Forum
OPRR
Finance
Specials
On-chain Eco
Entry
Podcasts
Activities
ABCDE: Why did we invest in ZK hardware acceleration project Cysic?
Original source: ABCDE Capital
Cysic is an industry-leading ZK hardware acceleration program dedicated to designing advanced ASIC chips to help reduce ZK proof generation times. Cysic has set up a first-class hardware design and development team, and has completed the design work of POC based on FPGA. The POC results demonstrate that Cysic's ZK hardware acceleration capability is already leading the industry.
ABCDE invested in Cysic in Seed round, and Polychain and A& were also investors in this round. T, Hashkey and Web3.com Venture.
1. Why do we need ZK hardware acceleration
ZK Proof Generation is one of the most important steps in the ZK project. Unfortunately, under existing ZK proof systems, generating ZK proofs usually requires a lot of computation. As the complexity of the project increases and the size of the ZK circuit increases, the amount of computation required for the generation of ZK proof will increase exponentially. For example, if a large zkEVM/zkVM project, such as Scroll and zkSync, uses the CPU to generate the ZK proof, the calculation may take several hours or even days. In real business, most projects need to limit the generation of ZK proofs to seconds and minutes. A few hours or more of computing time is unacceptable for most ZK projects, especially for expansion projects such as zkEVM or zkVM.
In addition, the computational complexity generated by ZK proof is unlikely to be reduced from the theoretical level within the time window of about 2 years before the official launch of ZK project in the future. Therefore, in order to ensure the availability of the project, before the official launch of the project, the ZK project side must adopt the technical solution of "accelerating the generation of ZK certificates" to accelerate the generation of ZK certificates to the level of seconds or minutes. The method of accelerating ZK proof-generation through high performance hardware is currently preferred.
What does the hardware speed up?
The main time-consuming calculations in the generation of ZK proofs can be divided into two types,
1. NTT (Number Theoretic Transform) calculation and based on polynomial;
2. Calculate an MSM (Multi-Scalar Multiplication) by Scalar Multiplication: show the figure below [1].
Generally speaking, in a calculation generated by a ZK proof, NTT type of computing tasks account for about all the computing tasks. 25% MSM type of computing tasks account for about 60 -- 70 %. Left and right [2].
Fortunately, two types of computing tasks exist:
1. The logic is relatively simple,
2. Repeating the same computational logic a lot,
3. Parallel characteristics (similar to Bitcoin Mining computation).
Therefore, it is theoretically feasible to use high performance hardware to accelerate these two types of computation.
As shown in the figure below, we can see that the NTT calculation (upper left) and the MSM calculation (right) are lightly coupled in the workflow generated by the ZK proof. Therefore, the ZK project side can choose according to the actual demand: 1. Separate acceleration NTT calculation or 2. Accelerated MSM calculation alone, or 3. Overall acceleration NTT and MSM, three schemes.
Note 1: The image above is from Scroll co-founder Zhang Ye's thesis: PipeZK: Accelerating Zero-Knowledge Proof with a Pipelined Architecture. This is one of the earliest papers in the industry looking at zk hardware acceleration.
Note 2: In some literatures/articles, it is claimed that FFT (Fast Fourier Transform) and MSM take the most time to generate ZK proofs. Although the principles of FFT and NTT are similar, most cryptographic calculations involved in ZK are performed on Finite Field, so the actual calculation is NTT. Therefore, the NTT used in most academic articles shall prevail [1][2][3].
What hardware is used for acceleration?
Similar to the mining solution, the current ZK hardware acceleration solution is mainly implemented through the following three hardware:
, & have spent GPU
, & have spent FPGA
, & have spent ASIC
At present, there are mainly two kinds of hardware acceleration schemes available on the market: GPU and FPGA. Acceleration schemes using GPU/FPGA are relatively easy to implement. Therefore, in order to seize the market faster, most manufacturers will first implement GPU/FPGA solutions. Due to the high cost of GPU and FPGA hardware, the power consumption is relatively high, and the absolute performance is limited. Therefore, ASIC solution is an important part of ZK hardware acceleration ecosystem.
How does hardware acceleration serve the ZK project
ZK hardware acceleration providers can provide ZK proof generation acceleration services in two ways:
1. Through the SaaS API.
2. Provide acceleration service by selling hardware (complete machine/chip) (similar to selling mining machine).
As we mentioned above, NTT and MSM calculations are lightly coupled during the generation of ZK proofs. Therefore, depending on the granularity of the service, the hardware acceleration service provider can provide the following three granularity of service.
1. Dedicated NTT acceleration (dedicated NTT acceleration API/ hardware device)
2. Dedicated MSM Acceleration (Dedicated MSM acceleration API/ hardware device)
3. Integrated acceleration program to accelerate both NTT and MSM
Hardware acceleration provider differences
NTT and MSM computing problems have been studied extensively for many years. It is difficult for major manufacturers to achieve a breakthrough in the theoretical level of computing in a short time. Therefore, the technical differences between different manufacturers are more about the ability to implement engineering, the ability to control the details of the algorithm, the choice of technology stack (hardware), the cost control of hardware production, and the ability to design products. When choosing an accelerator vendor, customers will focus on the following three factors:
1. Hardware/service performance, vendor computing time for the same computing task.
2. Hardware acceleration cost, the same computing task, the vendor's computing cost.
3. API/ device ease of use.
2. Why do we invest in Cysic
Cysic was founded in late August 2022 by Leo Fan and Bowen Huang. Cysic's primary goal is to provide hardware acceleration services for the ZK proof-generation process for ZK projects. California and mainland China. The background of the founding members is mainly from the Top20 university of computer Science PhD and the Chinese Academy of Sciences Institute of computing chip design team. At present, the project has realized the POC verification of MSM calculation based on FPGA, and the project code is SolarMSM. In this phase, SolarMSM will provide services externally through SaaS. Currently, Cysic has reached cooperation intention with several leading ZK project parties, and will provide testing services for them in the near future. According to the evidence of several industry authorities, SolarMSM is in the Top Tier of the industry in accelerated MSM computing performance.
Introduction of the founding team
The two founders have strong technical backgrounds, and are respectively experts in cryptography and hardware design. Dr. Leo graduated from Cornell University, where he studied with an internationally renowned professor of cryptographyElaine Shi. Leo worked as a cryptography researcher at Algorand before joining Rutgers as an assistant professor.
Bowen Huang, the other founder, before founding Cysic, worked at the Institute of Computing Technology of Chinese Academy of Sciences for 6 years, and went to Yale University to study for a PhD. Before that, he participated in the chip research and development work of several other well-known large technology companies, and had a number of patents and design landing.
POC result
Currently, Cysic has implemented the POC design work of the MSM acceleration solution based on Celinth's public FPGA, code-named SolarMSM. In POC verification, SolarMSM can accelerate to less than one second for a 2³ MSM computing task [2]. This is by far the strongest open data result in the industry, and an order of magnitude better than the ZPrize winners.
The fast implementation of SolarMSM proves that:
1. Cysic team's efficient R&D strength and technical capability. It can design and implement performance 1-2 orders of magnitude higher than the ZPrize winner in a short period of time, showing overwhelming speed advantage.
2. Cysic team's robust supply chain integration management capabilities. In the case of parallel customized design of PCB, heat dissipation, power supply, PCIE connectors and chassis structure, it can still be quickly delivered within 2-3 months, which is basically 2-3 times the speed of the industry standard.
At the same time, this phase of the POC is also an internal validation of Cysic hardware design/development work. ASIC chip error correction cost is higher than FPGA scheme. SolarMSM's full real-world verification in high bandwidth, high power consumption, and high interconnection level can greatly reduce the risk of future ASIC chip errors.
Technology roadmap
Cysic plans to offer a full suite of ASIC hardware acceleration solutions, including NTT and MSM computing. At present, the project side adopts a two-stage research and development strategy.
Phase 1: FPGA-based POC
In the first phase of the project, the POC version of MSM and NTT acceleration was implemented based on Celinth's public FPGA : SolarMSM. At present, the MSM calculation acceleration module has been completed, and the MSM calculation of 2³ scale can be completed in less than one second, which is the highest performance among all the published FPGA-MSM hardware acceleration results at present, more than 1-2 orders of magnitude ahead of the competition. If nothing else, SolarMSM will hold the record for MSM hardware acceleration until ASIC chips are introduced. Cysic has entered into partnerships with several leading ZK projects to provide MSM acceleration services for these projects first.
In the next few months, Cysic plans to complete SolarNTT, an NTT computing acceleration module based on SolarMSM. SolarNTT and SolarMSM will be deployed on the same server, based on the same set of large-scale FPGA interconnection system for accelerated computing. These two implementations bring together the high-speed interconnecting architecture designed by Cysic into an all-in-one acceleration solution, SolarZKP. SolarZKP will provide API services externally through SaaS.
Phase 2:12nm ASIC
After the POC phase, Cysic will begin the 12nm ASIC development phase. The goal is to achieve the computing power of a single ASIC chip to achieve the performance of the entire SolarZKP (supporting MSM and NTT calculations and other core functions specified by the project side), while reducing the power consumption of a single chip to two orders of magnitude.
3. Market analysis
How will customers choose hardware acceleration
In actual production, different ZK customers will have different requirements for hardware acceleration, depending on how sensitive the ZK project is to proof generation time. For example:
, & have spent For the Layer-2 project based on zkEVM/zkVM, their core requirement is: fast and stable generation of ZK proofs. So they are more likely to choose faster, more stable integration acceleration.
, & have spent For some ZK projects that are not sensitive to the generation time of ZK Proof, they do not need to generate proof as quickly as possible, such as the property proof of the exchange. In this scenario, customers have the flexibility to choose for example MSM computing acceleration alone, or they can combine MSM computing and NTT computing from different service providers in an acceptable time to choose the best price.
We see the future of the market combining different hardware acceleration vendor solutions to select tools that help customers generate optimal solutions.
4. Project risk
Currently, there are several companies competing in the ZK hardware acceleration circuit. For the ZK hardware acceleration project based on ASIC, there are project development delay risks and market risks.
Project development delay risk
ZK project side and ZK hardware acceleration manufacturer is a mutual cooperation, mutual achievement relationship. As the ZK project side, it will first choose the first available hardware acceleration scheme to seize the market share of the ZK project itself. One of the most important considerations for zkEVM/zkVM projects is the ability to reliably provide L2 block proof. As a result, some ZK projects have long term agreements with hardware acceleration vendors early on. If the project is developed too slowly, it may lose some market share early on. At the same time, ASIC streaming film has the risk of failure. Due to the limitation of the chip manufacturer's capacity, the project will be forced to re-schedule the flow sheet due to the failure of the flow sheet, resulting in the project delay.
Market risk
ZK project side can be divided into privacy class, and expansion class two. For privacy projects, the use of hardware acceleration may reduce the risk of by-pass attack to some extent, but in consideration of privacy issues, privacy projects will be more cautious to choose ZK hardware acceleration solution, such as choosing to purchase hardware directly rather than through SaaS services.
5. Competitive item
Competition at the top of the project
Currently, there are three serious competitors in the industry: Supranational, Ulvantanna, and Auradine.
Supranational
Supranational has been on the GPU-accelerated ZK circuit since 2019 and has recently been involved in the FPGA/ASIC space. Supranational already has a very mature open source GPU-based acceleration solution with industry-leading performance. We also expect Supranational to have a suite of commercially available closed-source solutions that perform better. Supranational entered the market early, had certain industry resources and good cash flow.
Ulvantanna
The founding team from Jump crypto, funded by paradigm and bain crypto, is nothing to sneeze at.
Auradine
The founding team is Senior, has rich experience in entrepreneurship, and has the platform of top manufacturers and capital.
Other hardware acceleration teams
Other teams, such as Ingonyama, Snarkify, and Accseal, entered the race ahead of them, but are currently lagging behind SolarMSM on public data.
ZK project internal hardware acceleration team
Currently, in addition to dedicated hardware acceleration teams, many ZK project parties are also exploring hardware acceleration solutions internally, such as zkSync and Scroll.
zkSync
zkSync chooses a GPU/FPGA acceleration solution. According to the results published on ZPrice, zkSync's GPU solution takes 2.528 seconds to compute an input size of 2² MSM. This performance is less than one-tenth that of the Cysic SolarMSM solution (2³ MSM takes less than 1 second to compute).
Scroll
Scroll carries out the acceleration research based on GPU internally. At the same time, Scroll and some academic institutions are cooperating to explore better solutions, and their latest academic research results were published in the ASPLOS 2023 conference, the top conference in the field of computer architecture [3]. As the head of the zkEVM project, it is worth looking forward to and tracking their subsequent progress.
Original link
Welcome to join the official BlockBeats community:
Telegram Subscription Group: https://t.me/theblockbeats
Telegram Discussion Group: https://t.me/BlockBeats_App
Official Twitter Account: https://twitter.com/BlockBeatsAsia
