It’s a summary of article from Georgios Konstantopoulos and my understanding.

https://www.paradigm.xyz/2022/04/zk-hardware

ZKPs are slow and expensive to produce due to a large number of expensive math operations.

• Outsourced Verifiable Computation

ZKPs allow a third party provider to also output a proof of computational integrity which guarantees the output you received is correct.

• Private Computation

ZKPs allow you to selectively hide some or all inputs around a computational statement.

ZKP is generated like below:

1. Computation Expression

2. Generate proof

The computation in proof generation mostly reside in:

1. MSMs: Multiplications over large vectors of numbers (field or group elements), specifically variable-base and fixed-base multi-scalar multiplications

   • Typically 70% time

   • Vector of 2e25 elements

   • Can be parallel but still slow with hundereds of cores

2. FFTs: Fast Fourier Transforms (FFTs) and Inverse FFTs

   • Typically 30% time

   • Data shuffling

   • Not suitable for computing cluster and need much bandwidth

Mining Market:

• Bitcoin: $15B

• Ethereum: $17B

• ZKP: may be similar size to Bitcoin/Ethereum

1. GPU is the best option from the developer’s perspective, as programming friendliness is very important in industry’s early stage and there are more than 2 million GPU developers worldwide.

2. In the case when cost & power is more important, FPGA is the best option.

3. Once the ZKP mining industry really emerges, ASIC will prevail, just like bitmain’s product.

https://people.iiis.tsinghua.edu.cn/~gaomy/pubs/pipezk.isca21.pdf

https://hackmd.io/@yezhang/S1_KMMbGt#zkEVM

https://www.usenix.org/conference/usenixsecurity18/presentation/wu

https://github.com/ZcashFoundation/zcash-fpga