spaceandtimefdn / blitzar

Space and Time C++ library for accelerating cryptographic zero-knowledge proofs algorithms on the CPU and GPU. Report Bug | Request a Feature Background Blitzar was created by the core cryptography team at Space and Time to accelerate Proof of SQL, a novel zero-knowledge proof for SQL operations. After surveying our options for a GPU acceleration framework, we realized that Proof of SQL needed something better… so we built Blitzar. Now, Proof of SQL can execute analytic queries on 1M+ rows in less than a second, and it’s only getting faster. We’ve open-sourced Blitzar to provide the Web3 community with a faster and more robust framework for building GPU-accelerated ZK proofs. We’re excited to open the project to community contributions to expand the scope of Blitzar and lay the foundation for the next wave of lightning fast ZK proofs. Overview Blitzar is a C++ library for accelerating cryptographic zero-knowledge proof algorithms on the CPU and GPU. > **Note** > This repo contains the C++ implementation along with cbindings and a Rust sys-crate. If you are using Rust, use the crate from the companion blitzar-rs repo. The library provides • Functions for doing group operations on Curve-25519, Ristretto25519, bls12-381 G1, bn254 G1 and Grumpkin elements. • An implementation of Inner Product Argument Protocol for producing and verifying a compact proof of the inner product of two vectors. • A sys-crate and bindings to make commitment computations usable from Rust. The library is adopted from code in the libsodium and zkcrypto projects. It extends both project's cryptographic functions to support CUDA so that they are usable on GPUs. Installation We provide prebuilt binaries for glibc-based, x86-64 linux distributions. Dependencies are statically linked and set to have internal linkage with export maps to ensure portability. The only run-time dependency to use GPU acceleration is an up-to-date GPU driver. For most users, we recommend installing with cargo via blitzar-rs. Alternatively, users that want to use the c api directly can download the shared library and header file from the github release. Computational Backends Although the primary goal of this library is to provide GPU acceleration for cryptographic ZK proof algorithms, the library also provides CPU support for the sake of testing. The following backends are supported: | Backend | Implementation | Target Hardware | | :--- | :--- | :--- | | | Serial | x86 capable CPUs | | | Parallel | Nvidia CUDA capable GPUs | Cryptographic Primitives Multi-Scalar Multiplication (MSM) / Generalized Pedersen Commitment / Multiexponentiation Blitzar provides an implementation of Multi-Scalar Multiplication (i.e. generalized Pedersen commitments). Let $g_0\ldots g_n\in \mathbb{G}$ be elements of a group (with prime order), and let $a_0\ldots a_n\in\mathbb{F}$ be elements of the corresponding scalar field. (i.e. the field $\mathbb{F}_p$ where $p$ is the order of the group.) Then, the Generalized Pedersen Commitment of the vector $\mathbf{a}=(a_1,\ldots, a_n)$ is Note: we interchangeably use the terms "multi-scalar multiplication" and "multiexponentiation" to refer to the this operation because when the group is written additively, the operation is a multi-scalar multiplication, and when the group is written multiplicatively, the operation is a multiexponentiation. The Blitzar implementation allows for computation of multiple, potentially different length, MSMs simultaneously. Additionally, either built-in, precomputed, generators $g_n$ can be used, or they can be provided as needed. Currently, Blitzar supports group elements from the Curve25519, bls12-381 G1, bn254-381 G1, and Grumpkin curves. Inner Product Argument Blitzar provides a modified implementation of an inner product argument (e.g. Bulletproofs and Halo2). Given generators $g_1, \ldots, g_n$; Pedersen commitment $P$; scalar $c$; and vectors $\mathbf{a}=(a_1,\ldots, a_n)$ and $\mathbf{b}=(b_1,\ldots, b_n)$; Blitzar's version of the inner product proof allows a Prover to establish that where it is assumed that $\boldsymbol{g}$, $\boldsymbol{b}$, and $c$ are known to both the Prover and Verifier. This version of the inner product argument can be used in the context of a broader protocol. Other Features to Come If there is a particular feature that you would like to see, please reach out. Blitzar is a community-first project, and we want to hear from you. Performance (associated commit hash) Benchmarks are run against four different types of GPU: • Nvidia T4 - Standard_NC4as_T4_v3 • Nvidia T4 x4 - Standard_NC16as_T4_v3 • Nvidia A100 - Standard_NC24ads_A100_v4 • Nvidia A100 x4 - Standard_NC96ads_A100_v4 Expand to see the multi-scalar multiplication / generalized Pedersen commitment results The subsequent outcomes are derived from the preceding benchmark execution of the Pedersen commitment, during which the number of sequences, bytes per element, sequence length, and GPU type were varied. Getting Started See the example folder for some examples. Prerequisites to build from source Build environment Prerequisites: • Linux instance. • Nix with flake support (check out The Determinate Nix Installer). • Nvidia GPU capable of running CUDA 12.6 code. From your terminal, run the following command in the root of the source directory to set up a build environment. Note: if this is the first time, it may take a while as we build a clang compiler from source. Usage Building and Testing the C++/CUDA code: Note: some tests will fail in case you don't have a GPU available. Building and Testing the Rust Sys-Crate code: Although possible, this sys-crate is not meant to be used directly by Rust users. Instead, consider using the blitzar-rs, which is a high-level wrapper around this sys-crate. Note: the shared library byproduct of the C++/CUDA code is automatically copied to the Rust sys-crate under the directory. Add to your project You can find release ready v…