Zero-knowledge proof technology is becoming more and more widely used, but many people have gradually discovered that proof performance is a bottleneck. Since 2019, the Trapdoor Tech team has been deeply researching zero-knowledge proof technology and has been exploring efficient zero-knowledge proof acceleration schemes. GPUs or FPGAs are common acceleration platforms on the market. IOSG Ventures analyzes the advantages and disadvantages of FPGA and GPU acceleration of zero-knowledge proof calculations, starting from MSM’s calculation.
ZKP is a technology with a promising future. More and more applications are adopting zero-knowledge proof technology. However, there are many ZKP algorithms, and different projects use different ZKP algorithms. At the same time, the computational performance of ZKP proofs is relatively poor. This article analyzes MSM algorithm, elliptic curve point addition algorithm, Montgomery multiplication algorithm, etc., and compares the performance difference of GPU and FPGA in BLS12_381 curve point addition. Overall, in terms of ZKP proof computation, in the short-term, GPU has obvious advantages, with high throughput, high cost-effectiveness, programmability, etc. FPGA has some advantages in power consumption. In the long term, there may be FPGA chips suitable for ZKP computation, or ASIC chips customized for ZKP.
MSM (Multiple Scalar Multiplication) refers to calculating the point corresponding to the sum of these points given a series of points on an elliptic curve and a scalar. The industry generally uses the Pippenger algorithm to optimize the MSM calculation. Pippenger algorithm also has many variations and optimization algorithms. In any case, the underlying calculation of MSM algorithm is point addition on elliptic curves. Different optimization algorithms correspond to different numbers of point additions.
- Reasons for Spin Fi expanding to Polygon zkEVM trading platform
- Will Binance reach a settlement with the SEC? Let’s take a look at some well-known projects that have been fined by the SEC in the past.
- How do top asset management companies with over $1.5 trillion under management bet on BTC and blockchain?
Modular multiplication refers to x*y mod p. Note that the bit width of these integers is the bit width of the elliptic curve. The classical algorithm for modular multiplication is Montgomery Multiplication. Modular multiplication algorithm can be further divided into two types of calculations: large number multiplication and large number addition. Based on the understanding of MSM calculation logic, the performance (throughput) of modular multiplication can be chosen to compare the performance of FPGA and GPU.