ZK Hardware Acceleration Discussion: A New Market Comparable to POW Mining

Host: Faust, geek web3

Guests: Vincent, DevRel of Scroll;

Leo, Co-founder of Cysic;

Siyuan,TechLead of ABCDE Capital;

Kiwi, Researcher of OKXVentures;

Marco, DevRel of Aleo;

Lynndell, Cryptography Expert of Bitlayer

Summary:On the evening of May 23, Geek Web3 invitedGuests from Scroll, Cysic, Bitlayer, Aleo, ABCDE Capital and OKX Ventures discussed ZK hardware acceleration on Twitter.The guests had a wonderful discussion on the commercialization and marketization of real-time generation of ZK proofs and hardware acceleration, and also brainstormed on the new term "ZK Depin".The following is a text transcript.

The detailed issues involved in this Space include:

1.Both Cysic and Lumoz projects regard ZK acceleration as their core vision. Cysic has also proposed the slogan of generating ZK proofs in real time. So what impact will these technologies have on Ethereum's Danksharding route?

2. I heard that Aleo has changed its mining algorithm. Aleo was originally a privacy public chain, and its mining algorithm is directly related to ZK. Some people rumored that Aleo seems to have changed back to a hash algorithm similar to the mainstream PoW public chain (the guests clarified this matter)

3. What is the future vision of ZK mining, and how will the ZK-DePIN track proceed?

4. How do you view the commercialization and marketization of ZK-DePIN? What are the pain points that have not yet been resolved?

5. ZK Mining Miner Revenue Model

6. Teachers, how do you think we can solve the problem of huge differences in proof generation efficiency among different miners?

text:1. Faust: What impact does ZK hardware acceleration have on the Ethereum Danksharding roadmap?

Background:The Danksharding roadmap proposes the concepts of Verkle Tree and stateless client.At that time, ordinary Ethereum nodes/clients will not have to store the complete state tree locally. The block will directly provide the state data associated with each transaction, and use ZK to prove that this data comes from Ethereum's state tree (Verkle Tree). Verkle Tree has made significant improvements to Ethereum's current Merkle Tree storage structure to facilitate the generation of ZK to prove that a piece of data comes from the Verkle Tree.

Leo:In simple terms,The real-time generated ZK proof can greatly improve the efficiency of light clients and Verkle Tree.Compared with Merkle Tree, Verkle Tree generates more branches/paths. If you use Merkle Proof to prove that a piece of data comes from a branch on the Verkle Tree, you have to open many other branches.

if youUsing ZK instead of Merkle Proof can greatly improve efficiency and compress a lot of data into a small size.. But if you simply use a normal CPU or GPU to generate ZKP, it is actually very complicated.

I have worked on a project in Algorand before, called Algorand state proof, which uses Merkle Proof to open many branches on the Merkle Tree, but this is very inefficient. So you need to use ZK's Real Time Generation, or use this Specialize Prover to greatly improve the efficiency of zk proof generation.

Vincent:At the Web3 Hong Kong Conference in April, Vitalik mentioned the importance of ZK proof to maximizing the performance of the protocol. His previous speeches and technical explorations also reflected his emphasis on ZK.In the past, it took Scroll about two to three hours to generate a fully compatible zkevm Proof, but with the existing hardware acceleration solution, it was reduced to 10 minutes.But this still cannot achieve the generation speed we want.

In an ideal world, ZK adoption would be very high and permeate every aspect.Xiaobai NavigationIn the past, ZK generation speed was not fast enough to support huge adoption rates.If real-time generation of ZK proofs becomes a reality, we won’t have toSafetyNo compromises will be made in terms of reliability, trustlessness, verifiability, etc., and ZK will be used directly to solve many problems that could not be solved in the past. After this, project innovation, including application innovation, will definitely be lightweight.CommunityEveryone is full of confidence and hopes to make a breakthrough in this direction together.

Siyuan:I think the core of Layer2, especially the second layer using ZK, is to achieve fast Finality (transaction final confirmation). Only by converting the transaction trace of Layer2 into ZK Proof faster and sending it to L1 for verification,L2 Some companies will not finalize each L2 A block or a few blocks are packaged to generate proof. In addition,According to Vitalik's vision, after replacing the first layer with the Verkle tree, he hopes that each block will generate an instant ZKP. Without ZK hardware acceleration, this vision is difficult to achieve.Therefore we are very optimistic about Cysic.

2. Faust:I heard that Aleo has changed its mining algorithm, because Aleo was originally a privacy public chain, and its mining algorithm was related to ZK. Now it seems to have changed back to the hash algorithm like most PoW public chains. I would like to ask the guests what they think about this rumor.

Marco:It is such a situation.As for the recent Aleo Testnet Beta, its POW algorithm is indeed a hash algorithm, which is then added to the Merkle Tree and a Root Data is given to calculate the final size.However, this version is only a temporary version, not the final version. The final version of Aleo will be released in July, and I hope everyone can wait patiently.

Then, in fact, Alex, the CEO of Aleo Foundation, once said at a meeting,His ideal PoW algorithm has two main requirements. One is to promote the practical application of the ZK algorithm and solve more practical problems. The other is to ensure the fairness of mining.So they will make adjustments according to this idea, and hope everyone will stay tuned in time.

Leo:On this topic, I would like to add that the Coinbase puzzle before Aleo mining used MSM to make polynomial commitments, and then it was just changed from MSM to Merkel tree to make polynomial commitments.Actually, from ZK's perspective, there is not much difference.It just means that one of your components has changed from MSM based to Hash based.Then this Hash based has various hash functions, which is actually a mix of hash functions.

Vincent:I personally would like to ask Professor Marco, from Aleo's perspective, what are your views on the entire ZK hardware acceleration ecosystem? Now, including Cysic's ASIC chips or Ingonyama's FPGA-based ZK acceleration solutions, do their products have any impact on Aleo's development or future plans?

Marco:I personally feel that there is, after allThe core problem that currently plagues the entire ZK field is that ZK Proof generation is too slow.Not long ago, Vitalik said that it takes 20 minutes to generate a proof for an Ethereum block through the SNARK proof system, but Ethereum generates a block in 12 seconds, which is a huge gap. I hope there will be more good ZK acceleration solutions to solve the above problems.

3. Faust: Next, I would like to discuss topics related to ZK mining or ZKDePIN. First, I would like to ask Mr. Leo about his vision for ZK mining and how the ZK-DePIN track will run.

Leo:We actually provide ZK proof generation services to some ZK project parties.Cysic is a startup company, and we don’t have enough money to buy or rent servers.CommunityIn fact, we now have hundreds of servers, all of which are running at full capacity. This is different from the traditional AI-Depin project is very different.

AI-Depin Many machines in there are just idling there,People just pursue a relatively high uptime and then take advantage of the airdrop, but if it is Cysic Network, your machine will truly empower actual application scenarios, will not idle, and will have higher resource utilization. Moreover, the rewards you can get are not only Cysic Tokens, but also incentives from major ZK project parties.

而且这对于 ZK Prover 的去中心化也有好处，让多个 Prover 去生成一个 Proof 也能减少对单个 Prover 的依赖。我们不但会 rely on 大矿工的设备，还会动员社区成员把自己闲置的硬件接进来，给整个 ZK 生态提供服务。

Siyuan:Cysic actually has two types of customers. One is a professional ToB big customer, and the other is more interesting.Cysic has launched a small ZK accelerator card that allows you to quickly generate ZKP on your home computer.Convenient for developers and even ordinary users.

Leo:What Siyuan just mentioned is that it should be our own equipment.Cysic will ship its own ZK hardware on a large scale next year.This hardware has two forms.The first one is ZK air. As Siyuan mentioned just now, it is about the size of an Apple laptop charger. It can be connected to your computer via Type-C to help you run the ZK generation locally.It should also be very fast, 8 to 10 times faster than the 4090 card, which will help developers do many things.

Vincent:Regarding ZK-Depin, in fact, the imagination space of traditional Depin is often limited to things like mobile phone mining and watch mining, but ZK hardware acceleration is completely different.We at Scroll will soon have a decentralized Prover Market, which is announced in our roadmap.Our future Prover part will be a permissionless market model, which of course involves some complex revenue models, and the details are still being perfected. But our direction is certain, we will evolve towards the direction of rapid ZK generation and try our best to avoid the Matthew effect.

Marco:Regarding the Cysic ToC device mentioned earlier, I can add two points.Aleo transfers require this kind of client-local ZK generation.If you generate ZKP locally in your browser, it will be very slow and may take more than ten minutes or even longer.However, because Aleo focuses on private transactions and has a rigid demand for ZKP generation, Cysic's small ToC device is still very meaningful.

4. Faust: In the current ZK hardware acceleration track, what are the pain points that have not been resolved in commercialization or marketization?

Leo: In fact, we can imagine ZK acceleration as doing a kind of Proof of Work. You hope to generate ZKP as quickly as possible in exchange for rewards. This is actually no different from the ASIC of the traditional PoW public chain hash algorithm.But ZK's related algorithms are very variable.It is not as fixed as the hash function. In the ZK ecosystem,The ZK proof systems used by different projects are basically different. Some are based on KZG commitments, and some are based on FRI. Anyway, they are basically different.

As a hardware manufacturer,Cysic actually hopes that everyone can converge towards a certain ZK proof system, and then we can continue to optimize this proof system and achieve the ultimate speedup ratio.Instead of being as diversified as it is now, because this is very unfavorable for ZK acceleration.

Marco: I personally think that there are some challenges and opportunities in algorithm improvement and performance optimization. Last year, the best GPU implementation of MSM in the ZPrize competition, according to the best practices of the MSN GPU in the ZPrize 2023, StorSwift and yrrid are still above 360 milliseconds in terms of the calculation of 2^20 data volume.If it can be reduced by another order of magnitude, ZK will be easier to promote.The previous guest mentioned that the certification system is not unified, which is indeed a concern in hardware acceleration. Considering the input-output ratio, each project dare not make too much investment.

Leo: We are actually the architect of ZPrice's MSM acceleration track this year. This year, we have indeed achieved an improvement of about 20%-30% compared to last year. However, MSM still needs to interact with other modules for ZK proof generation, and the efficiency of PCIE will become a bottleneck in data transfer. Last year, we made a very powerful FPGA machine that can complete MSM calculations of about 2 to the power of 26 in about 10 milliseconds. This is already the maximum speed that can be achieved, but it still cannot achieve true real-time zk proof generation, and many calculation steps still take several minutes.In our view, "real-time generation" means controlling the proof generation time of any ZK circuit to around 1-5 seconds, which requires better methods to achieve.

5. Faust: What do you think about the ZK Prover Market or the miner profit model of ZK mining?

Leo: The main income of miners comes from the project partyToken, such as Scroll, Zksync and Starknet, the income of miners depends largely on the project's coin price. In the long run, it will be a large market, especially after the Bitcoin halving. I think ZK should be a gradually expanding market for the entire hardware or for ZK mining.

Vincent: We at Scroll have some research.The size of the ProverMarket market will depend on the number and demand of ZK projects. As more and more projects adoptZero knowledge proofTechnology, the demand for Prover will increase accordingly.This need is mutually reinforcing, meaningZero knowledge proofThe popularity and application of technology will drive the growth of ProverMarket.

In terms of universality, many different applications and algorithms have the need for zk hardware acceleration, such as the well-known Snark algorithm. However, whether the grand unification of the ZK system can be achieved depends on whether a universal application scenario covering all ZK projects can be developed, which requires evaluating and optimizing the distribution of computing power to avoid the dispersion of computing power leading to insufficient resources for small projects, and to prevent projects that already have strong computing power from over-concentrating resources.

Marco:Actually, from Aleo's perspective, we are also thinking about the Prover Market solution. If I want to transfer money privately, I really need someone to help me calculate the ZKP, because it is too slow to calculate it locally and it takes a long time. So whoever helps me calculate the ZKP, I am willing to pay. In fact, some products are being proposed one after another, but the key question isSafetyBecause if you ask someone to calculate ZKP for you, you have to provide them with data, which may cause privacy leakage. There are some proposals to solve this problem.

6. Faust: Finally, here is a question asked by Jan, co-founder of CKB/Nervos public chain.Companies like Lumoz and Polygon have mentioned the concept of Prover Market, but there is a Matthew effect here. Miners with better hardware equipment than others will always generate ZK proofs before others. The vast majority of mining revenue will eventually be controlled by one or two large miners.Teachers, how do you think we can solve the problem of huge differences in proof generation efficiency among different miners?

Leo: I think this is an eternal topic, which is how to balance efficiency and fairness.In fact, we can use different methods at different stages. In the early stage, we may pay more attention to efficiency. That is to say, we hope to provide customers with better and faster services to attract more customers, so that the whole snowball will grow bigger and bigger.As the snowball starts to roll bigger, you can start paying attention to fairness.Cysic's own hardware has already started shipping. When it starts shipping, you can actually buy some of this cost-effective hardware to achieve similar efficiency to everyone else.

From the perspective of protocol design, you can also make some corresponding adjustments. Because at that time, everyone's hardware speed has been greatly improved. When there is a good improvement, for example, let's assume that a is the fastest, b is the second fastest, and c is the third fastest. Note that a may be a group, b may be a group, and c may be a group. You can make some adjustments through some scheduling, and the group with a slightly slower speed can still participate and still share some benefits.

Of course, fairness cannot be forced. For example, if his investment is not as high as that of the big miners, from a fairness perspective, he should not get such a big profit.This is a design philosophy we will use later.

Marco: This is a difficult question to answer. From the perspective of PoW, we would like to lower the threshold, just like in Aleo's testnet3, a proof can be calculated by both 4090 and a mobile, and the income is calculated according to the ability ratio. If it is to serve actual business needs, we still hope to do it quickly and well. Whoever calculates it first will win the incentive. Large miners' hardware is good for ZK demanders, but it is actually very difficult to solve the fairness problem.

Lynndell:I think this question should just be left to its own devices.It is the same with Bitcoin now. Whoever has the most computing power or the computing power of the mining pool will mine more. Other ordinary users have no chance at all, and can only provide computing power to join the mining pool. So it is the same with ZK. It is almost the same as Pow, which relies on computing power. In this way, it will be fine if it goes with the flow.

The article comes from the Internet:ZK Hardware Acceleration Discussion: A New Market Comparable to POW Mining

Related recommendation: What will be the next hyped ETF?Token?

Why do so many people choose SOL? Because it has "consensus support". A vote was launched last Friday, "After $BTC $ETH, what token do you think will be the next ETF hype?" As a result, 63.6% people chose SOL. After the ETH ETF was passed, the market did have a high voice for SOL⤵️ Standard Chartered…