This article has been republished with permission from CoinCu

Key Points:

  • Cysic, a zero-knowledge hardware startup, recently completed a $6 million seed funding round led by Polychain Capital.

  • Cysic’s primary goal is to provide hardware-accelerated services for the ZK project’s ZK proof-generation process.

  • Cysic has already reached its intention to partner with some of the leading ZK projects and will first provide MSM acceleration services for these projects.

Cysic is an industry-leading ZK hardware acceleration project dedicated to designing advanced ASIC chips to help reduce ZK-proof generation time. Cysic has formed a first-class hardware design and development team and has completed the FPGA-based POC design work.

According to the POC results, it can be proved that Cysic’s ZK hardware acceleration capability is already in an industry-leading position.

ABCDE invested in Cysic in the seed round, and the investment institutions in this round also include Polychain, A&T, Hashkey, and Web3.com Venture.

Why do we need ZK hardware acceleration?

The generation of ZK proof (ZK Proof Generation) is one of the core steps in the ZK project. Unfortunately, under existing ZK proof systems, generating ZK proofs usually requires a lot of computation. As the complexity of the project increases and the scale of the ZK circuit increases, the amount of calculation required for ZK proof generation will increase exponentially.

For example, for large-scale zkEVM/zkVM projects such as Scroll and zkSync, it may take hours or even days of calculation if it uses the CPU to generate ZK proofs. In real business, most projects need to limit the generation of ZK proofs to seconds and minutes. Computing time of several hours or longer is completely unacceptable for most ZK projects, especially for expansion projects such as zkEVM/zkVM.

In addition, the computational complexity of ZK proof generation is difficult to reduce theoretically in the time window of about two years before the ZK project is officially launched in the future.

Therefore, in order to ensure the usability of the project, before the project is officially launched, the ZK project party must adopt the technical solution of “accelerating the generation of ZK proofs” to accelerate the generation of ZK proofs to the second or minute level. The method of accelerating ZK-proof generation through high-performance hardware is currently the first choice.

What is hardware accelerated?

In the process of ZK proof generation, the main time-consuming calculations can be divided into two types:

1. NTT (Number Theoretic Transform) calculation based on polynomials

2. MSM (Multi-Scalar Multiplication) calculations on elliptic curves. Generally speaking, in a calculation generated by a ZK proof, NTT-type computing tasks account for about 25% of all computing tasks, and MSM-type computing tasks account for about 60–70%.

Fortunately, these two types of computing tasks exist:

1. The logic is relatively simple

2. A large number of repetitions of the same computing logic

3. The characteristics of parallelism (similar to Bitcoin Mining computing). Therefore, it is theoretically feasible to use high-performance hardware to accelerate these two types of calculations.

As shown in the figure below, we can find that the NTT calculation (upper left part) and MSM calculation (right side) are lightly coupled in the workflow of ZK proof generation. Therefore, the ZK project party can choose according to actual needs:

1. Accelerate NTT calculation alone or

2. Accelerate MSM calculation alone

3. Accelerate NTT and MSM as a whole, three options.

Workflow of General ZK proof generation process

  • Note 1: The picture above is from Scroll co-founder Zhang Ye’s paper: PipeZK: Accelerating Zero-Knowledge Proof with a Pipelined Architecture. This is one of the first papers in the industry to study zk hardware acceleration.

  • Note 2: In some literature/articles, it is claimed that the most time-consuming ZK proof generation is FFT (Fast Fourier Transform) and MSM. Although the principles of FFT and NTT are similar, since most of the cryptographic calculations involved in ZK are performed on finite fields (Finite Field), the actual calculation should be NTT. Therefore, we take the NTT used in most academic articles as the standard.

What is hardware acceleration used?

Similar to the mining solution, the current ZK hardware acceleration solution is mainly implemented through the following three types of hardware:

  • GPU

  • FPGA

  • ASICs

Currently, there are two main hardware acceleration solutions available on the market: GPU and FPGA. Acceleration schemes using GPU/FPGA are relatively easy to implement. Therefore, in order to seize the market faster, most manufacturers will first implement the GPU/FPGA solution. Due to the high hardware cost of GPUs and FPGAs, relatively high power consumption, and limited absolute performance. Therefore, the ASIC solution is a part that cannot be ignored in the ZK hardware acceleration ecosystem.

How Hardware Acceleration Serves the ZK Project Party

ZK hardware acceleration providers can provide ZK-proof generation acceleration services in two ways:

  • Through SaaS APIs.

  • Provide acceleration services (similar to selling mining machines) by selling hardware (whole machine/chip).

As we mentioned above, during the generation of ZK proofs, NTT and MSM calculations are lightly coupled. Therefore, according to different service granularities, hardware acceleration service providers can provide the following three granular services.

  • Dedicated NTT Acceleration (Dedicated NTT Acceleration API/Hardware Device)

  • Dedicated MSM acceleration (dedicated MSM acceleration API/hardware device)

  • All-in-one acceleration solution to accelerate NTT and MSM at the same time.

Differences in Hardware Acceleration Providers

NTT and MSM computing problems have been studied extensively for many years. It is difficult for major manufacturers to achieve breakthroughs in computing theory in a short period of time. Therefore, the technical differences between various manufacturers lie more in engineering realization capabilities, control of algorithm details, technology stack (hardware) selection, cost control of hardware production, and product design capabilities. When customers choose an acceleration vendor, they will focus on the following three factors:

  • The performance of the hardware/service and the computing time of the manufacturer under the same computing task.

  • Hardware acceleration cost, under the same computing task, is the manufacturer’s computing cost.

  • Ease of use of the API/device.

Why do we invest in Cysic?

Cysic was founded in late August 2022 by Leo Fan and Bowen Huang. The main goal of Cysic is to provide hardware acceleration services for the ZK project’s ZK-proof generation process. California, USA, and Mainland China. The backgrounds of these founding members are mainly from the Ph. D.s from the Department of Computer Science of Top 20 Universities in the United States and the chip design team of the Institute of Computing Technology, Chinese Academy of Sciences.

At this stage, the project has realized the POC verification of FPGA-based MSM calculation, and the project code is SolarMSM. At this stage, SolarMSM will provide external services through SaaS.

At present, Cysic has reached cooperation intentions with several leading ZK project parties and will provide them with testing services in the near future. According to the evidence of many industry authorities, SolarMSM is in the Top-Tier position in the industry in accelerating MSM computing performance.

Founding team profile

The two founders have strong technical backgrounds and are experts in cryptography and hardware design. Dr. Leo graduated from Cornell University under the tutelage of an internationally renowned professor of cryptography, Elaine Shi. Before joining Rutgers University as an assistant professor, Leo worked as a cryptography researcher at Algorand.

Another founder, Bowen Huang, worked in the Institute of Computing Technology, Chinese Academy of Sciences for 6 years before founding Cysic and going to Yale University to study for a Ph.D. Design landing.

POC results

At present, Cysic has implemented the POC design of the MSM acceleration solution based on Xilinx’s public FPGA, code-named SolarMSM. In POC verification, for the MSM computing task whose input size is 2³⁰, SolarMSM can accelerate it to less than one second. This is currently the strongest level among all public data results in the industry, and it is 1–2 orders of magnitude higher than the champion performance of the ZPrize competition.

Quick implementation of SolarMSM demonstrates:

  • The Cysic team has efficient R&D strength and technical capabilities. It can be designed and implemented quickly, which is 1–2 orders of magnitude higher than the first ZPrize, showing an overwhelming speed advantage.

  • The Cysic team has a robust supply chain integration management capability. If the PCB, heat dissipation, power supply, PCIE connectors, and chassis structure are all customized in parallel, the delivery can still be completed quickly within 2-3 months, which is basically 2-3 times the speed of the industry standard.

At the same time, the POC at this stage is also an internal verification of the Cysic hardware design/development work. Because the error correction cost of ASIC chips is higher than that of FPGA solutions, full machine verification through SolarMSM at high bandwidth, high power consumption, and high interconnection levels can greatly reduce the risk of future ASIC chip errors.

Technology Roadmap

Cysic plans to provide a complete ASIC hardware acceleration solution, including NTT and MSM computing. Currently, the project party adopts a two-stage R&D strategy.

Phase 1: FPGA-based POC

In the first phase of the project, a POC version of MSM and NTT acceleration based on Xilinx’s public FPGA: SolarMSM. At present, the MSM computing acceleration module has been completed, and the 2³⁰-scale MSM computing can be completed in less than one second, which is the highest performance among all the public FPGA-MSM hardware acceleration results, leading the competition by more than 1–2 orders of magnitude. If nothing else, SolarMSM will hold the highest performance record for MSM hardware acceleration until ASIC chips come out. Cysic has reached cooperation intentions with several leading ZK projects and will first provide MSM acceleration services for these projects.

In the next few months, Cysic plans to complete the NTT computing acceleration module SolarNTT based on SolarMSM. SolarNTT and SolarMSM will be deployed on the same server to perform accelerated computing based on the same large-scale FPGA interconnection system. These two sets of implementations will be integrated through the high-speed interconnection architecture designed by Cysic to become an all-in-one acceleration solution, SolarZKP. SolarZKP will provide API services externally through SaaS.

Phase 2: 12nm ASICs

After the POC stage, Cysic will start the 12nm ASIC development stage. The goal is to achieve the computing power of a single ASIC chip reaching the performance of the entire SolarZKP (supporting both MSM and NTT computing and other core functions specified by the project party) while reducing the power consumption of a single chip to two orders of magnitude.

Market analysis

How do customers choose hardware acceleration solutions?

In actual production, different ZK customers have different requirements for hardware acceleration, depending on how sensitive the ZK project is to the proof generation time. For example:

  • For Layer-2 projects based on zkEVM/zkVM, their core requirement is the fast and stable generation of ZK proofs. Therefore, they will be more inclined to choose a faster and more stable integrated acceleration solution.

  • For some ZK projects that are not sensitive to the generation time of ZK proofs, they do not need to generate Proofs at the fastest speed, such as the property proofs of exchanges. In this scenario, customers can flexibly choose MSM computing acceleration alone or combine MSM computing and NTT computing provided by different service providers within an acceptable time to choose the best price.

We believe that in the future, there will be tools that combine different hardware acceleration vendors’ solutions to help customers generate optimal solutions.

Project risk

At present, many companies have participated in the competition on the ZK hardware accelerated track. There are project development delay risks and market risks for ASIC-based ZK hardware acceleration projects.

Project Development Delay Risk

There is a relationship of mutual cooperation and mutual achievement between the ZK project party and the ZK hardware acceleration manufacturer. As the ZK project party, it will first choose the first available hardware acceleration solution to seize the market share of the ZK project itself. For the zkEVM/zkVM project, being able to provide L2 block proofs stably is one of the most important considerations. Therefore, some ZK project parties will reach long-term cooperation intentions with hardware acceleration vendors in the early stage. If the project development is too slow, part of the market share may be lost in the early stage. At the same time, there is a risk of failure in ASIC tape-out. Affected by chip manufacturers’ capacity constraints, tape-out failures will force the project to re-schedule tape-out, causing project delays.

Market risk

The ZK project party can be divided into two categories: the privacy category and the expansion category. For privacy projects, using hardware acceleration may reduce the risk of side-channel attacks to some extent, but considering privacy issues, privacy projects will be more cautious in choosing ZK hardware acceleration solutions, such as choosing to purchase hardware directly instead of Not via SaaS service.

Competing project head competition

At present, there are three powerful competitors in the industry, namely Supranational, Ulvantanna, and Auradine.

Supranational

Supranational has entered the GPU-accelerated ZK track since 2019 and recently began to involve the FPGA/ASIC field. Supranational already has a very mature open-source GPU-based acceleration solution, and its performance is at the forefront of the industry. At the same time, we expect that Supranational also has a commercial closed-source solution with better performance. Supranational entered the market earlier, with certain industry resources and good cash flow.

Ulvantanna

The founding team is from Jump Crypto and has received investment from paradigm and bain crypto. Its strength should not be underestimated.

Auradine

Compared with the Senior, the founding team has rich entrepreneurial experience and a platform of top manufacturers and capital.

Other Hardware Acceleration Teams

The rest of the teams, such as Ingonyama and Jump Crypto, entered the track before them, but their performance is not as good as that of SolarMSM at this stage, according to the public data.

ZK project internal hardware acceleration team

At present, in addition to dedicated hardware acceleration teams, many ZK project parties are also exploring hardware acceleration solutions internally, such as zkSync and Scroll.

zkSync

zkSync chooses GPU/FPGA acceleration solution. According to the published results on ZPrice, zkSync’s GPU solution takes 2.528 seconds when the input scale is 2²⁶ MSM. This performance is less than one-tenth of the Cysic SolarMSM solution (2³⁰ MSM calculation takes less than 1 second).

Scroll

Scroll has been researched internally for GPU-based acceleration. At the same time, Scroll and some academic institutions are cooperating to explore better solutions, and their latest academic research results were published at ASPLOS 2023, the top conference in the field of computer architecture [3]. As the leading zkEVM project, it is worth looking forward to and tracking their follow-up progress.

References

[1] PipeZK: Accelerating Zero-Knowledge Proof with a Pipelined Architecture, ZhangYe

[2] FPGA Acceleration of Multi-Scalar Multiplication: CycloneMSM, JumpCrypto

[3] GZKP: A GPU Accelerated Zero-Knowledge ProofSystem

DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Join us to keep track of news: https://linktr.ee/coincu

Harold

Coincu News