Plonky3 looks most promising, on a modern CPU (e.g. i9-13900K, M3 Max), it can do:
1.75 - 2 M/s \(\text{poseidon2}_{t16}\) permutations on KoalaBear.
30 K/s blake3 permutations and 4 K/s keccak256 permutations, tho both look far from poseidon2 but the current designs are purely arithmetic, no lookup is adopted yet, so perhaps there is still room to improve.
Stwo also performs well and is close to Plonky3.
Binius performs a bit worse than Plonky3 and Stwo on traditional hash function on CPU.
Hashcaster looks also promising, it can do 60 K/s keccak256 permutations, and it also has much room to improve.
Expander didn't provide PCS a month ago, but now it seems to have Orion supported, need to revisit and benchmark.
Hashcaster's boolcheck protocol verifies quadratic Boolean formulas using polynomial coordinates.
Core techniques
Frobenius theory: Uses Frobenius automorphisms to efficiently extract packed field elements.
4 Russians method: Speeds up structured matrix-vector computations, crucial for efficient multi-opening verifications.
Results
Highly efficient proving system for Keccak combining boolcheck with classical small field sumcheck
Still too slow in terms of throughput when compared to Poseidon results.
Hash-based signature aggregation
First attempt using existing zkVM (SP1 and OpenVM), the performance looks not good even with precompile.
Second attempt using OpenVM's prover (based on Plonky3) which supports lookup additionally, currently we can aggregate 2.5 K signatures per second, but proof is large (> 3 MB).
Optimizations we plan to try:
For proving speed (ideally 10 K/s sig agg):
A simpler prover to reduce overhead, and use GKR LogUp.
{"title":"beam call #2","contributors":"[{\"id\":\"a2e46ed4-c239-4200-8a19-4298a4d866c0\",\"add\":6898,\"del\":3054}]","description":"Plonky3 looks most promising, on a modern CPU (e.g. i9-13900K, M3 Max), it can do:"}