by Shelven Zhou (x: @zhou49) from Phala Network
This research was funded by Succinct, whose support made this evaluation possible.
Using Phala Network's cloud computing platform and SDK, SP1 zkVM can run directly on TEE-enabled GPUs without code modifications, providing enhanced privacy and combined ZK-TEE verifiability.
The TEE overhead primarily comes from memory encryption, making TEE-enabled SP1 more suitable for complex applications (where overhead is amortized), including zkEVMs, rollups, and machine learning, with overall overhead less than 20%.
Currently, TEE GPU capabilities are available only on high-end cards, which offer better performance-to-price ratios. Existing zkVM payloads underutilize the available GPU memory, indicating potential for supporting even more complex applications.
Zero-knowledge proofs (ZKPs) enable one party to prove the validity of information to others without revealing any underlying data. Zero-Knowledge Virtual Machines (zkVMs) build on this by integrating ZKP algorithms directly into virtual machine instruction sets, automatically compiling programs into provable circuit forms. This innovation significantly lowers the barrier to entry for developers, allowing them to write code in familiar languages without requiring deep cryptographic expertise.
Among the various zkVM implementations available today, SP1 from Succinct stands out as one of the fastest and most reliable options, having undergone rigorous security audits to ensure its robustness.
Despite their promise, zkVMs face significant challenges. The computational overhead of generating zero-knowledge proofs is substantial, making GPU acceleration essential for practical deployment. This performance requirement creates a fundamental tension in the zkVM ecosystem: users typically need to outsource proof generation to providers with sufficient computational resources.
However, this outsourcing introduces a critical privacy concern. The execution circuit in zkVMs is public, meaning that whoever runs the zkVM can see all the data being processed. This undermines one of the primary benefits of zero-knowledge technology – privacy preservation.
The solution to this paradox lies in combining zkVMs with Trusted Execution Environments (TEEs). By running zkVMs inside TEEs, we can maintain the privacy of the computation while still benefiting from the verifiability of zero-knowledge proofs.
The landscape of secure computing changed dramatically in late 2023 with NVIDIA's release of the Hopper series GPUs, the world's first GPUs with built-in TEE capabilities. These GPUs implement hardware-based encryption to protect both the GPU itself and its memory. Working in conjunction with TEE-enabled CPUs, they can generate verifiable attestation reports (quotes) that can be validated by any third party.
Phala Network has been at the forefront of TEE GPU research, publishing a comprehensive evaluation of TEE GPU performance and usability in their paper. We've built a decentralized cloud computing network that supports both TEE CPUs and GPUs, along with the necessary security infrastructure.
Hardware: