Total: US$1500. May be split among multiple teams. ## Motivation Zero-knowledge cryptography enables succinct verification of proofs the authenticity and integrity of information. This property empowers individuals to prove and establish the veracity of content in an age where content can be easily and undetectably transformed, manipulated, and even faked. Use cases like client-side proving of machine learning transformations over private data could be a powerful defense against AI-driven misinformation. Furthermore, other [ZKML](https://mirror.xyz/privacy-scaling-explorations.eth/K88lOS4XegJGzMoav9K5bLuT9Zhn3Hz2KkhB3ITq-m8) applications such as identity verification tend to have extremely high proof generation needs. Client-side proving today, however, is notably slow, due to the large computational load of ZK proofs, as well as the inherent performance limitations of web browsers. Fear not, there is hope! In the near future, web applications will be able to easily leverage clients' GPUs for heavy computational tasks, including ZK cryptography. Since GPUs are built for highly parallel workloads, cryptography engineers should strive to add this powerful new tool to their repertoire. This tool is [WebGPU](https://www.w3.org/TR/webgpu). ### About WebGPU WebGPU is a new API for web browsers that allows web applications to easily access features of clients' GPUs and express arbitrary computation through a language called [WGSL](https://www.w3.org/TR/WGSL/). [Support for WebGPU](https://caniuse.com/webgpu) is currently available in most modern browsers like Google Chrome, Firefox, Edge, and Safari (although it may have to be enabled using a configuration option). ## Getting started Please fork the [wgsl-poseidon](https://github.com/geometryresearch/wgsl-poseidon) repository, which provides boilerplate for working with WebGPU in the browser and in the command line. It contains a WGSL implementation of the Poseidon hash function in the BN254 scalar field, as well as basic big integer and finite field arithmetic functions. Participants are strongly encouraged to use this repository as a starting point to avoid duplicating unnecessary effort. Wei Jie is Geometry's point person for this bounty. He will be available around the hackerthon venue and interested teams are strongly encouraged to reach out to him for support and advice. Please contact him via Telegram (weijiek) or email ([wj@geometry.xyz](mailto:wj@geometry.xyz)). ## Criteria We ask that participants focus on implementing commonly used algorithms in ZK proving systems that are amenable to parallelism. These include, but are not limited to: - High-level algorithms: - Multi-scalar multiplication (MSM) - Fast Fourier transforms (FFT) - Efficient elliptic curve arithmetic - e.g. efficient implementations of curve addition, exponentiation, etc - Efficient finite field arithmetic - e.g. efficient implementations of x^5 mod p, which is heavily used in the Poseidon hash function, or x ^ 7 mod p, which is heavily used in the MiMC7 hash function. - Any commonly used hash function - e.g. Poseidon 2, Reinforced Concrete, Tip5, or MiMC. - Do not submit an implementation of Poseidon, since it has already been written, and will be included in the code template. However, Poseidon 2 is OK. Participants should be aware of the WGSL code in the following repositories and refrain from duplicating effort. - [msm-webgpu](https://github.com/sampritipanda/msm-webgpu) - Implements Pippenger's algorithm for MSM in the Vesta field, as well as key elliptic curve arithmetic functions. Much of the big integer and finite field code in the starter template was adapted from this repository. - [webgpu-examples](https://github.com/voidash/webgpu-examples) - Implements BLS12-381 finite field arithmetic. ### Outstanding criteria Submissions that stand out should: - Motivate the work. e.g. describe the contexts in which the algorithms they implement would be useful for ZK cryptography - Make use of GPU parallelism where applicable - Include tests - Be clearly documented - Include a readme file with simple instructions on how to to run the code - Contain basic code comments to explain what key functions do - Describe avenues for further research ### Browser or CLI code The code template contains boilerplate for running WGSL code in the browser and in the CLI via the Rust `wgpu` library. Participants may choose to use either or both approaches. Ideally the code should work in the browser but we understand if participants face browser issues that restrict them to only use the CLI. Nevertheless, WGSL code is easily portable and should work in either platform anyway.