ECC Acceleration using GPU Compute on Mobile devices

Applicant background

I am a software developer who has had senior positions in a major software company. I was the CTO of listed companies and hedge funds.

Description of Problem or Opportunity

Zcash underlying crypto makes heavy usage of Elliptical Curve Crypto on specialized curves (Jubjub & Pasta). Currently, there is no support for hardware acceleration for these curves and the work must be done by the CPU.

For instance, Synchronization from seed requires scanning the blockchain and building the note commitment tree. With Warp Sync, I optimized the process down from several hours to a few minutes. The remaining bottleneck is the Pedersen hashes. They can be batch computed in parallel which make them ideal for GPU compute.

Proposed Solution

I propose to develop a library that will leverage GPGPU compute in OpenCL to offload the ECC calculations and distribute them to a large number of ALU cores.

Solution Format

It will be in the form of source code that builds a library usable from Android and iOS.

Technical approach

It would be similar to the approach taken in, a similar project that I have done for secp256k1, the ECC curve used in Bitcoin.

I need to implement the integral field operations and the ECC addition and multiplication as GPU Compute kernels. The first target is batch Pedersen Hash calculation in order to speed up Warp Sync further.

How big of a problem would it be to not solve this problem?

Orchard also use ECC albeit on different curves. Without appropriate hardware support, the other coins perform much better because they rely on popular curve for which these libraries exist.

Execution risks

  1. Performance of Hardware acceleration is notably hard to predict. It could lead to disappointing results. Without doing a prototype, we don't know how well the ECC algorithms are going to behave. However, there is prior work (but on other curves). Also, difference in hardware, even between generations, can have an impact.
  2. GPU programming is hard. It is akin to embedded development (i.e. Hardware wallets). We may experience delays due to technical difficulties.

Unintended Consequences

It could be too fast

Evaluation plan

We will benchmark with several account IVK against other wallets.

Schedule and Milestones

Subject to review and adjustments

  1. Proof of concept, Integral modular math
  2. Add ECC math
  3. Add PH
  4. Warp Sync
  5. Investigate Trial Decrypt
  6. Pasta curves
  7. Multi Exp
  8. Orchard Trial Decrypt


  1. ~1 month 2-5: 6-12 months 7-8: 4 months

We are looking for funding for the first phase at 15k.

Then we can access the time & cost needed for the rest.


Tips Received
Accepted without fundingThis proposal has been posted publicly, but isn't being funded by the Zcash Foundation.


10 months ago
Requested Funding
Open for Community Donations