# February 16, 2023

Feb 16，2023 ｜ Siyuan Han

Cysic is a leading ZK-hardware acceleration project dedicated to designing advanced ASIC chips to reduce ZK proof generation time for zk-based systems. Cysic has assembled a top-notch hardware design R&D team and completed the FPGA-based POC design work. According to the POC results, Cysic’s ZK hardware acceleration capability is already in the top-tier position.

ABCDE invested in Cysic in the seed round, along with Polychain, A&T. Hashkey, and Web3.com Venture.

**1.** **Why we need Hardware Acceleration for ZK.**

ZK proof generation is the most important Phase for ZK-based projects. Unfortunately, with existing ZK proof systems, generating ZK proofs usually requires significant computation. As the complexity of the project increases and the size of the ZK circuit grows, the amount of computation required for ZK proof generation increases exponentially. For example, ZK proof generation for large zkEVM/zkVM projects such as Scroll, zkSync, etc., requires up to several hours or even days of computation per L2 block if it is computed entirely by the CPU. To meet the project design goals, most ZK-based projects need to limit ZK proof generation to seconds or minutes. Therefore, the current proof generation computation time is completely unacceptable for most ZK projects, especially scaling projects.

Theoretically, it is difficult to reduce the computational complexity of ZK proof generation in the time window of the next 2–3 years. Therefore, in order to guarantee the availability of the project, the ZK project team needs to adopt the technical solution of “accelerated ZK proof generation” to reduce the ZK proof generation time to the second and minute level before the project is officially launched. Currently, the preferred option is to accelerate ZK proof generation through high-performance hardware.

**Accelerate what?**

In the process of ZK proof generation, the main time-consuming computations can be divided into two components, 1. polynomial-based NTT (Number Theoretic Transform) computation and 2. MSM (Multi-Scalar Multiplication) computation on elliptic curves, as shown in the figure below [1]. In general, the NTT type of computation tasks account for about 25% of the overall proof generation computation, and the MSM type of computation tasks account for about 60–70% of the computation tasks in the whole process [2].

Fortunately, these two types of computational tasks are: 1. relatively simple in logic, 2. many repetitions of the same computational logic, and 3. parallelizable (similar to Bitcoin mining calculations). Therefore, it is feasible to use dedicated high-performance hardware to accelerate these two types of computations.

As shown in the figure below, we can see that the NTT computation (top left part) and the MSM computation (right side) are lightly coupled in the workflow. Therefore, ZK projects can choose to accelerate NTT alone or MSM alone, or accelerate NTT and MSM as a coherent unit, depending on the requirements.

General workflow of ZK proof generation[1]

Note 1: The above image is from Scroll co-founder Zhang Ye’s paper, “PipeZK: Accelerating Zero-Knowledge Proof with a Pipelined Architecture.” This is one of the first papers in the industry to study ZK hardware acceleration.

Note 2: In several papers and articles, it is claimed that the most time-consuming computations during the ZK proof generation are the FFT (Fast Fourier Transform) and MSM. Although the principles of FFT and NTT are similar, in practice the computation should be NTT since the cryptographic computation involved in ZK is mostly performed on Finite Field. We use NTT as the one used in most academic papers [1][2][3].

**Via what hardware?**

Like the mining solution, the current ZK hardware acceleration solution can be implemented with three types of hardware: GPUs, FPGAs, and ASICs. Currently, there are two main hardware acceleration solutions available on the market: GPU and FPGA. GPU and FPGA solutions are relatively simple and easy to implement, and most vendors implement GPU and FPGA-based solutions first in order to capture the market faster. However, due to the high hardware cost, high power consumption, and limited upper bound performance of GPU and FPGA compared to ASIC chips, the future of ZK hardware acceleration will also eventually tend toward ASIC solutions.

**How Hardware Acceleration Serves ZK Projects**

Hardware acceleration providers can offer ZK hardware acceleration services in two ways.

1. providing acceleration services by providing SaaS APIs

2. provide acceleration services by selling hardware (complete machines or chips).

As we mentioned above, NTT and MSM calculations are lightly coupled during the ZK proofs generation. Therefore, depending on the granularity of the service, hardware acceleration providers can offer the following three services:

1. Dedicated NTT acceleration (dedicated NTT acceleration API or hardware device)

2. Dedicated MSM acceleration (dedicated MSM acceleration API or hardware device)

3. An all-in-one acceleration solution, accelerating both NTT and MSM

**Differences in Hardware Acceleration Providers**

NTT and MSM computing problems have been extensively studied for years. It is difficult for the major providers to achieve a Theoretical breakthrough in a short period of time. Therefore, the technical differences between providers lie more in engineering implementation capabilities, the ability to control the details of the algorithms, the choice of technology stack (hardware), cost control of hardware production, and product design capabilities. When choosing an acceleration vendor, customers focus on the following three factors:

1. the performance of the hardware/service; the computation time for the same computational task.

2. the cost of hardware acceleration, computational cost for the same computational task.

3. the ease-of-use of the API or device.

**2. Why we invest in Cysic**

Cysic was founded in late August 2022 by Leo Fan and Bowen Huang, and its main goal is to provide hardware acceleration of the ZK proof generation process for ZK projects. The founding team is currently based primarily in the Eastern US, California, and China. The founding members’ backgrounds are mainly from PhDs in computer science departments at Top 20 universities in the US and chip design teams at the Institute of Computing, Chinese Academy of Sciences. Currently, the project has implemented the POC verification of FPGA-based MSM computation, codenamed SolarMSM, while the development of acceleration for NTT computation is in progress. At this stage, SolarMSM will provide services to the partners through SaaS APIs. Cysic has reached a cooperative agreement with several leading ZK projects and will provide them with testing services soon. According to the corroboration of several authorities in the industry, SolarMSM is the top-tier of the industry for accelerating MSM computation.

**The founding team**

The two Co-founders have strong technical backgrounds as experts in cryptography and hardware design, respectively. Dr. Fan graduated from Cornell University, supervised by internationally renowned cryptography professor Elaine Shi, and worked as a cryptography researcher at Algorand before joining Rutgers University as an assistant professor.

The other co-founder, Bowen Huang, worked at the Institute of Computing, Chinese Academy of Sciences (CAS), for 6 years and went to Yale University for his PhD before founding Cysic. He has previously participated in the chip development of several other well-known large technology companies and has landed several patents and designs.

**POC Results**

Currently, Cysic has implemented POC design work for a FPGA-based MSM acceleration solution based on the public version of Xilinx, codenamed SolarMSM. In the POC verification, SolarMSM outperformed the first-place results made public in ZPrize by 1–2 orders of magnitude. For an input size of 2³⁰ MSM computation tasks, SolarMSM can accelerate it to less than one second [2]. This is currently the most powerful of all the industry’s publicly available data results and is 1–2 orders of magnitude higher than the performance of the ZPrize competition winner.

The fast implementation of SolarMSM demonstrates:

1. The efficient R&D strength and technical capability of the Cysic team. They can design and implement systems with 1–2 orders of magnitude higher performance than ZPrize’s current best result in a short time, demonstrating an overwhelming performance advantage.

2. The Cysic team’s robust supply chain integration management capability. They were able to deliver the PCB, heat sink, power supply, PCIE connectors, and chassis in 2–3 months despite all the parallel customization, which is basically 2–3 times faster than the industry standard.

At the same time, this phase of the POC is also an internal validation of Cysic‘s design and R&D work. The error-correction cost of the ASIC chip is higher compared to the FPGA solution. Adequate real-world verification through SolarMSM at high bandwidth, high power consumption, and high interconnect levels can greatly reduce the risk of future ASIC chip errors.

**Technical Roadmap**

Cysic team plans to provide a full suite of ASIC hardware acceleration solutions, Including MSM, NTT and other components for the ZKP generation. Currently, the project is following a two-phase development strategy.

**Phase 1: FPGA-based POC**

In the first phase, Cysic will implement a FPGA-based POC accelerator for the MSM and NTT computers, called SolarMSM. Currently, the MSM computation acceleration part has been completed, and for 2³⁰ scale MSM computation, it can be completed in less than one second, which is the highest performance among all publicly available FPGA-MSM hardware acceleration results and more than 1–2 orders of magnitude ahead of the competitor. If there are no dark horses, SolarMSM will hold the highest performance record for MSM hardware acceleration until their ASIC chip is available. Cysic has already made partnerships with several ZK-leading projects and will provide MSM acceleration services to them first.

In the coming months, Cysic plans to complete the NTT computation acceleration module SolarNTT on top of SolarMSM. SolarNTT will be deployed on the same server as SolarMSM, based on the same large-scale FPGA interconnect system for accelerated computing. The two implementations will be integrated through a high-speed interconnect architecture into a complete ZK acceleration solution, SolarZKP, which will provide services to the partners through SaaS APIs.

**Phase 2: 12nm ASIC**

After the POC phase, Cysic will start the 12nm ASIC development phase. The goal is to achieve a single ASIC chip with the computing power of an entire SolarZKP (supporting both MSM and NTT computing and other core functions as specified by collaborative ZK projects) while reducing the power consumption of a single chip by two orders of magnitude.

**3.** **Market Analysis**

**How customers will choose hardware acceleration solutions**

In practice, different ZK customers have different needs for hardware acceleration, depending on how sensitive the ZK project is to proof generation time. For example:

l For zkEVM/zkVM-based Layer-2 projects, their core requirement is the fast, stable generation of ZK proofs. Therefore, they will prefer faster and more stable integrated acceleration solutions.

l For some ZK projects that are not sensitive to ZK proof generation time, they do not need to generate proofs at the fastest speed, such as property proofs for exchanges. In this case, customers can choose, for example, MSM calculation acceleration alone, or they can combine MSM calculation and NTT calculation from different service providers to find the best price within a reasonable amount of time.

We think that in the future, tools will come out on the market that combine different hardware acceleration solutions from different vendors to help customers come up with the best solutions.

**4.** **Project Risks**

Currently, there are several companies competing in the field of ZK hardware acceleration. There are project development delay risks and market risks for ASIC-based ZK hardware acceleration projects.

**Project Development Risk**

The relationship between the ZK project owner and the ZK hardware acceleration manufacturer is one of cooperation and mutual achievement. As the ZK project, it will first choose the first available hardware acceleration solution to capture the market share of the ZK project itself. For zkEVM/zkVM projects, the ability to provide stable L2 block proofs is one of the most important considerations. Therefore, some ZK project parties will enter long-term partnerships with hardware acceleration manufacturers early on. If the project is developed too slowly, it may lose some of its market share in the early stages. At the same time, there is a risk of failure in the ASIC flow. Due to the chip manufacturer’s capacity constraints, a failed flow can force the project to go through a new round of flow scheduling, causing delays.

**Market Risk**

ZK project parties can be divided into two categories: privacy projects and scaling projects. For privacy projects, although using hardware acceleration may somehow lower the risk of side-channel attacks, they could be more cautious when choosing ZK hardware acceleration solutions, considering the privacy issue, like preferring to buy hardware instead of SaaS APIs.

**5.** **Competitors**

**Top-tier Competitors**

There are currently three strong competitors in the industry, Supranational, Ulvantanna, and Auradine.

**Supranational**

Supranational has been on the GPU acceleration ZK track since 2019 and has recently started to involve in the FPGA/ASIC field. Supranational already has a mature open-source GPU acceleration solution with industry-leading performance. At the same time, we expect Supranational to have a commercial closed-source solution with better performance. Supranational entered the market early and has some industry resources and good cash flow.

**Ulvantanna**

The founding team is from Jump crypto and has received investment from paradigm and bain crypto.

**Auradine**

The founding team is more senior, with rich experience in entrepreneurship, and has the endorsement of the top manufacturers and investors.

**Other Competitors**

The remaining teams, such as Ingonyama and Jump crypto, entered the area before Cysic, but currently do not perform as well as SolarMSM at this stage, according to public data.

**Internal research in ZK projects**

Currently, in addition to dedicated hardware acceleration teams, many ZK projects are also exploring hardware acceleration solutions internally, such as zkSync and Scroll.

**zkSync**

zkSync choses a GPU/FPGA acceleration solution. According to the results publicly available on ZPrice, zkSync’s GPU solution takes 2.528 seconds to compute the input scale of 2²⁶ MSM. This performance is less than one-tenth that of the Cysic SolarMSM solution (2³⁰ MSM takes less than 1 second).

**Scroll**

Scroll has conducted research on GPU-based acceleration internally. Meanwhile, Scroll is collaborating with several academic institutions to explore tuning solutions. Their latest academic research result is published in ASPLOS 2023, the top conference in the field of computer architecture [3]. As the leading zkEVM project, it is worth expecting and tracking their subsequent progress.

**References**

[1] PipeZK: Accelerating Zero-Knowledge Proof with a Pipelined Architecture, Zhang Ye

[2] FPGA Acceleration of Multi-Scalar Multiplication: CycloneMSM, Jump Crypto

[3] GZKP: A GPU Accelerated Zero-Knowledge Proof System

**About ABCDE：**

ABCDE is a VC focused on lead-investing in top Crypto Builders. It is co-founded by entrepreneurs, CEOs of listed companies, and top researchers who have been in the Crypto industry for more than 10 years. The co-founders of ABCDE have built multi-billion dollar companies in the Crypto from the ground up. Because we are builders, we understand builders better. Moreover, we have built an end-to-end ecosystem for our builders, including listed companies(1611.HK), exchanges(Huobi), SAAS companies(ChainUP.com), media(CoinTime.com), and developers platforms(BeWater.xyz). If you are a builder with the dream of changing the world, join us to build the next generation crypto network.

Twitter：https://twitter.com/ABCDECapital