SHA-256 (vs. RISC Zero)
As of May 2024
This note gives a benchmark comparison of proving execution of SHA-256 on a 32-byte input, on Valida and on RISC Zero. In this benchmark, single-core Valida proving was estimated to be about 65.8 times more efficient than multi-core RISC Zero proving, in terms of the time and energy expended on computing the proof. Multi-core Valida proving was estimated to be about 11.6 times faster than multi-core RISC Zero proving on this example. These are not the best results that could be obtained on this problem with Valida, since much work remains to be done on optimizing the prover and the code generated by the compiler.
Results
The raw data is available. The following table records the means, medians, and standard deviations of the various sample groups. All measurements are denoted in seconds.
Prover
Measure
Mean
Median
Standard deviation
Valida serial
User t.
1.1237
1.1235
0.01787
Valida parallel
User t.
2.7835
2.7865
0.06926
RISC Zero
User t.
73.989
73.995
0.1083
Valida serial
Wall clock t.
1.151
1.1505
0.0219
Valida parallel
Wall clock t.
0.249
0.2485
0.0051
RISC Zero
Wall clock t.
2.901
2.902
0.00727
The following table displays the ratios between the mean measurements for Valida and RISC Zero of the user time and the wall clock time. A number greater than 1 indicates that Valida is faster; a number less than 1 indicates that RISC Zero is faster.
Measure
Valida condition
Valida advantage
User time
Serial
65.84
User time
Parallel
26.58
Wall clock time
Serial
2.52
Wall clock time
Parallel
11.64
Methodology
The following zk-VM versions were used:
RISC Zero: On branch release-0.21
The following version of the Valida LLVM compiler was used: 45bce621680189d5d006f88cbadbe9cbef403b89
The C implementation of SHA-256 which was compiled to run on Valida is a modified version of the reference implementation of SHA-256 by Brad Conte. That modified version is available here: https://github.com/lita-xyz/valida-c-examples/blob/main/sha256_32byte_in.c
The Rust implementation of SHA-256 which was compiled to run on RISC Zero was a modification of their sha example. Specially, examples/sha/src/main.rs
was modified to the following to give it a 32 byte fixed input:
The inputs for both Valida and RISC Zero are 32-bytes.
The following commands were run to execute the benchmarks:
For Valida:
The above command shows multi-threaded execution; for single-threaded execution, 32 is replaced with 1.
Note that Valida currently fails to verify this program, but the output is checked to be correct by examining the log time. We are working on fixing this problem but the verification time should not make a meaningful impact on the results.
For RISC Zero, first, make sure you are in the correct branch by following the README instruction and switch to release version 2.1. Then, the following command was run from within the source repo, in the examples/sha/
directory:
In order to measure the run time of a program, this study used GNU time. The test system has a AMD Ryzen 9 7950X 16-Core Processor, with 32 threads, and 124.9 GB DDR5 RAM. During the tests there was no other programs running on the system other than the tests themselves. Tests were performed sequentially, one after another.
For some unknown reason, running cargo run --release
on the test system caused the host program to be recompiled every time, which is not supposed to happen. This made it a little harder to measure the execution time of the RISC Zero prover. The build time listed in the output is therefore subtracted from the recorded time such that only the execution, proving, and verifying times are counted.
Last updated