CryptoDB
OPTIMSM: FPGA hardware accelerator for Zero-Knowledge MSM
| Authors: | |
|---|---|
| Download: | |
| Abstract: | The Multi-Scalar Multiplication (MSM) is the main barrier to accelerating Zero-Knowledge applications. In recent years, hardware acceleration of this algorithm on both FPGA and GPU has become a popular research topic and the subject of a multi-million dollar prize competition (ZPrize). This work presents OPTIMSM: Optimized Processing Through Iterative Multi-Scalar Multiplication. This novel accelerator focuses on the acceleration of the MSM algorithm for any Elliptic Curve (EC) by improving upon the Pippenger algorithm. A new iteration technique is introduced to decouple the required buckets from the window size, resulting in fewer EC computations for the same on-chip memory resources. Furthermore, we combine known optimizations from the literature for the first time to achieve additional latency improvements. Our enhanced MSM implementation significantly reduces computation time, achieving a speedup of up to x12.77 compared to recent FPGA implementations. Specifically, for the BLS12-381 curve, we reduce the computation time for an MSM of size 224 to 914 ms using a single compute unit on the U55C FPGA or to 231 ms using four U55C devices. These results indicate a substantial improvement in efficiency, paving the way for more scalable and efficient Zero-Knowledge proof systems. |
BibTeX
@article{tches-2025-35235,
title={OPTIMSM: FPGA hardware accelerator for Zero-Knowledge MSM},
journal={IACR Transactions on Cryptographic Hardware and Embedded Systems},
publisher={Ruhr-Universität Bochum},
volume={2025},
pages={489-510},
url={https://tches.iacr.org/index.php/TCHES/article/view/12055},
doi={10.46586/tches.v2025.i2.489-510},
author={Xander Pottier and Thomas de Ruijter and Jonas Bertels and Wouter Legiest and Michiel Van Beirendonck and Ingrid Verbauwhede},
year=2025
}