AMAZE: Accelerated MiMC Hardware Architecture for Zero-Knowledge Applications on the Edge

TL;DR

AMAZE is introduced, a highly hardware-optimized open-source framework for computing the MiMC block cipher and hash function, and its underlying open-source arithmetic backend is highlighted as part of the end-to-end design, thus allowing developers to utilize the AMAZE framework for custom ZKP applications.

Abstract

Collision-resistant, cryptographic hash (CRH) functions have long been an integral part of providing security and privacy in modern systems. Certain constructions of zero-knowledge proof (ZKP) protocols aim to utilize CRH functions to perform cryptographic hashing. Standard CRH functions, such as SHA2, are inefficient when employed in the ZKP domain, thus calling for ZK-friendly hashes, which are CRH functions built with ZKP efficiency in mind. The most mature ZK-friendly hash, MiMC, presents a block cipher and hash function with a simple algebraic structure that is well-suited, due to its achieved security and low complexity, for ZKP applications. Although ZK-friendly hashes have improved the performance of ZKP generation in software, the underlying computation of ZKPs, including CRH functions, must be optimized on hardware to enable practical applications. The challenge we address in this work is determining how to efficiently incorporate ZK-friendly hash functions, such as MiMC, into hardware accelerators, thus enabling more practical applications. In this work, we introduce AMAZE, a highly hardware-optimized open-source framework for computing the MiMC block cipher and hash function. Our solution has been primarily directed at resource-constrained edge devices; consequently, we provide several implementations of MiMC with varying power, resource, and latency profiles. Our extensive evaluations show that the AMAZE-powered implementation of MiMC outperforms standard CPU implementations by more than 13$\times$. In all settings, AMAZE enables efficient ZK-friendly hashing on resource-constrained devices. Finally, we highlight AMAZE's underlying open-source arithmetic backend as part of our end-to-end design, thus allowing developers to utilize the AMAZE framework for custom ZKP applications.

Figures (7)

• Figure 1: The MiMC-$p/p$ block cipher that we accelerate on FPGA. Please note that round constants $c_i$ are precomputed and key $k$ is user-supplied. In our work, number of rounds $r=91$ whenever we work with BN-254.
• Figure 2: The MiMC-$p/p$-based hash function that is accelerated on FPGA by AMAZE.
• Figure 3: The hierarchical architecture of the AMAZE-powered MiMC accelerator.
• Figure 4: The design of the fast 254-bit integer multiplier. $x$ and $y$ are the multiplicands. $y_i$ denotes the 27-bit chunk $y[27(i+1)-1 : 27i]$. The "$\times$" blocks are 27-bit multipliers and the "$+$" blocks are adders. The "$<\space<$" blocks represent bit-wise left shift operations.
• Figure 5: The design of the 3-stage pipeline for the fast 254-bit integer multiplier. $x$ and $y$ are the multiplicands. The "$+$" blocks are adders and the "$<\space<$" blocks represent bit-wise left shift operations. The "$\circledast$" and "$\uplus$" blocks represent the "partial multiplication" and "low-latency addition tree" portions, respectively, of the multiplier hardware shown in Figure \ref{['fig:mimc-mult']}. The "reg" blocks represent registers that simply hold data.