Gotta Hash 'Em All! Speeding Up Hash Functions for Zero-Knowledge Proof Applications

TL;DR

This paper introduces HashEmAll, FPGA-based implementations of ZK-friendly hash functions that significantly outperform CPU versions, enabling more efficient zero-knowledge proof applications with scalable, resource-aware designs.

Contribution

The paper presents HashEmAll, a novel FPGA-based framework for ZK-friendly hashes, achieving substantial speedups and resource efficiency for practical ZKP applications.

Findings

Latency-optimized HashEmAll outperforms CPU by at least 10x, up to 23x.

Designs consume less power and are compatible with accessible FPGAs.

Enables scalable ZKP applications like large Merkle Trees.

Abstract

Collision-resistant cryptographic hash functions (CRHs) are crucial for security, particularly for message authentication in Zero-knowledge Proof (ZKP) applications. However, traditional CRHs like SHA-2 or SHA-3, while optimized for CPUs, generate large circuits, rendering them inefficient in the ZK domain. Conversely, ZK-friendly hashes are designed for circuit efficiency but struggle on conventional hardware, often orders of magnitude slower than standard hashes due to their reliance on expensive finite field arithmetic. To bridge this performance gap, we present HashEmAll, a novel collection of FPGA-based realizations for three prominent ZK-friendly hashes: Griffin, Rescue-Prime, and Reinforced Concrete. Each offers distinct optimization profiles, with both area-optimized and latency-optimized variants available, allowing users to tailor hardware selection to specific application constraints regarding resource utilization and performance. Our extensive evaluation shows that latency-optimized HashEmAll designs outperform CPU implementations by at least $10 \times$, with the leading design achieving a $23 \times$ speedup. These gains are coupled with lower power consumption and compatibility with accessible FPGAs. Importantly, the highly parallel and pipelined architecture of HashEmAll enables significantly better practical scaling than CPU-based approaches towards building real-world ZKP applications, such as data commitments with Merkle Trees, by mitigating the hashing bottleneck for large trees. This highlights the suitability of HashEmAll for real-world ZKP applications involving large-scale data authentication. We also highlight the ability to translate the HashEmAll methodology to various ZK-friendly hash functions and different field sizes.