Struct SumcheckProver 

pub struct SumcheckProver<F: Field, EF: ExtensionField<F>> { /* private fields */ }

Sumcheck prover: drives rounds of the quadratic sumcheck protocol.

Invariant

At every point during the protocol:

    sum == sum_{x in {0,1}^n} f(x) * w(x)

where n is the number of remaining unbound variables. It decreases by one per round as variables are bound to verifier challenges.

Implementations

impl<F: Field, EF: ExtensionField<F>> SumcheckProver<F, EF>

pub fn new(poly: ProductPolynomial<F, EF>, sum: EF) -> Self

Creates a prover state from a product polynomial and its claimed sum.

pub const fn claimed_sum(&self) -> EF

Returns the current claimed sum over the remaining unbound variables.

pub fn num_variables(&self) -> usize

Returns the number of remaining (unbound) variables.

pub fn evals(&self) -> Poly<EF>

Extracts the current evaluation polynomial as scalar extension-field elements.

pub fn eval(&self, point: &Point<EF>) -> EF

Evaluates f at a given multilinear point via interpolation.

pub fn weights(&self) -> Poly<EF>

Extracts the current weight polynomial as scalar extension-field elements.

pub fn accumulate_claim(&mut self, weights_delta: &[EF], sum_delta: EF)

Folds a dense weight increment and its claim contribution into the prover.

Invariant

The caller guarantees sum_delta == <evals, weights_delta>, restoring the running invariant sum == dot_product after the update.

pub fn compute_sumcheck_polynomials<Challenger>( &mut self, sumcheck_data: &mut SumcheckData<F, EF>, challenger: &mut Challenger, folding_factor: usize, pow_bits: usize, constraint: Option<Constraint<F, EF>>, ) -> Point<EF>

where Challenger: FieldChallenger<F> + GrindingChallenger<Witness = F>,

Runs additional sumcheck rounds, optionally incorporating a new constraint.

Phases

• Constraint folding (optional): fold an extra constraint into the weight polynomial and update the claimed sum before any rounds.
• Round execution: perform folding_factor rounds of one-variable-per-round sumcheck; each round emits coefficients, absorbs a challenge, and folds.

Returns

The verifier challenges sampled during this batch.

Panics

• Folding factor must not exceed the current number of remaining variables.

impl<F, EF> SumcheckProver<F, EF>

where F: Field, EF: ExtensionField<F>,

pub fn into_zk_sumcheck<Enc, M, R, Ch>( self, zk_data: &mut ZkSumcheckData<F, EF>, encoding: &Enc, mmcs: &M, folding_factor: usize, pow_bits: usize, aux_claim: EF, challenger: &mut Ch, rng: &mut R, ) -> ZkSumcheckHandoff<F, EF, M>

where Enc: ZkEncodingWithRandomness<EF>, Enc::Codeword: Matrix<EF>, M: Mmcs<EF>, R: Rng, Ch: FieldChallenger<F> + GrindingChallenger<Witness = F> + CanObserve<M::Commitment>,

Runs the HVZK sumcheck overlay on an already-derived residual product polynomial.

This is the post-code-switch analogue of ZkPrefixProver::into_sumcheck: the caller has already reduced the layout-specific opening relation to a product polynomial, and this method applies Construction 6.3’s mask transcript to the next batch of sumcheck rounds.

Joint claims and the auxiliary constant

The committed-sumcheck relation (Definition 5.8 of eprint 2026/391) pairs the source claim <f, w> with mask-oracle claims <xi_i, u_i>.

• The mask-claim values are prover-only; their total is the auxiliary constant.
• The bound scalar is the joint claim: source claim plus that constant.
• The constant rides the affine chain with a 2^{-j} carry per round:

    h_j gains  eps * aux * 2^{-j}  on its constant slot
    =>  h_j(0) + h_j(1)  gains  eps * aux * 2^{-(j-1)}
    =>  the final residual gains  eps * aux * 2^{-k}

Downstream reductions must therefore scale the carried mask covectors by eps * 2^{-k}.

Eval side

• Only the weight side and the claim are scaled by eps.
• The evaluation side stays the honest folded message.
• An HVZK code-switch can therefore commit it verbatim.

Trait Implementations

impl<F: Clone + Field, EF: Clone + ExtensionField<F>> Clone for SumcheckProver<F, EF>

fn clone(&self) -> SumcheckProver<F, EF>

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl<F: Debug + Field, EF: Debug + ExtensionField<F>> Debug for SumcheckProver<F, EF>

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.