TY - GEN
T1 - SZKP
T2 - 33rd International Conference on Parallel Architectures and Compilation Techniques, PACT 2024
AU - Daftardar, Alhad
AU - Reagen, Brandon
AU - Garg, Siddharth
N1 - Publisher Copyright:
© 2024 ACM.
PY - 2024
Y1 - 2024
N2 - Zero-Knowledge Proofs (ZKPs) are an emergent paradigm in verifiable computing. In the context of applications like cloud computing, ZKPs can be used by a client (called the verifier) to verify the service provider (called the prover) is in fact performing the correct computation based on a public input. A recently prominent variant of ZKPs is zkSNARKs, generating succinct proofs that can be rapidly verified by the end user. However, proof generation itself is very time consuming per transaction. Two key primitives in proof generation are the Number Theoretic Transform (NTT) and Multi-scalar Multiplication (MSM). These primitives are prime candidates for hardware acceleration, and prior works have looked at GPU implementations and custom RTL. However, both algorithms involve complex dataflow patterns - standard NTTs have irregular memory accesses for butterfly computations from stage to stage, and MSMs using Pippenger's algorithm have data-dependent memory accesses for partial sum calculations. We present SZKP, a scalable accelerator framework that is the first ASIC to accelerate an entire proof on-chip by leveraging structured dataflows for both NTTs and MSMs. SZKP achieves conservative full-proof speedups of over 400 ×, 3 ×, and 12 × over CPU, ASIC, and GPU implementations.
AB - Zero-Knowledge Proofs (ZKPs) are an emergent paradigm in verifiable computing. In the context of applications like cloud computing, ZKPs can be used by a client (called the verifier) to verify the service provider (called the prover) is in fact performing the correct computation based on a public input. A recently prominent variant of ZKPs is zkSNARKs, generating succinct proofs that can be rapidly verified by the end user. However, proof generation itself is very time consuming per transaction. Two key primitives in proof generation are the Number Theoretic Transform (NTT) and Multi-scalar Multiplication (MSM). These primitives are prime candidates for hardware acceleration, and prior works have looked at GPU implementations and custom RTL. However, both algorithms involve complex dataflow patterns - standard NTTs have irregular memory accesses for butterfly computations from stage to stage, and MSMs using Pippenger's algorithm have data-dependent memory accesses for partial sum calculations. We present SZKP, a scalable accelerator framework that is the first ASIC to accelerate an entire proof on-chip by leveraging structured dataflows for both NTTs and MSMs. SZKP achieves conservative full-proof speedups of over 400 ×, 3 ×, and 12 × over CPU, ASIC, and GPU implementations.
KW - Cryptography
KW - Hardware Acceleration
KW - Zero-Knowledge Proofs
UR - http://www.scopus.com/inward/record.url?scp=85207154881&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85207154881&partnerID=8YFLogxK
U2 - 10.1145/3656019.3676898
DO - 10.1145/3656019.3676898
M3 - Conference contribution
AN - SCOPUS:85207154881
T3 - Parallel Architectures and Compilation Techniques - Conference Proceedings, PACT
SP - 271
EP - 283
BT - PACT 2024 - Proceedings of the 2024 International Conference on Parallel Architectures and Compilation Techniques
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 13 October 2024 through 16 October 2024
ER -