attention as an alternative solution. That year could be considered the inaugural year for ZKP hardware acceleration, with the launch of ZPrize by Aleo, the highest quality and most technically profound hardware-accelerated ZKP technology competition in the field of zero-knowledge cryptography. Publications from Paradigm on “Hardware acceleration of ZKP“ and IOSG’s “Why we’re bullish on zero-knowledge proof hardware acceleration“ followed. Some have dismissed the idea with the phrase “if the algorithm doesn’t cut it, hardware will,” expressing skepticism towards hardware acceleration. Yet, as ZPrizes pointed out:
Despite significant advancements in software and algorithms in recent years, hardware acceleration has remained a path less traveled in zero-knowledge cryptography. Many forget that modern cryptographic techniques only became practically valuable after being natively implemented in CPUs. Hardware acceleration isn’t limited to ASICs—it also encompasses new methods for optimizing GPUs, CPUs, FPGAs, and mobile devices to generate zero-knowledge proofs faster.
The necessity of ZKP hardware acceleration became widely acknowledged in 2023 with Aleo’s introduction of PoSW, which introduced economic incentives for MSM and NTT computations. Today’s story, however, isn’t about Aleo but about Cysic, which aims to provide a comprehensive solution for real-time ZK proof generation using GPUs, FPGAs, and ASICs. They are set to launch two ZK DePIN devices, ZK Air and ZK Pro, and will soon start pre-sales for mining machines. Cysic aims to fulfill the computational needs across all ZK scenarios, not just as a B2B service provider but by building a DePIN network that opens up B2B services to C-end users with varying computational powers. In other words, anyone can join the Cysic network, and the more participants there are, the higher the computational power and the faster the ZK proofs. Eventually, ZK will become omnipresent and integrated into everyday life.
This narrative is captivatingly ambitious, making the once-distant dream of ZKP hardware acceleration seem within reach for the average person! Today, Foresight News delves into ZKP hardware acceleration, the features of Cysic and its hardware products, and the infrastructure of the DePIN network to see what Cysic aims to achieve and how significant its market potential could be.
Cysic, established in August 2022, operates as a real-time Zero-Knowledge Proof (ZKP) generation and verification layer, offering Zero-Knowledge Computing as a Service (ZK-CaaS) powered by its proprietary ASIC, FPGA, and GPU chips. In February 2023, Cysic secured $6 million in seed funding, led by Polychain Capital with contributions from HashKey, SNZ Holding, ABCDE, A&T Capital, and the Web3.com Foundation. By October of the same year, Cysic had earned the top prize in the ZPrize “Beat the Best (FPGA/GPU)” competition with its FPGA technology.
The founding team of Cysic boasts an impressive background and strong capabilities. Co-founder Leo Fan is responsible for the system architecture and cryptographic research at Cysic. After earning his master’s degree in computer science from the Chinese Academy of Sciences, he pursued a Ph.D. in computer science at Cornell University. During his academic career, he served as a researcher at prestigious institutions like IC3, Yahoo, Bell Labs, and IBM. Post-graduation, Leo joined Algorand to focus on cryptographic research and currently serves as an assistant professor in the computer science department at Rutgers University. Co-founder Bowen Huang, who left his Ph.D. program at Yale University to obtain a master’s degree, now leads chip and supply chain management at Cysic. Previously, he was a research engineer at the Institute of Computing Technology, Chinese Academy of Sciences. Recognizing the potential of ZK as the ultimate scaling solution for the blockchain industry and hardware acceleration as the inevitable technological path, they embarked on this venture before 2022.
Currently, the ZK field is dominated by two proof systems: zk-SNARKs and zk-STARKs. Projects like Zcash, Scroll, Taiko, Mina, Aztec, Manta, and Anoma utilize zk-SNARKs, while Starknet, StarkEx, and zkSync (which has transitioned to Boojum) employ zk-STARKs. Additionally, there are ZK projects such as the Ethereum historical data protocol Axiom and the ZK technology developer Nil Foundation. According to Cysic’s estimates, the market comprises over 50 leading ZK projects with a combined market value exceeding $100 billion, while the total valuation of the ZKP application track has surpassed $15 billion.
In the past two years, the ZK track has been criticized for the lengthy proof generation times and high resource demands. For instance, Scroll’s use of GPUs for ZK proof generation requires at least an hour and over 280GB of RAM. These issues not only hinder the widespread adoption of ZKP but also slow down Ethereum’s commercial progress. Although STARK proofs generate faster than SNARKs, both require hardware acceleration to boost proof speeds from hours to seconds. Without breaking through this bottleneck, the ZKP vision of synchronizing block production with Ethereum, as envisioned by Vitalik, remains unachievable.
Despite the Ethereum Foundation’s view of ZK as the future of scaling, ZK Rollups currently hold an unconvincing market share in the Ethereum L2 space. The top 5 L2s by TVL all use Optimism Rollup, with ZK Rollups accounting for only 8.5% of the market share. Starknet is the only ZK Rollup project valued over $1 billion, largely due to the foundation’s ecosystem incentives and airdrop expectations. Given the high valuation of the ZK track, if hardware acceleration can largely solve the current challenges, the market potential is substantial.
Cysic is setting its sights high with the ultimate goal of delivering a comprehensive GPU + ASIC hardware acceleration solution, targeting the computational needs across all ZK computation scenarios such as ZK Rollup, zkML, and ZK Bridge. As an interim step, over the past year, Cysic has developed its own FPGA acceleration hardware capable of supporting a variety of proof systems including Halo2, RapidSnark, Plonky2x. This move has not only showcased unprecedented versatility and flexibility but also opened up a vast universe of business opportunities.
Having discussed Cysic and the burgeoning field of ZKP hardware acceleration, it’s time to delve into what exactly this hardware aims to speed up. At its core, the objective is to hasten the computations involved in generating ZK proofs, essentially making it a contest of computing power. This is part of the reason behind my assertion that ZKP technology is reintroducing the concept of Proof of Work (PoW) to Ethereum. But looking closer, what specific computations are being accelerated by ZKP hardware? To shed light on this, let’s examine the zk-SNARKs proof system to understand the journey from arithmetization to the generation and verification of proofs.
First off, any user transactions on the blockchain are aggregated into off-chain Rollups. Thus, the nature and volume of these transactions directly influence the complexity of both the circuit design and the ZK proofs themselves.
Next comes the “arithmetization” phase, where transaction data is transformed into ZK circuits and subsequently into polynomial mathematical expressions. This process bears resemblance to the division between “front-end” and “back-end” in traditional software development. In the “front-end”, transaction data is structured into circuits using languages like R1CS and PLONK, converting them into a series of polynomials. This is akin to translating circuit diagrams into mathematical formulas, which then guide the construction and operation of the circuit. The more complex and numerous the transactions, the larger the circuit scale and the higher the polynomial degrees become.
With the groundwork laid by arithmetization, the next step is to develop the “back-end” - the ZK proof system itself, which is responsible for generating zero-knowledge proofs. The zk-SNARKs proof system, for instance, comprises two main components: PIOP and PCS. Prominent PIOPs include PLONK and GKR, while well-known PCSs (Polynomial Commitment Schemes) feature FRI and KZG. For example, combining PLONK with IPA can create the Zcash variant of the Halo2 proof system, PLONK with KZG can produce the PSE/Scroll version of Halo2, and PLONK with FRI leads to Plonky2. Present-day ZK proof systems predominantly utilize schemes like Halo2 and Groth 16, which are based on KZG.
Using the Groth16 protocol as an illustration, we can streamline the computation and represent it as a Circuit Satisfiability (C-SAT) problem using R1CS constraints. This C-SAT problem is then further distilled into a Quadratic Arithmetic Program (QAP) satisfiability problem, leading to the creation of public polynomials Ui(x), Vi(x), Wi(x), T(x), and a vector a. This vector a encompasses both public inputs and secrets (witnesses), adhering to the relationship depicted in the provided diagram. Solving the QAP satisfiability problem is straightforward when a is known, but deducing a from the public polynomials is a significant challenge. This challenge effectively shifts the proof of the computation process’s authenticity and completeness to demonstrating that the Prover holds the solution a(i), a crucial step in developing the ZKP’s backend framework.
The backend of the ZKP is structured into three primary phases: Setup, Prover, and Verifier. Each phase utilizes specific parameters. The process begins by feeding the arithmetized polynomials and a one-time secret random number R (introducing the concept of “trusted setup”) into the Setup phase. Following this setup, the Prover and Verifier can respectively generate and verify proofs using parameters Sp and Sv. Throughout this phase, the Prover calculates and crafts proofs using both public inputs and secrets, while the Verifier checks these proofs against the public inputs. Importantly, the Verifier remains unaware of the secrets involved.
During the proof generation phase by the Prover, extensive computation is needed. The question then arises: how can we speed up this computational process for generating proofs? This is precisely where the application of hardware becomes crucial. At present, leveraging hardware to enhance computational capacity represents the sole approach; naturally, greater computational power results in reduced processing time.
Each proof system encompasses distinct cryptographic operations that demand substantial computational effort. Within systems based on PLONK + KZG, the operations consuming the most time are Multi-Scalar Multiplication (MSM) and Number Theoretic Transform (NTT). For zk-STARK systems, the primary computational hurdles are NTT and Merkle Hash computations. MSM is concerned with calculations related to elliptic curves, whereas NTT is akin to a Fast Fourier Transform (FFT) but tailored for finite fields, serving as an optimized variant of FFT designed for polynomial-related computations. Almost all leading ZK protocols extensively utilize these two computational processes, which collectively constitute 80-95% of the time taken to generate proofs. Generally, MSM computations make up 60-70% of the total computational workload, with NTT contributing around 25%. However, these percentages can vary across different implementations. Depending on the distribution of computational tasks, it’s feasible to either target MSM or NTT for acceleration individually or to expedite both processes concurrently.
Viewing it from a broader perspective, the significant computational tasks essentially involve straightforward pipeline operations that merely require robust computational power. Given the deterministic nature of ZK proof computations, which necessitate repetitive calculations for generating proof outcomes, dedicated hardware tailored for specific functions offers clear advantages over software solutions. The complexity of computations could be substantially mitigated with the implementation of parallel processing. Interestingly, both MSM and NTT computations are well-suited for enhancement through high-performance hardware that facilitates parallel processing.
Cysic aims to pioneer in ZK ASIC acceleration, aspiring to deliver a comprehensive suite of ASIC hardware acceleration solutions that encompass MSM and NTT computations. As Leo Fan pointed out, “A considerable amount of testing and prototyping on FPGA is essential before progressing to ASIC development.”
In the last year, Cysic has successfully completed the initial phase of its Proof of Concept (POC) design, establishing FPGA-based accelerators for MSM, NTT, and Poseidon Merkle Tree computations, alongside a holistic end-to-end ZK hardware acceleration framework that spans the entire operational flow.
Cysic’s FPGA Prototype (Under Assembly)
Recent data reveals that Cysic’s SolarMSM is capable of executing MSM computations at the scale of 2³⁰ within 0.195 seconds, positioning it as the most efficient among all known FPGA-MSM hardware acceleration attempts to date. Similarly, SolarNTT achieves NTT computations of the same scale in 0.218 seconds. Moreover, Cysic’s FPGA acceleration technology is currently being utilized in Scroll’s ZK computations, managing to process MSM and NTT tasks of scale 2²² in approximately 1 millisecond (0.001 seconds).
Exploring the journey towards ASIC development requires a look at the comparative strengths of different types of acceleration hardware. The allure of hardware acceleration lies in its ability to cut down on power use, minimize delays, boost parallel processing capabilities, and enhance data throughput. This optimization enables a more efficient deployment of integrated circuit space and components. With CPUs falling out of favor due to their lengthy processing times and excessive power usage, the spotlight has turned to GPUs, FPGAs, and ASICs, each distinguished by their unique balance of flexibility and performance efficiency.
In the realm of ZK projects, GPUs have become the go-to for hardware acceleration, their widespread availability making them the interim solution pending the arrival of more specialized hardware. GPUs offer a cost-effective and adaptable option for ZK hardware acceleration developers, with tools like the CUDA SDK facilitating parallel processing tasks such as MSM. Yet, GPUs are not without their drawbacks, notably their dependency on the hardware environment, which can be restrictive when utilizing high-end models.
FPGAs present a different proposition, being programmable and reconfigurable to adapt to various algorithms based on the needs of specific systems or applications. This adaptability makes them particularly well-suited to computations like FFT and NTT. The development of FPGA hardware essentially transforms the process into a “software game,” where the collective power of multiple FPGAs can vastly surpass that of GPUs, all while being more cost-effective in terms of hardware expenditure and energy consumption. Despite these advantages, FPGAs carry higher initial costs and more complex supply chain demands compared to GPUs.
ASICs, on the other hand, are tailor-made to excel in specific tasks, their bespoke design marking them as the pinnacle of hardware acceleration solutions for ZK technology. This specialization comes with limitations, such as the inability to reprogram or multitask across different ZK algorithms. Despite these constraints, ASICs deliver unmatched performance and efficiency, albeit with longer production timelines and higher investment requirements. This makes ASIC development a high-stakes endeavor, promising unparalleled benefits for those able to navigate its complexities.
source:Amber Group
A closer look at the strategic choices reveals why Cysic opted to pioneer with FPGA acceleration hardware in its initial phase. Given the limitations of ASICs, including their lack of flexibility, steep costs, and prolonged development timelines, FPGAs emerge as the optimal choice for gaining a foothold in the market during this interim phase. Cysic’s FPGA technology is versatile enough to support various ZK proof systems, such as Halo2, RapidSnark, and Plonky2x, enabling it to handle the full spectrum of current mainstream ZK algorithms. This means FPGAs are capable of meeting the computational demands across all scenarios where ZK calculations are needed, from ZK Rollups to ZKML and ZK Bridges. Additionally, the process of generating ZK proofs is not only computationally intensive but also requires substantial memory resources. For instance, generating proofs for today’s Scroll zkEVM circuit necessitates at least 280 GB of RAM. In such cases, FPGAs offer the flexibility to scale memory capacity as needed.
Choosing to focus on FPGA development doesn’t imply that Cysic has abandoned GPUs and ASICs. On the contrary, Cysic is actively working on GPU-based acceleration solutions to offer a broader range of flexible services for accelerating ZK and AI computations. As part of this effort, Cysic has already established a GPU computing network that incorporates hundreds of thousands of advanced 3090/4090 GPUs, highlighting its commitment to leveraging diverse technologies to meet the evolving needs of ZK computations.
Cysic Graphics Cards and Server Rooms
Cysic’s internal benchmarks have revealed that their CUDA SDK outpaces the latest open-source frameworks by a significant margin, achieving speed improvements of 50%-80%. Leveraging this advanced GPU SDK, Cysic has been able to offer proof generation services to several leading ZK projects, showcasing their technical prowess. Concurrently, Cysic is making strides in ASIC development, with design and tape-out processes actively progressing, indicating their commitment to pushing the boundaries of computational hardware further.
At first glance, Cysic’s venture into ZKP acceleration hardware might seem straightforward. Yet, set against the backdrop of 2024, with the meteoric rise of Helium Mobile and the explosive growth of io.net, the advent of DePIN has broadened Cysic’s horizons significantly.
Cysic’s grand vision involves establishing a Prover Network powered by ZKP hardware acceleration. This ambitious project plans to not only incorporate Cysic’s proprietary hardware solutions, such as FPGA, GPU, and ASIC, into the Prover Network but also to empower community members to contribute a diverse array of computing resources. Through the creation of a decentralized computing network, Cysic aims to infuse the generation of ZK proofs with economic incentives and robust governance mechanisms.
In essence, Cysic’s Prover Network democratizes a service that was traditionally B2B, opening it up to individual users and serving as a pivotal connector among ZK projects, computing power suppliers, and community validators. This innovative approach is a first in the ZKP hardware acceleration arena. Previously, ZKP and the procurement of specialized acceleration hardware might have been daunting for the average user. The Cysic network, however, simplifies participation; users need only contribute their computing power to be part of the ZKP computing network. The vision is clear: as the network expands with more users and computing power, the efficiency of ZK proof generation will increase, bringing the dream of near-instantaneous “real-time proofs” closer to reality.
Post-Ethereum’s The Merge, a significant number of former PoW miners were left with underutilized GPUs, presenting a valuable opportunity for the Prover Network to tap into this existing resource. But what about those without the necessary hardware to join the DePIN network? Cysic has taken proactive steps to address this challenge, designing two innovative ZK DePIN chips/devices, the ZK Air and ZK Pro, slated for release in 2025. These developments are aimed at expanding the community base and scaling the market further, marking Cysic’s strategic move towards inclusivity and growth in the ZKP ecosystem.
As illustrated, the ZK Air device is designed to be as compact as a power bank or laptop charger, offering a portable solution for ZK DePIN tasks. This device boasts computing capabilities surpassing those of the highest-end consumer graphics cards, allowing users to connect it to laptops, iPads, or smartphones via a Type-C cable. Through the Prover Network, it facilitates acceleration for small-scale ZK proofs, rewarding users for their contributions. Additionally, ZK Air can generate ZK proofs directly on a local computer. Conversely, ZK Pro caters to business entities, optimized for extensive ZK initiatives like zkRollup and zkML, making ZK Air the go-to choice for most users due to its accessibility and utility.
The synergy between ZKP hardware acceleration and DePIN is evident. While io.net targets AI and ML with its decentralized GPU network, Cysic places its bets on ZK as the blockchain’s future. Its proprietary hardware is versatile enough to meet any ZK computational demands, supported by a ZK market worth over $15 billion, promising significant growth prospects.
Xiaofeng once remarked, “Blockchain’s essence is intertwined with DePIN, with Bitcoin’s hardware mining serving as DePIN’s rudimentary form.” ZKP hardware acceleration is reminiscent of Bitcoin’s PoW mechanism. However, the introduction of the Prover Network marks Cysic’s establishment of a dedicated ZKP computing network. Like PoW, ZKP mining within DePIN’s framework aims to be entirely permissionless. Unlike traditional PoW, where only the fastest miners are rewarded, leading to invalidated efforts for others, Cysic’s Prover Network ensures that all contributions are recognized and rewarded.
Users are invited to engage with Cysic’s early initiatives on Galxe, including earning badges, minting NFTs, and participating in the testnet scheduled for May to June this year. Cysic hints at rewarding early participants with exclusive NFT incentives, highlighting its commitment to community engagement and innovation in the ZKP space.