In this article, we introduce our ongoing work on zero-knowledge proof (ZKP)-specific hardware. At Cysic, we are developing a custom proof acceleration chip designed specifically for ZKP workloads. This chip leverages a non-traditional spatial architecture to maximize parallelism and boost throughput for polynomial computations. Furthermore, multiple chips can be interconnected at high speed to create a scalable multi-core system, significantly enhancing performance and memory capacity to support larger and more complex proof tasks. Introduction ZK is a cryptographic concept that allows one party (the prover) to prove to another party (the verifier) that a statement is true without revealing any additional information beyond the truth of the statement itself. This principle is fundamental in privacy-preserving technologies and secure authentication. In the past decade, we have witnessed significant developments in both theoretical and practical aspects of ZKP technology. One of the major obstacles in developing high-performance ZKP proving systems is the lack of portability of high-performance code. This lack of portability manifests in several ways: It prevents the rapid adoption of new designs from the cryptography community due to the high cost of rewriting a high-performance backend. It prevents existing proving systems from quickly adapting to different hardware, such as CPUs, GPUs (including Nvidia’s CUDA, Apple’s Metal, and AMD's ROCm), and more importantly, the upcoming ZKP-specific acceleration chips. It makes it difficult for ZKP hardware accelerator manufacturers to promote their products, as hardware companies need to bear the huge costs of adapting each proving system’s software backend. Ideally, the ZKP community should have a public domain-specific intermediate representation (IR) akin to TorchScript in the AI community to serve as a bridge between proving system development teams and high-performance hardware teams. Here we introduce the HyperCube IR, a minimalistic format tailored for ZKP as well as fully homomorphic encryption (FHE).

We would like to thank Zhenfei Zhang for insightful discussions. TL;DR We show the performance of Cysic in proving Keccak function: Cysic C1 chip can prove 1.31M Keccak functions per second; It requires in depth optimization in both coding and algorithmic design, in addition to powerful hardware. Introduction With the advance of proving techniques, using more advanced algorithm or faster software implementation, currently more than one million Poseidon hash functions can be proven per second on Macbooks. The speed of proving hash functions is important in one possible future of Ethereum, the Verge. As Vitalik wrote in the article "Verkle trees are vulnerable to quantum computers, and so if we replace the current KECCAK Merkle Patricia tree with Verkle trees, we will later have to replace the trees again". Having a performant proving speed for Keccak function is crucial in realising a post quantum secure STARKed binary hash tree. However, the best technology can only prove several thousands Keccak calls per second, which is far from being practical in the Verge approach. The main reason of the slow Keccak proving is due to the SNARK/START-unfriendness of Keccak functions, and for these conventional hash functions, such as BLAKE.

TL;DR Cysic Network is a ZK proof layer that delivers high-performance and cost-effective proof generation and verification services to the entire ZK ecosystem. In this article, we present the design of the Cysic Network. Please note that this whitepaper is subject to change without notice. Introduction A Zero-Knowledge Proof (ZKP) is a cryptographic concept that allows one party (the prover) to prove the truth of a statement to another party (the verifier) without revealing any information beyond the validity of the statement itself. This concept was first introduced by Shafi Goldwasser, Silvio Micali, and Charles Rackoff in 1985. The core idea behind ZKPs is to enable succinct and private verification of claims while protecting the sensitive information of the prover. ZKPs have various applications in the crypto space, such as building private blockchains, improving the throughput of layer-1 blockchains, and enabling communication between separate blockchains. However, ZKPs are not without limitations, as generating proofs can be extremely resource-intensive in terms of both time and energy. Proof generation is often slowed down by the need for numerous complex mathematical operations, such as exponentiation, inversion, polynomial multiplication, and significant data movement. To address these challenges in all proposed ZKP constructions, it is crucial to develop hardware acceleration methods using Graphical Processing Units (GPUs) and Application-Specific Integrated Circuits (ASICs). This high computational demand is reminiscent of Bitcoin (and other altcoin) mining, which has drawn criticism for being centralized and energy-intensive. Cysic Network aims to provide proof generation and verification services for the entire ZK ecosystem. The goal of the network is to cultivate a sustainable environment for ZK proof generation and verification by addressing the following two major challenges:

TL;DR Cysic Network represents a dynamic protocol offering one-stop zero-knowledge proving and verification functionalities. It facilitates a rewarding ecosystem where participants can earn rewards by contributing computing power to the protocol, staking, and participating in governance. Introduction Zero-knowledge proof (ZKP) is a cryptographic concept that allows one party (the prover) to demonstrate the truth of a statement to another party (the verifier) without revealing any additional information beyond the validity of the statement itself. This concept was first introduced by Shafi Goldwasser, Silvio Micali, and Charles Rackoff in 1985. The core idea behind ZKPs is to enable succinct and private verification of claims, protecting the sensitive information of the prover. ZKPs have various applications in the crypto space, such as constructing a private blockchain, improving the throughput of layer-1 blockchains, and enabling communication between two separate blockchains. Nonetheless, ZKP is not without its limitations, as the process of generating proofs can be extremely resource-intensive in terms of both time and energy. The creation of proofs is often slowed down by the need for numerous complex mathematical operations, such as exponentiation, inversion, and polynomial multiplication, and massive data movement. To overcome these issues for all proposed ZKP constructions, it is of utmost importance to develop hardware acceleration methods using Graphical Processing Units (GPUs) and Application Specific Integrated Circuits (ASICs). This intensive computational demand of ZKPs is reminiscent of the Bitcoin (or other altcoins) mining scenarios, which draw a lot of criticism for being centralized and energy consuming. Cysic Network aims to provide proving and settlement related to ZK proofs to all ZK projects. The goal of the network is to cultivate a sustainable environment for ZK proof generation and verification by addressing the following two major problems:

By Luke Pearson and the Cysic team TL;DR: In hardware accelerating ZKP, FPGA has the same performance-per-watt level as GPU, but cannot compete with GPU on the performance-per-dollar metric. ASIC outperforms FPGA and GPU on the above two metrics, but takes longer to get to the market. Introduction The significance of zero-knowledge proofs (ZKP) has grown exponentially in recent years, emerging as one of the most crucial innovations in computer science over the past half-century. This can be attributed to the fact that ZKPs have the potential to dramatically enhance the scalability of blockchain platforms such as Ethereum. A key aspect of ZKPs is their ability to significantly increase the transactions per second (tps) on various blockchain platforms, relying solely on mathematical principles rather than trust. By enabling validators to consolidate multiple transactions into a single, concise proof, ZKPs ensure both accuracy and integrity throughout the process. ZKPs offer many other features that make them essential components of various scaling and privacy solutions, including ZK aggregations like StarkNet, private ZK aggregations like Aztec, and Layer 1 chains like Mina, Filecoin, Manta and Aleo. Nonetheless, ZKP is not without its limitations, as the process of generating proofs can be extremely resource-intensive in terms of both time and energy. The creation of proofs is often slowed down by the need for numerous complex mathematical operations, such as exponentiations, inversions, and bilinear pairing computations. Consequently, it remains a challenge to optimize ZKP solutions in order to fully harness their potential. To overcome these issues for all proposed ZKP constructions, it is of utmost importance to develop hardware acceleration methods. Namely, they can be accelerated 10-1000 times through the use of specialized hardware such as Field Programmable Gate Arrays (FPGAs) and Application Specific Integrated Circuits (ASICs).

The Cysic team would like to thank Luke Pearson and Binyi Chen for valuable feedbacks on this post. Hyperplonk is an adaptation of the Plonk proof system to the Boolean hypercube that aims to eliminate the need for computing fast Fourier transforms (FFT) during proof generation. It also supports custom gates of higher degree without increasing the proof generation time. In this article, we will analyze the performance of Hyperplonk from a hardware perspective, focusing on the pros and cons of its three computing components: multi-scalar multiplication (MSM), multi-linear extension (MLE), and sumcheck. We will also propose our design for these components and potential improvements to Hyperplonk for better performance on customized hardware. Overview of the Hyperplonk Proof System Hyperplonk is a type of succinct non-interactive argument of knowledge (SNARK). One of the most important features for SNARKs is succinctness, which means that the size of the proof depends logarithmically on the size of the circuit being proved and the verification time is proportional to the length of the statement plus the logarithmic size of the circuit. There are two primary components in constructing SNARKs: an interactive oracle proof (IOP) and a cryptographic commitment scheme: An IOP is an interactive proof in which the verifier does not need to read the entire proof, but has oracle access to the proof script and can probabilistically query it.