Zero-Knowledge Proofs (ZKPs) have emerged as a powerful tool for secure and privacy-preserving computation. ZKPs enable one party to convince another of a statement's validity without revealing anything else. This capability has profound implications in many domains, including machine learning, blockchain, image authentication, and electronic voting. Despite their potential, ZKPs have seen limited deployment because of their exceptionally high computational overhead, which manifests primarily during proof generation. To mitigate these overheads, a (growing) body of researchers has proposed hardware accelerators and GPU implementations of both kernels and complete protocols. Prior art spans a wide variety of ZKP schemes that vary significantly in computational overhead, proof size, verifier cost, protocol setup, and trust. The latest and widely used ZKP protocols are intentionally designed to balance these trade-offs. One particular challenge in modern ZKP systems is supporting complex, high-degree gates using the SumCheck protocol. We address this challenge with a novel programmable accelerator to efficiently handle arbitrary custom gates via SumCheck. Our accelerator achieves upwards of $1000\times$ geomean speedup over CPU-based SumChecks across a range of gate types. We include this unit in zkPHIRE, a programmable, full-system accelerator that accelerates the HyperPlonk protocol. zkPHIRE achieves $1486\times$ geomean speedup over CPU and $11.87\times$ geomean speedup over the state-of-the-art at iso-area. Together, these results demonstrate compelling performance while scaling to large problem sizes (upwards of $2^{30}$ constraints) and maintaining small proof sizes ($4-5$ KB).

翻译：零知识证明已成为安全与隐私保护计算的重要工具。它能使一方向另一方证明某个陈述的有效性，而无需透露任何额外信息。这一能力在机器学习、区块链、图像认证和电子投票等诸多领域具有深远影响。尽管潜力巨大，零知识证明因其极高的计算开销（主要体现在证明生成阶段）而应用受限。为缓解这些开销，越来越多的研究者提出了针对核心计算及完整协议的硬件加速器和GPU实现方案。现有技术涵盖了多种零知识证明方案，这些方案在计算开销、证明大小、验证成本、协议设置和信任模型等方面差异显著。最新且广泛使用的零知识证明协议在设计上刻意权衡了这些因素。现代零知识证明系统面临的一个特殊挑战，是如何通过SumCheck协议支持复杂的高次门电路。我们提出了一种新型可编程加速器，通过SumCheck高效处理任意自定义门电路，从而应对这一挑战。该加速器在多种门电路类型上，相比基于CPU的SumCheck实现实现了超过1000倍的几何平均加速比。我们将该单元集成至zkPHIRE——一个可编程的全系统加速器，用于加速HyperPlonk协议。zkPHIRE在同等面积下，相比CPU实现了1486倍的几何平均加速比，相比最先进方案实现了11.87倍的几何平均加速比。这些结果表明，zkPHIRE在扩展至大规模问题（约束数高达$2^{30}$量级）并保持小证明体积（$4-5$ KB）的同时，展现出卓越的性能。