- Winning PoSt per day
- Window PoSt per day
- PoREP per day
- Active miners
To support the amount of constraints needed for Filecoin, we ran a new Powers of Tau Ceremony, increasing the supported number by a factor of 64, over the Ceremony Zcash had run. This allows us to generate proofs of over 100 million constraints, limited only by the size of the parameters which must be distributed.
To support the Phase 2 (circuit-specific) trusted setup for our large circuits, we implemented techniques to dramatically decrease RAM usage, allow for parallelism, and reduce I/O overhead — in order to allow many parties using practical hardware to participate during the 7 weeks the ceremony took place.
The generation of zk-SNARKs quickly became a bottleneck, so the expensive parts (FFT and MultiExponentiation) were implemented on the GPU using OpenCL and CUDA. Because the core operations supporting proof generation are highly parallelizable, we take advantage of modern general-purpose GPU computing to off-loading them from the CPU.
This allows a much higher throughput, while also creating economic efficiency. By moving the parallelizable work to relatively inexpensive parallel processors, we keep main memory and CPU free for the highly-sequential and memory-intensive workloads used to create the data miners must prove.
Low level field arithmetic is the basis of most of the operations performed when generating and verifying zk-SNARKs. The blst library implements the critical parts in assembly and C to get last bits of performance out of the CPU. To ensure these optimizations do not compromise security, this code (even the assembly language!) is undergoing formal verification by Galois.
To improve the verification speed of multiple zk-SNARKs, Batch Verification was implemented. This is a technique that was described in the Zcash Specification Appendix B2, but hadn’t been used yet. This allows to reduce the number of Miller loops (the most expensive operation during verification) that need to be executed to decrease considerably when looking at multiple verifications at once.
- Size of Proof
|Proofs||Time (ms)||Size (kB)|
|Proofs||Time (ms)||Size (kB)|
Even though Batch Verification helped, we needed faster verification, so we implemented SnarkPack. This allows us to aggregate many zk-SNARKs into a single combined proof. Not only does this optimization reduce verification time by a factor of more than 10x at scale — it also reduces chain bandwidth by reducing the average bytes-per-proof which must be submitted to the chain.
In order to accomplish this, we built on the research on the Inner Product Argument — and collaborated with the authors to extend it to support our needs without requiring a new trusted setup. We accomplished this by adapting the techniques to securely apply using two existing Powers of Tau trusted setups. This is a great example of how we have historically had to pick our way through obstacles to the practical realization of groundbreaking scale.
- AMD Ryzen Threadripper 3970X
- 256 GB
- GeForce RTX 3090