ACM Digital Library home
ACM home
Advanced Search
10.1109/ISCA52012.2021.00040acmconferencesArticle/Chapter ViewAbstractPublication PagesiscaConference Proceedingsconference-collections
research-article

PipeZK: accelerating zero-knowledge proof with a pipelined architecture

Authors Info & Claims
ISCA '21: Proceedings of the 48th Annual International Symposium on Computer ArchitectureJune 2021 Pages 416–428https://doi.org/10.1109/ISCA52012.2021.00040
Published:25 November 2021Publication History
  • 2citation
  • 97
  • Downloads
Metrics
Total Citations2
Total Downloads97
Last 12 Months97
Last 6 weeks8

ISCA '21: Proceedings of the 48th Annual International Symposium on Computer Architecture

PipeZK: accelerating zero-knowledge proof with a pipelined architecture
Pages 416–428
PreviousChapterNextChapter

ABSTRACT

Zero-knowledge proof (ZKP) is a promising cryptographic protocol for both computation integrity and privacy. It can be used in many privacy-preserving applications including verifiable cloud outsourcing and blockchains. The major obstacle of using ZKP in practice is its time-consuming step for proof generation, which consists of large-size polynomial computations and multi-scalar multiplications on elliptic curves. To efficiently and practically support ZKP in real-world applications, we propose PipeZK, a pipelined accelerator with two subsystems to handle the aforementioned two intensive compute tasks, respectively. The first subsystem uses a novel dataflow to decompose large kernels into smaller ones that execute on bandwidth-efficient hardware modules, with optimized off-chip memory accesses and on-chip compute resources. The second subsystem adopts a lightweight dynamic work dispatch mechanism to share the heavy processing units, with minimized resource underutilization and load imbalance. When evaluated in 28 nm, PipeZK can achieve 10x speedup on standard cryptographic benchmarks, and 5x on a widely-used cryptocurrency application, Zcash.

References

  1. "barrywhitehat. roll_up: Scale ethereum with snarks," https://github.com/barryWhiteHat/roll_up/.Google ScholarGoogle Scholar
  2. "bellman: a crate for building zk-snark circuits," https://github.com/zkcrypto/bellman.Google ScholarGoogle Scholar
  3. "bellperson: Gpu parallel acceleration for zk-snark," https://github.com/filecoin-project/bellperson.Google ScholarGoogle Scholar
  4. "Filecoin company," https://filecoin.io/.Google ScholarGoogle Scholar
  5. "Fpga snark prover targeting the bn128 curve," https://github.com/bsdevlin/fpga_snark_prover.Google ScholarGoogle Scholar
  6. "Gpu groth16 prover," https://github.com/CodaProtocol/gpu-groth16-prover-3x.Google ScholarGoogle Scholar
  7. "J.p. morgan quorum," https://www.goquorum.com/.Google ScholarGoogle Scholar
  8. "jsnark: A java library for building snarks," https://github.com/akosba/jsnark.Google ScholarGoogle Scholar
  9. "libsnark: a c++ library for zksnark proofs," https://github.com/scipr-lab/libsnark.Google ScholarGoogle Scholar
  10. "Qed-it," https://qed-it.com/.Google ScholarGoogle Scholar
  11. "The snark challenge: A global competition to speed up the snark prover," https://coinlist.co/build/coda.Google ScholarGoogle Scholar
  12. "Zcash company," https://z.cash/.Google ScholarGoogle Scholar
  13. "Ieee standard specifications for public-key cryptography," IEEE Std 1363-2000, pp. 1--228, 2000.Google ScholarGoogle Scholar
  14. H. Alrimeih and D. Rakhmatov, "Fast and flexible hardware support for ecc over multiple standard prime fields," IEEE Transactions on Very Large Scale Integration (VLSI) Systems, vol. 22, no. 12, pp. 2661--2674, 2014.Google ScholarGoogle ScholarCross RefCross Ref
  15. B. Baldwin, R. R. Goundar, M. Hamilton, and W. P. Marnane, "Co-Z ECC scalar multiplications for hardware, software and hardware-software co-design on embedded systems," Journal of Cryptographic Engineering, vol. 2, no. 4, pp. 221--240, 2012.Google ScholarGoogle ScholarCross RefCross Ref
  16. E. Ben-Sasson, I. Bentov, A. Chiesa, A. Gabizon, D. Genkin, M. Hamilis, E. Pergament, M. Riabzev, M. Silberstein, E. Tromer et al., "Computational integrity with a public random string from quasi-linear pcps," in Annual International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 2017, pp. 551--579.Google ScholarGoogle Scholar
  17. E. Ben-Sasson, A. Chiesa, and N. Spooner, "Interactive oracle proofs," in Theory of Cryptography Conference. Springer, 2016, pp. 31--60. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. N. Bitansky, A. Chiesa, Y. Ishai, O. Paneth, and R. Ostrovsky, "Succinct non-interactive arguments via linear interactive proofs," in Theory of Cryptography Conference. Springer, 2013, pp. 315--333. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. D. Catalano and D. Fiore, "Vector commitments and their applications," in International Workshop on Public Key Cryptography. Springer, 2013, pp. 55--72.Google ScholarGoogle Scholar
  20. A. Chiesa, Y. Hu, M. Maller, P. Mishra, N. Vesely, and N. Ward, "Marlin: Preprocessing zksnarks with universal and updatable srs," in Annual International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 2020, pp. 738--768.Google ScholarGoogle Scholar
  21. E. Chu and A. George, Inside the FFT black box: serial and parallel fast Fourier transform algorithms. CRC press, 1999.Google ScholarGoogle Scholar
  22. G. Danezis, C. Fournet, M. Kohlweiss, and B. Parno, "Pinocchio coin: building zerocoin from a succinct pairing-based proof system," in Proceedings of the First ACM workshop on Language support for privacy-enhancing technologies. ACM, 2013, pp. 27--30. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. A. Delignat-Lavaud, C. Fournet, M. Kohlweiss, and B. Parno, "Cinderella: Turning shabby x. 509 certificates into elegant anonymous credentials with the magic of verifiable computation," in 2016 IEEE Symposium on Security and Privacy (SP). IEEE, 2016, pp. 235--254.Google ScholarGoogle Scholar
  24. B. Fisch, J. Bonneau, N. Greco, and J. Benet, "Scaling proof-of-replication for filecoin mining," Benet//Technical report, Stanford University, 2018.Google ScholarGoogle Scholar
  25. A. Gabizon, Z. J. Williamson, and O. Ciobotaru, "Plonk: Permutations over lagrange-bases for oecumenical noninteractive arguments of knowledge." IACR Cryptol. ePrint Arch., vol. 2019, p. 953, 2019.Google ScholarGoogle Scholar
  26. H. S. Galal and A. M. Youssef, "Verifiable sealed-bid auction on the ethereum blockchain," in International Conference on Financial Cryptography and Data Security. Springer, 2018, pp. 265--278.Google ScholarGoogle Scholar
  27. R. Gennaro, C. Gentry, and B. Parno, "Non-interactive verifiable computing: Outsourcing computation to untrusted workers," in Annual Cryptology Conference. Springer, 2010, pp. 465--482. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. R. Gennaro, C. Gentry, B. Parno, and M. Raykova, "Quadratic span programs and succinct nizks without pcps," in Annual International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 2013, pp. 626--645.Google ScholarGoogle Scholar
  29. C. Gentry, "Fully homomorphic encryption using ideal lattices," in Proceedings of the forty-first annual ACM symposium on Theory of computing, 2009, pp. 169--178. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. S. Goldwasser, S. Micali, and C. Rackoff, "The knowledge complexity of interactive proof systems," SIAM Journal on computing, vol. 18, no. 1, pp. 186--208, 1989. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. D. M. Gordon, "A survey of fast exponentiation methods," Journal of algorithms, vol. 27, no. 1, pp. 129--146, 1998. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. J. Groth, "On the size of pairing-based non-interactive arguments," in Annual International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 2016, pp. 305--326.Google ScholarGoogle Scholar
  33. D. Hankerson and A. Menezes, Elliptic curve cryptography. Springer, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. S. He and M. Torkelson, "A new approach to pipeline fft processor," in Proceedings of International Conference on Parallel Processing. IEEE, 1996, pp. 766--770. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. D. Hopwood, S. Bowe, T. Hornby, and N. Wilcox, "Zcash protocol specification," GitHub: San Francisco, CA, USA, 2016.Google ScholarGoogle Scholar
  36. K. Javeed and X. Wang, "Low latency flexible fpga implementation of point multiplication on elliptic curves over gf (p)," International Journal of Circuit Theory and Applications, vol. 45, no. 2, pp. 214--228, 2017.Google ScholarGoogle ScholarCross RefCross Ref
  37. A. Kosba, A. Miller, E. Shi, Z. Wen, and C. Papamanthou, "Hawk: The blockchain model of cryptography and privacy-preserving smart contracts," in 2016 IEEE symposium on security and privacy (SP). IEEE, 2016, pp. 839--858.Google ScholarGoogle Scholar
  38. V. Lyubashevsky, C. Peikert, and O. Regev, "On ideal lattices and learning with errors over rings," in Annual International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 2010, pp. 1--23. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. I. Meckler and E. Shapiro, "Coda: Decentralized cryptocurrency at scale," O (1) Labs whitepaper. May, vol. 10, p. 4, 2018.Google ScholarGoogle Scholar
  40. P. L. Montgomery, "Modular multiplication without trial division," Mathematics of computation, vol. 44, no. 170, pp. 519--521, 1985.Google ScholarGoogle ScholarCross RefCross Ref
  41. G. Orlando and C. Paar, "A scalable gf (p) elliptic curve processor architecture for programmable hardware," in International Workshop on Cryptographic Hardware and Embedded Systems. Springer, 2001, pp. 348--363. Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. B. Parno, J. Howell, C. Gentry, and M. Raykova, "Pinocchio: Nearly practical verifiable computation," in 2013 IEEE Symposium on Security and Privacy. IEEE, 2013, pp. 238--252. Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. N. Pippenger, "On the evaluation of powers and related problems," in 17th Annual Symposium on Foundations of Computer Science (sfcs 1976). IEEE, 1976, pp. 258--263. Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. O. Regev, "On lattices, learning with errors, random linear codes, and cryptography," Journal of the ACM (JACM), vol. 56, no. 6, pp. 1--40, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. M. S. Riazi, K. Laine, B. Pelton, and W. Dai, "HEAX: An Architecture for Computing on Encrypted Data," in Proceedings of the 25th International Conference on Architectural Support for Programming Languages and Operating Systems. ACM, 2020, pp. 1295--1309. Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. S. S. Roy, F. Turan, K. Jarvinen, F. Vercauteren, and I. Verbauwhede, "Fpga-based high-performance parallel architecture for homomorphic computing on encrypted data," in 2019 IEEE International Symposium on High Performance Computer Architecture (HPCA). IEEE, 2019, pp. 387--398.Google ScholarGoogle Scholar
  47. E. B. Sasson, A. Chiesa, C. Garman, M. Green, I. Miers, E. Tromer, and M. Virza, "Zerocash: Decentralized anonymous payments from bitcoin," in 2014 IEEE Symposium on Security and Privacy. IEEE, 2014, pp. 459--474. Google ScholarGoogle ScholarDigital LibraryDigital Library
  48. S. Setty, "Spartan: Efficient and general-purpose zksnarks without trusted setup," in Annual International Cryptology Conference. Springer, 2020, pp. 704--737.Google ScholarGoogle Scholar
  49. T.-W. Sze, "Schönhage-strassen algorithm with mapreduce for multiplying terabit integers," in Proceedings of the 2011 International Workshop on Symbolic-Numeric Computation, 2012, pp. 54--62. Google ScholarGoogle ScholarDigital LibraryDigital Library
  50. H. Wu, W. Zheng, A. Chiesa, R. A. Popa, and I. Stoica, "DIZK: A distributed zero knowledge proof system," in 27th USENIX Security Symposium (USENIX Security 18). Baltimore, MD: USENIX Association, Aug. 2018, pp. 675--692. [Online]. Available: https://www.usenix.org/conference/usenixsecurity18/presentation/wu Google ScholarGoogle ScholarDigital LibraryDigital Library
  51. J. Zhang, Z. Fang, Y. Zhang, and D. Song, "Zero knowledge proofs for decision tree predictions and accuracy," in Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, 2020, pp. 2039--2053. Google ScholarGoogle ScholarDigital LibraryDigital Library
  52. Y. Zhang, D. Genkin, J. Katz, D. Papadopoulos, and C. Papamanthou, "vsql: Verifying arbitrary sql queries over dynamic outsourced databases," in 2017 IEEE Symposium on Security and Privacy (SP). IEEE, 2017, pp. 863--880.Google ScholarGoogle Scholar
  53. Y. Zhang, D. Genkin, J. Katz, D. Papadopoulos, and C. Papamanthou, "A zero-knowledge version of vsql." IACR Cryptol. ePrint Arch., vol. 2017, p. 1146, 2017.Google ScholarGoogle Scholar
  54. Z. Zhao and T.-H. H. Chan, "How to vote privately using bitcoin," in International Conference on Information and Communications Security. Springer, 2015, pp. 82--96.Google ScholarGoogle Scholar

Index Terms

(auto-classified)
  1. PipeZK: accelerating zero-knowledge proof with a pipelined architecture

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in

        Full Access

        Get this Publication

        • Published in

          cover image ACM Conferences
          ISCA '21: Proceedings of the 48th Annual International Symposium on Computer Architecture
          June 2021
          1168 pages
          ISBN:9781450390866

          Publisher

          IEEE Press

          Publication History

          • Published: 25 November 2021

          Qualifiers

          • research-article

          Acceptance Rates

          Overall Acceptance Rate 366 of 2,193 submissions, 17%

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader
        View Table of Contents
        About Cookies On This Site

        We use cookies to ensure that we give you the best experience on our website.

        Learn more

        Got it!