Cryptography Acceleration

RISC Zero’s rv32im implementation includes a number of specialized extension circuits, including two “accelerators” for cryptographic functions: SHA-256 and 256-bit modular multiplication, referred to as "bigint" multiplication. By implementing these operations directly in the “hardware” of the zkVM, programs that use these accelerators execute faster and can be proven with significantly less resources [1].

Accelerated Crates

The SHA-256 and bigint accelerators are currently integrated in "patched" versions of popular cryptographic Rust crates.

These crates include:

• RustCrypto's BigInt crate
• RustCrypto's SHA2 crate
• RustCrypto's k256 crate

An example of how to use these crates to accelerate ECDSA signature verification can be in the ECDSA example. Note the use of the patched versions of the k256 and elliptic curve crates used in the guest's Cargo.toml.

Adding Accelerator Support To Crates

It's possible to add accelerator support for your own crates by leveraging the accelerated crates above as Cargo patches.

An example of how to do this can be found in this diff of the k256 crate, which shows the code changes needed to accelerate RustCrypto's ECDSA Library. The notable changes are:

• The patched versions of the BigInt and SHA2 crates
• The use of the accelerated risc0 functions when applicable

---

¹ This is similar to the cryptography support such as AES-NI or the SHA extensions for x86 processors. In both cases, the circuitry is extended to compute otherwise expensive operations in fewer instruction cycles.