Original | Odaily Planet Daily
Author | How is the husband
During the 2024 Hong Kong Web3 Carnival, Vitalik Buterin, the co-founder of Ethereum, delivered a speech titled "Reaching the Limits of Protocol Design." In this speech, Vitalik elaborated on how to improve the efficiency of zk-snark.
In the speech, Vitalik pointed out that the current development of blockchain is based on the premise of sacrificing privacy and scalability. The properties of zk-snark can remedy the sacrificed privacy and scalability. However, the current efficiency of zk-snark is low. In Ethereum, the time required for an Ethereum node to verify a block is about 400 milliseconds, while the time required for zk-snark to verify an Ethereum block is about 20 minutes. This results in a 3000-fold increase in the running time of the network, despite having privacy and scalability. Therefore, in order to run zk-snark on the existing blockchain network, a "real-time proof" needs to be provided. If the proof generation time is reduced, it can ensure the speed of the blockchain while also enhancing privacy and scalability.
What methods can achieve "real-time proof"? Therefore, Odaily Planet Daily will analyze and briefly introduce the projects of the corresponding solutions based on the ideas provided by Vitalik in the speech.
Three directions for zk-snark to achieve "real-time proof"
Before that, let's popularize zk-snark. Zk-snark stands for Zero-Knowledge Succinct Non-Interactive Argument of Knowledge. For a better understanding, let's explain it separately:
Zero-Knowledge Proof: The prover can make the verifier believe that a certain assertion is correct without providing any useful information to the verifier.
Succinct: The transaction verification process does not involve a large amount of data transmission, and the verification algorithm is simple.
Non-Interactive: There is no need for interaction between the prover and the verifier.
The following is the operation flow chart of zk-snark. Let's briefly explain zk-snark from the chart:
Use Setup to generate the confidence parameter F using random numbers, and generate the proof key pk and verification key v.
The prover inputs the private input W and the public input x, generates the proof π, and signs it with the private key pk. π is encrypted through elliptic curve encryption, hiding W.
The verifier verifies the proof: The verifier holds v, inputs x and π, and confirms that the prover knows W. The verifier cannot know W.
Return the result: If the verification is successful, return TRUE; otherwise, return FALSE.
From the above introduction of the zk-snark process related to Zcash, it is not difficult to find that there are not many steps in the verification process of zk-snark, and according to the characteristics of zk-snark, the time consumed for verification is not much. According to the relevant statistics of zk-snark, the verification time generally does not exceed 80 milliseconds. Therefore, the obstacle to zk-snark becoming a public chain lies in the proof provided by the prover.
The above figure summarizes the current mainstream zk-snark related technologies. It is not difficult to find that the size of the proof, the proof generation time, and the verification time are the standards for measuring zk-snark technology. Leaving aside the verification time, most zk-snark proofs, regardless of the size of the proof and the generation time, do not meet the standards mentioned by Vitalik in the beginning of this article using Ethereum as an example. It is worth noting that most of the technologies mentioned above are not on public chains with smart contract functionality, and cannot be compared with the Ethereum block size. The required proof size and proof generation time are higher.
Therefore, in this speech, Vitalik provided three optimization directions for the realization of "real-time proof" of zk-snark.
Parallelization and aggregation: Improve the efficiency of verifying large blocks through parallel computation and proof aggregation. Each computation step can be independently proven, and then these proofs can be aggregated to reduce the calculation time and resource consumption during verification. This can be achieved by utilizing the characteristics of parallel computation and distributed systems to accelerate the verification process of large-scale blocks.
Hardware design improvement: Design ASIC specifically for SNARK calculation to improve calculation efficiency. Similar to the ASIC used in mining, SNARK ASIC can accelerate the SNARK calculation process through customized hardware structure and optimized algorithms, thereby achieving faster verification speed and lower costs.
Algorithm improvement: Further optimize snark algorithms, including Groth16, lookup tables, 64-bit snark, 32-bit stark, etc., to improve the efficiency and scalability of the algorithm. In addition, research and development of more efficient hash functions and signature algorithms can be conducted to make them more suitable for snark calculation, further improving verification speed and resource utilization.
Vitalik advocates the first solution direction—parallel computation and proof aggregation, which requires optimization of the operation process of the relevant public chains and zk-snark. For example, the recursive properties of the Plonk algorithm in the previous zk-snark algorithm, but there is currently no better solution to solve the corresponding problem through parallel computation and proof aggregation.
As for algorithm improvement, currently in the field of zk-snark, in terms of performance, Groth16 algorithm is still mainstream. The subsequent zk-snark algorithms are mostly for solving trusted setup problems, and there has been no further progress in terms of running speed and proof generation time. In addition, in zk-snark algorithms, the simpler the trusted setup, the faster the running speed, but the security is also worse. Therefore, in order to improve the speed of zk-snark while ensuring security, continuous construction is needed.
The above two solution directions are mainly supported by theory, which will take a long time to make breakthroughs. So, aside from theory, can "real-time proof" be quickly achieved through other means? Hardware design improvement may be the best shortcut to achieve this goal.
ZK hardware acceleration may achieve "real-time proof" as soon as possible
From the previous content about the performance of zk-snark, it is not difficult to find that the real limitation of zk-snark performance lies in the generation of proofs, where the proof size and circuit scale determine the proof generation time. Currently, the complexity of most projects is increasing, and their proof size and circuit scale are constantly increasing, and the computing power for generating proofs is also increasing. Therefore, the ZK hardware acceleration project has emerged.
ZK hardware acceleration mainly provides computing power support for the polynomial type NTT task and elliptic curve MSM task in proof generation. The operation logic of these two tasks is simple, and most of the computing logic is repetitive and can be parallelized.
ZK hardware is not much different from mining hardware, still including GPU, FPGA, and ASIC. However, the GPU/FPGA solution is currently more common in the ZK hardware acceleration field, as this solution is easier to implement and the related components are easier to obtain. Compared to the former two, ASIC has greater potential and is also one of the current growth points in the ZK hardware acceleration field.
Currently, ZK hardware acceleration projects provide computing power services for related ZK projects in two ways, including hardware sales and SaaS computing power services. As the name suggests, hardware sales are similar to selling mining machines like Bitmain; SaaS computing power services are more like providing a computing power market, where ZK projects can purchase computing power on the market to help generate ZK proofs.
Currently, the ZK hardware acceleration field is relatively niche. If it weren't for Vitalik's mention in the speech, most people probably wouldn't be aware of the existing projects in this area. Therefore, Odaily Planet Daily has compiled a list of projects in this sector. There are few projects in this sector, including Cysic, Ingopedia, Supranational, Ulvantanna, and Auradine, which are currently the more well-known projects.
Among them, Cysic has a relatively high level of attention. It has launched FPGA/ASIC hardware acceleration with outstanding computing power performance, and also provides computing power support services in the computing power market for customers. Auradine is more comprehensive, with its main focus on Bitcoin mining machines, while also providing corresponding ZK computing power hardware, although ZK hardware is not its main product. Ulvantanna focuses on providing computing power support for ZK projects using FPGA clusters. It is worth mentioning that the well-known Web3 capital Paradigm is one of its investors. The Supranational project is quite unique, with updates on Twitter and the official website last seen in May of last year, so it is uncertain whether it is currently operational. Ingopedia provides hardware acceleration services based on both GPU and FPGA.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
