Article

Vision Mark-32: A ZK-Friendly Hash Function Over Binary Tower Fields

In collaboration with 3MI Labs, we introduce a arithmetization-oriented hash function designed for Binius.

5/1/24

Irreducible Team

Mainstream hash functions and ciphers such as Keccak and AES make extensive use of bitwise and binary field operations. This design allows for efficient implementation in digital circuits and in software on modern CPUs. Zero-knowledge and verifiable computing, however, demands hash functions and ciphers that are not only efficient to execute but also efficient to verify with a proof system. Today’s most popular proof systems, such as Plonky2, use arithmetization-oriented hash functions like Poseidon that depend on primitive operations in prime-order finite fields. This is especially important for recursive composition of STARKs, which is now an essential technique for scaling ZK computation. Poseidon, though efficient for ZK verification, is around 10x slower than Keccak-256 and 14x slower than Grøstl (an AES-inspired hash function) on modern Intel processors.

The Irreducible team, in collaboration with 3MI Labs, is excited to introduce Vision Mark-32, an arithmetization-oriented cipher and hash function designed for use with Binius. Vision Mark-32 is a specialized instance of the Vision construction that uses the unique properties of binary tower fields to achieve high performance in hardware, while remaining efficiently verifiable in the Binius proof system. We remarked in our research paper Succinct Arguments over Towers of Binary Fields that Grøstl is a candidate hash function for efficient recursion with Binius; Vision Mark-32 goes a step further in reducing the verification cost and proof size without sacrificing computation efficiency.

The Vision cipher is a substitution-permutation network (SPN), a dependable design strategy also used in AES. Vision Mark-32 introduces three notable optimizations over the original Vision construction:

  1. A linear layer designed to use fast subfield multiplication and the additive number theoretic transform (NTT), instead of general matrix multiplication.

  2. A non-linear layer designed to use the fast inversion algorithm specific to binary tower fields, and an implementation of linearized polynomial evaluation using binary matrix multiplication.

  3. A refined security analysis that reduces the required number of permutation rounds.

We implemented Vision Mark-32 in hardware, on Irreducible’s Gen1 production platform based on Alveo U55C FPGA accelerator card. Our implementation is fully pipelined, running at 250MHz with a 512-bit AXI Stream interface. In addition, we provide in the table below our fully pipelined implementations of Grøstl and Poseidon hash functions, designed for the same settings.

This shows that our new Vision Mark-32 implementation attains the hardware efficiency of a traditional hash function while also being arithmetization-friendly. For more information on the work and our results, please see our paper, Vision Mark-32: ZK-Friendly Hash Function Over Binary Tower Fields.

Many thanks to our collaborators Tomer Ashur from 3MI Labs and Mohammad Mahzoun.

Subscribe to stay updated.

Subscribe to stay updated.

Subscribe to stay updated.

Want to learn more?

© 2024 Irreducible Inc. All rights reserved.

Want to learn more?

© 2024 Irreducible Inc. All rights reserved.

Want to learn more?

© 2024 Irreducible Inc. All rights reserved.