Struct ark_linear_sumcheck::ml_sumcheck::protocol::IPForMLSumcheck
source · pub struct IPForMLSumcheck<F: Field> { /* private fields */ }
Expand description
Interactive Proof for Multilinear Sumcheck
Implementations§
source§impl<F: Field> IPForMLSumcheck<F>
impl<F: Field> IPForMLSumcheck<F>
sourcepub fn prover_init(
polynomial: &ListOfProductsOfPolynomials<F>
) -> ProverState<F>
pub fn prover_init( polynomial: &ListOfProductsOfPolynomials<F> ) -> ProverState<F>
initialize the prover to argue for the sum of polynomial over {0,1}^num_vars
The polynomial is represented by a list of products of polynomials along with its coefficient that is meant to be added together.
This data structure of the polynomial is a list of list of (coefficient, DenseMultilinearExtension)
.
- Number of products n =
polynomial.products.len()
, - Number of multiplicands of ith product m_i =
polynomial.products[i].1.len()
, - Coefficient of ith product c_i =
polynomial.products[i].0
The resulting polynomial is
$$\sum_{i=0}^{n}C_i\cdot\prod_{j=0}^{m_i}P_{ij}$$
sourcepub fn prove_round(
prover_state: &mut ProverState<F>,
v_msg: &Option<VerifierMsg<F>>
) -> ProverMsg<F>
pub fn prove_round( prover_state: &mut ProverState<F>, v_msg: &Option<VerifierMsg<F>> ) -> ProverMsg<F>
receive message from verifier, generate prover message, and proceed to next round
Main algorithm used is from section 3.2 of XZZPS19.
source§impl<F: Field> IPForMLSumcheck<F>
impl<F: Field> IPForMLSumcheck<F>
sourcepub fn verifier_init(index_info: &PolynomialInfo) -> VerifierState<F>
pub fn verifier_init(index_info: &PolynomialInfo) -> VerifierState<F>
initialize the verifier
sourcepub fn verify_round<R: RngCore>(
prover_msg: ProverMsg<F>,
verifier_state: &mut VerifierState<F>,
rng: &mut R
) -> Option<VerifierMsg<F>>
pub fn verify_round<R: RngCore>( prover_msg: ProverMsg<F>, verifier_state: &mut VerifierState<F>, rng: &mut R ) -> Option<VerifierMsg<F>>
Run verifier at current round, given prover message
Normally, this function should perform actual verification. Instead, verify_round
only samples
and stores randomness and perform verifications altogether in check_and_generate_subclaim
at
the last step.
sourcepub fn check_and_generate_subclaim(
verifier_state: VerifierState<F>,
asserted_sum: F
) -> Result<SubClaim<F>, Error>
pub fn check_and_generate_subclaim( verifier_state: VerifierState<F>, asserted_sum: F ) -> Result<SubClaim<F>, Error>
verify the sumcheck phase, and generate the subclaim
If the asserted sum is correct, then the multilinear polynomial evaluated at subclaim.point
is subclaim.expected_evaluation
. Otherwise, it is highly unlikely that those two will be equal.
Larger field size guarantees smaller soundness error.
sourcepub fn sample_round<R: RngCore>(rng: &mut R) -> VerifierMsg<F>
pub fn sample_round<R: RngCore>(rng: &mut R) -> VerifierMsg<F>
simulate a verifier message without doing verification
Given the same calling context, random_oracle_round
output exactly the same message as
verify_round