*Original - Odaily*

*Author-husband how*

During the 2024 Hong Kong Web3 Carnival, Ethereum co-founder Vitalik Buterin delivered a speech Reaching the Limits of Protocol Design. In this speech, Vitalik explains how to improve the efficiency of zk-snark.

In his speech, Vitalik pointed out that the current development of blockchain is based on the sacrifice of privacy and scalability, and the properties of zk-snark can remedy the sacrifice of privacy and scalability. However, the efficiency of zk-snark is currently low. In Ethereum, the time it takes for an Ethereum node to verify a block is about 400 milliseconds, while the time it takes for zk-snark to verify an Ethereum block is about 20 minutes, which causes the network to While providing privacy and scalability, the runtime is 3000 times longer. Therefore, if you want to run zk-snark into the existing blockchain network, you need to provide a real-time proof. If the proof generation time is reduced, privacy and scalability can be improved while ensuring the blockchain running speed. sex.

What method can achieve real-time proof? To this end, Odaily will analyze the ideas provided by Vitalik in his speech and give a brief introduction to the corresponding projects.

## zk-snark implements three directions of “real-time proof”

Before that, let’s learn about zk-snark. The full name of zk-snark is concise non-interactive zero-knowledge proof. For a better understanding, we will explain it separately:

Zero-knowledge proof: The prover (Prover) can convince the verifier (Verifier) that a certain assertion is correct without providing any useful information to the verifier (Verifier).

Simple: means that the transaction verification process does not involve large amounts of data transmission and the verification algorithm is simple.

Non-interactive: No interaction between prover and verifier is required.

The following is the operation flow chart of zk-snark. A simple interpretation of zk-snark from the picture:

Using Setup, use random numbers to generate confidence parameters F, generate proof keys pk and verification keys v

The prover inputs the private input W and the public input x, generates the proof π, and signs it with the private key pk. π is encrypted via elliptic curve, hiding W

Verifier verifies the proof: The verifier holds v, inputs x and π, and confirms that the prover knows W. The verifier cannot know W

Result return: TRUE if verification is successful; otherwise, FALSE is returned.

Through the above introduction to the zk-snark related process of Zcash, it is not difficult to find that zk-snark does not take many steps when verifying the proof. At the same time, according to the characteristics of zk-snark, the verification does not take much time. According to the corresponding zk-snark related statistics, the verification and proof time generally does not exceed 80 milliseconds. The reason why zk-snark becomes an obstacle to the operation of the public chain is the proof provided by the prover.

The above picture is a summary of the currently more mainstream zk-snark related technologies. It is not difficult to find from it that the size of the proof, the proof generation time, and the verification time are the standards for measuring the zk-snark technology. Regardless of the verification time, most zk-snark proofs are inconsistent with the standards Vitalik used Ethereum as an example at the beginning of this article in terms of proof size and generation time. It is worth noting that most of the above technologies The public chain where it is located does not have the function of smart contracts, and it cannot be compared with the block size of Ethereum. The required proof size and proof generation time are higher.

To this end, Vitalik provided three solution optimization directions for the implementation of zk-snark real-time proof in this speech.

Parallelization and aggregation: Improve the efficiency of verifying large blocks through parallel computation and proof aggregation. Each calculation step can be independently proven, and then these proofs are aggregated to reduce calculation time and resource consumption during the verification process. This can be achieved by leveraging the characteristics of parallel computing and distributed systems to speed up the verification process of large-scale blocks.

Hardware design improvements: Design an ASIC specifically for SNARK calculations to improve calculation efficiency. Similar to ASICs used in mining, SNARK ASICs can accelerate the SNARK calculation process through customized hardware structures and optimized algorithms, thereby achieving faster verification speeds and lower costs.

Algorithm improvement: further optimize the snark algorithm, including Groth 16, lookup table, 64-bit snark, 32-bit stark, etc., to improve the efficiency and scalability of the algorithm. In addition, more efficient hash functions and signature algorithms can be researched and developed to make them more suitable for snark calculations and further improve verification speed and resource utilization.

Vitalik advocates the first solution direction - parallel computing and proof aggregation, which requires optimizing the relevant public chains and zk-snark operation processes, such as the recursive properties of the Plonk algorithm in the previous zk-snark algorithm. However, parallel computing and proof aggregation are currently not available. There is no better solution to solve the corresponding problem.

As for algorithm improvements, currently in the field of zk-snark, from a performance perspective, the mainstream is still the Groth 16 algorithm. The subsequent zk-snark algorithms are mostly to solve the problem of trusted settings, and there is no improvement in running speed and proof generation time. There is much progress, and in the zk-snark algorithm, the trust setting is about simple, the faster it runs, but the worse the security. For this reason, on the premise of security, zk-snark needs to continue to be built to increase its speed.

The above two solution directions are mainly supported by theory, which will take a long time to achieve a breakthrough. So aside from theory, can real-time proof be quickly achieved through other methods? Hardware design improvements may be the best shortcut to achieving your goals.

## ZK hardware acceleration may enable real-time proof as soon as possible

From the previous content about zk-snark performance, it is not difficult to find that the real limitation of zk-snark performance lies in the generation of proofs, where the proof size and circuit scale determine the proof generation time. At present, most projects are becoming more and more complex, their proof size and circuit scale are also constantly increasing, and the computing power to generate proofs is also increasing. For this reason, the ZK hardware acceleration project came into being.

ZK hardware acceleration mainly provides computing power support for polynomial type NTT tasks and elliptic curve MSM tasks in proof generation. Mainly, the running logic of these two tasks is simple, most of the calculation logic is repeated, and parallel calculations can be performed.

ZK hardware is not much different from mining hardware, there are still three types: GPU, FPGA and ASIC. However, the GPU/FPGA solution is currently more common in the ZK hardware acceleration field. This solution is easier to implement and related accessories are easier to obtain. However, compared to the first two, ASIC has greater potential and is also one of the current growth points in the ZK hardware acceleration field.

Currently, the ZK hardware acceleration project uses two methods to provide computing power services for related ZK projects, including hardware sales and SaaS computing power services. Hardware sales, as the name suggests, sells mining machines just like Bitmain; SaaS computing power services are more like providing a computing power market, where ZK projects can purchase computing power in the market to help projects generate ZK proofs.

At present, the field of ZK hardware acceleration is relatively niche. If Vitalik had not mentioned it in his speech, most people would not know what projects exist. For this reason, Odaily organizes the projects in this sector. There are few projects in this sector, among whichCysic、Ingopedia、Supranational、Ulvantannaas well asAuradineIt is currently a relatively well-known project.

Among them, Cysic currently attracts a lot of attention, and its FPGA/ASIC hardware acceleration is outstanding in computing power performance. It also has a computing power market to provide customers with computing power support services; Auradine is more comprehensive, and its main promotion is Bitcoin mining machines. It also provides corresponding ZK computing power hardware, but ZK hardware is not its main product; Ulvantanna mainly uses FPGA clusters to provide computing power support for the ZK project. It is worth mentioning that Paradigm, a well-known Web3 capital, is its investor; the Supranational project is rather unique. The updates on Twitter and the official website were as of May last year, and it is uncertain whether they are currently running; Ingopedia provides two hardware acceleration services based on GPU and FPGA.