Struct ark_linear_sumcheck::ml_sumcheck::protocol::IPForMLSumcheck [−][src]
pub struct IPForMLSumcheck<F: Field> { /* fields omitted */ }
Expand description
Interactive Proof for Multilinear Sumcheck
Implementations
initialize the prover to argue for the sum of polynomial over {0,1}^num_vars
The polynomial is represented by a list of products of polynomials along with its coefficient that is meant to be added together.
This data structure of the polynomial is a list of list of (coefficient, DenseMultilinearExtension)
.
- Number of products n =
polynomial.products.len()
, - Number of multiplicands of ith product m_i =
polynomial.products[i].1.len()
, - Coefficient of ith product c_i =
polynomial.products[i].0
The resulting polynomial is
$$\sum_{i=0}^{n}C_i\cdot\prod_{j=0}^{m_i}P_{ij}$$
pub fn prove_round(
prover_state: ProverState<F>,
v_msg: &Option<VerifierMsg<F>>
) -> (ProverMsg<F>, ProverState<F>)
[src]
pub fn prove_round(
prover_state: ProverState<F>,
v_msg: &Option<VerifierMsg<F>>
) -> (ProverMsg<F>, ProverState<F>)
[src]receive message from verifier, generate prover message, and proceed to next round
Main algorithm used is from section 3.2 of XZZPS19.
initialize the verifier
pub fn verify_round<R: RngCore>(
prover_msg: ProverMsg<F>,
verifier_state: VerifierState<F>,
rng: &mut R
) -> (Option<VerifierMsg<F>>, VerifierState<F>)
[src]
pub fn verify_round<R: RngCore>(
prover_msg: ProverMsg<F>,
verifier_state: VerifierState<F>,
rng: &mut R
) -> (Option<VerifierMsg<F>>, VerifierState<F>)
[src]Run verifier at current round, given prover message
Normally, this function should perform actual verification. Instead, verify_round
only samples
and stores randomness and perform verifications altogether in check_and_generate_subclaim
at
the last step.
pub fn check_and_generate_subclaim(
verifier_state: VerifierState<F>,
asserted_sum: F
) -> Result<SubClaim<F>, Error>
[src]
pub fn check_and_generate_subclaim(
verifier_state: VerifierState<F>,
asserted_sum: F
) -> Result<SubClaim<F>, Error>
[src]verify the sumcheck phase, and generate the subclaim
If the asserted sum is correct, then the multilinear polynomial evaluated at subclaim.point
is subclaim.expected_evaluation
. Otherwise, it is highly unlikely that those two will be equal.
Larger field size guarantees smaller soundness error.
simulate a verifier message without doing verification
Given the same calling context, random_oracle_round
output exactly the same message as
verify_round
Auto Trait Implementations
impl<F> RefUnwindSafe for IPForMLSumcheck<F> where
F: RefUnwindSafe,
impl<F> Send for IPForMLSumcheck<F>
impl<F> Sync for IPForMLSumcheck<F>
impl<F> Unpin for IPForMLSumcheck<F> where
F: Unpin,
impl<F> UnwindSafe for IPForMLSumcheck<F> where
F: UnwindSafe,