Equilibrium Infra Bulletin #25: Enhancing Client Side Proving, GPU-EVM, State of Light Clients and more...

Equilibrium Labs builds the state-of-the-art of decentralized infrastructure. We are a global team of ~30 people who tackle challenges around security, privacy, and scaling.

🔍 Faster Client-Side Proving with Parallelism

⚡️ Topic Summary

• Most privacy protocols use a variation of the UTXO model and rely on client-side proving where the user generates proof of correct execution locally on their device, rather than outsourcing proving to a specialised third-party (for more info, see this post by Lisa from Aztec). While this ensures maximal confidentiality, it comes at the expense of performance - partly from using consumer-grade hardware for proof generation, and partly from running the prover in a browser environment (WASM) rather than natively.

• In Penumbra’s case, their Rust-based prover code is compiled to WASM and executed in-browser. This leads to a slowdown on the order of 25-30x compared to the native Rust counterpart due to two main reasons:

  1. Native Rust code can use Rayon to parallelize computations across multiple threads, while WASM cannot.

  2. Penumbra utilizes Arkworks for generating proofs, which internally uses 64-bit limbs (128-bit multiplier). While Native Rust supports a 128-bit multiplier, WASM only supports a 64-bit one, leading to significant emulation blowup costs when lowered to WASM.

• Recent improvements from Penumbra enable more parallelization when constructing a transaction. Decoupling individual actions (state changes performed by a transaction) from the transaction plan (a declarative and complete plaintext description of the proposed transaction) enables multi-threading, where different web workers focus on generating ZKPs that together constitute the transaction. In addition, with optimistic proving the protocol can start generating the ZKPs while the user still reviews the transaction (signing and proving can be done in parallel) and submit instantly upon approval. As long as proving is faster than the time it takes the user to review the transaction, the perceived proving speed is instant (not there yet).

Transactions in Penumbra are modeled by the transaction plan, which generates ZKPs for each action, performs the proper state changes, and constructs a fully formed transaction (source).

🤔 Our Thoughts

• The two extreme ends of ZK proof generation are client-side proving (privacy) and outsourcing it to a specialized third-party prover (performance). Even though client-side proving compromises some performance for privacy, it’s likely to remain an important component of privacy chains for the foreseeable future. Hence, any effort to improve it makes the experience for end users smoother and faster. We feel strongly about the importance of privacy in blockchain networks but also acknowledge that widespread adoption won’t come without seamless UX and costs comparable to the transparent counterparts.

  

  Overview of the tradeoff-space for generating ZKPs (source)

• There are many other efforts that push the frontier of client-side proving and help us move in the right direction. For example, the previous ZPrize provided impressive results for accelerating both multi-scalar multiplication (MSM) on mobile (a key bottleneck for mobile-based proving) and elliptic curve operations and finite field arithmetic in a WASM runtime. In addition, the winners for the most recent ZPrize were just announced, including the acceleration of WebGPU MSM. All of the work from ZPrize is open-sourced.

• Besides all the efforts around speeding up client-side proving, there is also an increasing focus on solutions that enable outsourcing the proving for private transactions. This would allow us to benefit from more powerful and specialized proving hardware, even though it sacrifices some privacy guarantees. One example is Taceo, who is building a private-proof market where the ZKP is generated inside an MPC protocol. This way no single prover sees the entire information, but it does add some communication overhead.

Overview of Taceo’s proposed solution using MPC to outsource private proof computation (source)

💡 Research, Articles & Other Things of Interest

📚 GatlingX announces GPU-EVM - a highly parallelized EVM implementation that looks promising from early benchmarks.

📚 State of Light Clients In 2024 - our summary table of existing light client implementations along with some links to additional reading.

📚 FHE: Flawed Homomorphic Encryption - a report by Big Brain Holdings that contains five areas of improvement (“calls to action”) in the FHE space.

📚 A recent update of Zama’s TFHE-rs adds ZKP for encryption correctness.

📚 NIM introduces Ligetron 1.0, which was used to generate the first proof of the Llama2 7bn parameter model.

🤌 Personal Recommendations From Our Team

📚 Reading: How bad policy favors memes over matter: Chris Dixon’s recent op-ed expands on how the lack of clarity around regulation leads to confusion among crypto-entrepreneurs.

🎧 Listening: GoGo Penguin - From the North: A live show from Manchester, with GoGo Penguin presenting their new EP “From the North”.

💡 Other: A bill just passed that gives NSA access to every US company's backend. Not a good day for privacy advocates.