Paper 2024/057
Elastic MSM: A Fast, Elastic and Modular Preprocessing Technique for Multi-Scalar Multiplication Algorithm on GPUs
Abstract
Zero-knowledge proof (ZKP) is a cryptographic primitive that enables a prover to convince a verifier that a statement is true, without revealing any other information beyond the correctness of the statement itself. Due to its powerful capabilities, its most practical type, called zero-knowledge Succinct Non-interactive ARgument of Knowledge (zkSNARK), has been widely deployed in various privacy preserving applications such as cryptocurrencies and verifiable computation. Although state-of-the-art zkSNARKs are highly efficient for the verifier, the computational overhead for the prover is still orders of magnitude too high to warrant use in many applications. This overhead arises from several time-consuming operations, including large-scale matrix-vector multiplication (MUL), number-theoretic transform (NTT), and especially the multi-scalar multiplication (MSM) which constitutes the largest proportion. Therefore, further efficiency improvements are needed. In this paper, we focus on comprehensive optimization of running time and storage space required by the MSM algorithm on GPUs. Specifically, we propose a novel, modular and adaptive parameter configuration technique—elastic MSM to enable us to adjust the scale of MSM according to our own wishes by performing a corresponding amount of preprocessing. This technique enables us to fully unleash the potential of various efficient parallel MSM algorithms. We have implemented and tested elastic MSM over three prevailing parallel Pippenger algorithms on GPUs. Given a range of practical parameters, across various preprocessing space limitations (across various MSM scales), our constructions achieve up to about 90%, 8% and 36% (2.58×, 39% and 91%) speedup versus three state-of-the-art parallel Pippenger algorithms on GPUs, respectively. From another perspective, elastic MSM could also be regarded as a preprocessing technique over the well-known Pippenger algorithm, which is modular and could be used to accelerate almost all the most advanced parallel Pippenger algorithms on GPUs. Meanwhile, elastic MSM provides an adaptive trade-off between the running time and the extra storage space needed by parallel Pippenger algorithms on GPUs. This is the first preprocessing technique to retain the improved MSM computation brought by preprocessing under varying storage space limitations. Specifically, given a range of practical parameters, across various preprocessing space limitations (across various MSM scales), our constructions achieve up to about 192× and 223× (159× and 174×) speedup versus two state-of-the-art preprocessing parallel Pippenger algorithms on GPUs, respectively.
Metadata
- Available format(s)
-
PDF
- Category
- Implementation
- Publication info
- Preprint.
- Keywords
- Zero-Knowledge ProofMulti-Scalar Multiplication (MSM)Parallel AlgorithmGraphics Processing Unit (GPU)
- Contact author(s)
-
zhuxudong @ iie ac cn
hehaoqi @ iie ac cn
yangzhengbang @ iie ac cn
deng @ iie ac cn
zhaolutan @ iie ac cn
hourui @ iie ac cn - History
- 2024-04-15: last of 2 revisions
- 2024-01-15: received
- See all versions
- Short URL
- https://ia.cr/2024/057
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2024/057,
author = {Xudong Zhu and Haoqi He and Zhengbang Yang and Yi Deng and Lutan Zhao and Rui Hou},
title = {Elastic MSM: A Fast, Elastic and Modular Preprocessing Technique for Multi-Scalar Multiplication Algorithm on GPUs},
howpublished = {Cryptology ePrint Archive, Paper 2024/057},
year = {2024},
note = {\url{https://eprint.iacr.org/2024/057}},
url = {https://eprint.iacr.org/2024/057}
}
