Skip to content

Latest commit

 

History

History
343 lines (228 loc) · 13.7 KB

README.md

File metadata and controls

343 lines (228 loc) · 13.7 KB

Blitzar

Build State Twitter Discord Server License C++ Logo OS CPU CUDA

Space and Time C++ library for accelerating cryptographic zero-knowledge proofs algorithms on the CPU and GPU.
Report Bug | Request a Feature

Background

Blitzar was created by the core cryptography team at Space and Time to accelerate Proof of SQL, a novel zero-knowledge proof for SQL operations. After surveying our options for a GPU acceleration framework, we realized that Proof of SQL needed something better… so we built Blitzar. Now, Proof of SQL runs with a 3.2 second proving time against a million-row table on a single GPU, and it’s only getting faster.

We’ve open-sourced Blitzar to provide the Web3 community with a faster and more robust framework for building GPU-accelerated ZK proofs. We’re excited to open the project to community contributions to expand the scope of Blitzar and lay the foundation for the next wave of lightning fast ZK proofs.

Overview

Blitzar is a C++ library for accelerating cryptographic zero-knowledge proof algorithms on the CPU and GPU.

Note
This repo contains the C++ implementation along with cbindings and a Rust sys-crate. If you are using Rust, use the crate from the companion blitzar-rs repo.

The library provides

The library is adopted from code in libsodium and extends libsodium's cryptographic functions to support CUDA so that they are usable on GPUs.

WARNING: This project has not undergone a security audit and is NOT ready for production use.

Installation

We provide prebuilt binaries for glibc-based, x86-64 linux distributions.

Dependencies are statically linked and set to have internal linkage with export maps to ensure portability. The only run-time dependency to use GPU acceleration is an up-to-date GPU driver.

For most users, we recommend installing with cargo via blitzar-rs.

Alternatively, users that want to use the c api directly can download the shared library and header file from the github release.

Computational Backends

Although the primary goal of this library is to provide GPU acceleration for cryptographic ZK proof algorithms, the library also provides CPU support for the sake of testing. The following backends are supported:

Backend Implementation Target Hardware
cpu Serial x86 capable CPUs
gpu Parallel Nvidia CUDA capable GPUs

Cryptographic Primitives

Multi-Scalar Multiplication (MSM) / Generalized Pedersen Commitment / Multiexponentiation

Blitzar provides an implementation of Multi-Scalar Multiplication (i.e. generalized Pedersen commitments)

Let $g_0\ldots g_n\in \mathbb{G}$ be elements of a group (with prime order), and let $a_0\ldots a_n\in\mathbb{F}$ be elements of the corresponding scalar field. (i.e. the field $\mathbb{F}_p$ where $p$ is the order of the group.)

Then, the Generalized Pedersen Commitment of the vector $\mathbf{a}=(a_1,\ldots, a_n)$ is

$$P = a_1\cdot g_1+\cdots+ a_n\cdot g_n$$

Note: we interchangeably use the terms "multi-scalar multiplication" and "multiexponentiation" to refer to the this operation because when the group is written additively, the operation is a multi-scalar multiplication, and when the group is written multiplicatively, the operation is a multiexponentiation.

The Blitzar implementation allows for computation of multiple, potentially different length, MSMs simultaneously. Additionally, either built-in, precomputed, generators $g_n$ can be used, or they can be provided as needed.

Currently, Blitzar supports Curve25519 as the group. We're always working to expand the curves that we support, so check back for updates.

Inner Product Argument

Blitzar provides a modified implementation of an inner product argument (e.g. Bulletproofs and Halo2).

Given generators $g_1, \ldots, g_n$; Pedersen commitment $P$; scalar $c$; and vectors $\mathbf{a}=(a_1,\ldots, a_n)$ and $\mathbf{b}=(b_1,\ldots, b_n)$; Blitzar's version of the inner product proof allows a Prover to establish that

$$\begin{aligned} P &= a_1\cdot g_1+\cdots+ a_n\cdot g_n \\\ c &= \langle \mathbf{a}, \mathbf{b} \rangle = a_1\cdot b_1+\cdots+ a_n\cdot b_n \end{aligned}$$

where it is assumed that $\boldsymbol{g}$, $\boldsymbol{b}$, and $c$ are known to both the Prover and Verifier.

This version of the inner product argument can be used in the context of a broader protocol.

Other Features to Come

If there is a particular feature that you would like to see, please reach out. Blitzar is a community-first project, and we want to hear from you.

Benchmarks are run against four different types of GPU:

Multi-Scalar Multiplication / Generalized Pedersen Commitment Results:

The subsequent outcomes are derived from the preceding benchmark execution of the pedersen commitment, during which the number of sequences, bytes per element, sequence length, and GPU type were varied.

Multiexponentiation Benchmarks

Inner Product Argument Results:

The subsequent outcomes are derived from the preceding benchmark execution of the inner product, during which the number of elements and the type of GPU were changed.

Inner Product Benchmarks

Getting Started

See the example folder for some examples.

Prerequisites to build from source

Build environment

Prerequisites:

From your terminal, run the following command in the root of the source directory to set up a build environment.

nix develop

Note: if this is the first time, it may take a while as we build a clang compiler from source.

Usage

Building and Testing the C++/CUDA code:
nix develop

# build all the code assets
bazel build //...

# run all tests
bazel test //...

# run all memory sanitized tests
bazel test --config=asan //...

Note: some tests will fail in case you don't have a GPU available.

Building and Testing the Rust Sys-Crate code:
nix develop

# run the sys-crate tests
cargo test --manifest-path rust/blitzar-sys/Cargo.toml

Although possible, this sys-crate is not meant to be used directly by Rust users. Instead, consider using the blitzar-rs, which is a high-level wrapper around this sys-crate.

Note: the shared library byproduct of the C++/CUDA code is automatically copied to the Rust sys-crate under the rust/blitzar-sys/ directory.

Add to your project

You can find release ready versions of this library under the release page. You can also build and test the library from source by following the instructions below.

C++ Project:

See the C++ example here: example/cbindings1/main.cc. To run this example, execute:

nix develop

bazel run //example/cbindings1:cbind1

Alternatively, compile this example code with g++:

nix develop

# Build the shared library
bazel build -c opt --config=portable_glibc //cbindings:libblitzar.so

# Compile the C++ example code
g++ example/cbindings1/main.cc -o main -I . -L bazel-bin/cbindings/ -lblitzar

# Execute the example code
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:bazel-bin/cbindings/ ./main
Rust Project:

See the Rust example here: rust/tests/src/main.rs. To run this example, execute:

nix develop

cargo test --manifest-path rust/tests/Cargo.toml

Development Process

The main branch is regularly built and tested, being the only source of truth. Tags are created regularly from automated semantic release executions.

Code format:

This repository follows some C++ formatting rules. To check if your modified code is compliant, run the following commands:

nix develop

./tools/code_format/check_format.py check

./tools/code_format/check_format.py fix

Executing the Benchmarks:

Generalized Pedersen Commitment (MSM):
nix develop

# Usage: benchmark <cpu|gpu> <n> <num_samples> <num_commitments> <element_nbytes> <verbose>
# - n: the size of the multiexponentiation vector (or the sequence length).
# - num_samples: the number of times to run the benchmark.
# - num_commitments: the number of commitments to generate.
# - element_nbytes: the number of bytes of each element in the vector (exponent size).
# - verbose: whether to print the results of each run.
bazel run -c opt //benchmark/multi_commitment:benchmark -- gpu 1000 5 1 32 1
Inner Product Argument:
nix develop

# Usage: benchmark <cpu|gpu> <n> <num_samples>
# - n: the size of the inner product vector (or the sequence length).
# - num_samples: the number of times to run the benchmark.
bazel run -c opt //benchmark/inner_product_proof:benchmark -- gpu 1000 5

Contributing

We're excited to open Blitzar to the community, but are not accepting community Pull Requests yet due to logistic reasons. However, feel free to contribute with any suggestion, idea, or bugfix on our Issues panel. Also, see contribution guide.

Community & support

Join our Discord server to ask questions, discuss features, and for general chat.

License

This project is released under the Apache 2 License.

Rust crate

This repo contains the C++ implementation along with cbindings and a Rust sys-crate. If you are using Rust, use the crate from the companion repo here: https://github.com/spaceandtimelabs/blitzar-rs.