Struct MLSumcheck 

pub struct MLSumcheck<F>(/* private fields */);

Sumcheck for products of multilinear polynomial.

Implementations

impl<F: FromPrimitiveWithConfig> MLSumcheck<F>

pub fn prove_as_subprotocol( transcript: &mut impl Transcript, mles: Vec<DenseMultilinearExtension<F::Inner>>, nvars: usize, degree: usize, comb_fn: impl Fn(&[F]) -> F + Send + Sync, config: &F::Config, ) -> (SumcheckProof<F>, ProverState<F>)

where F: InnerTransparentField, F::Inner: ConstTranscribable + Zero, F::Modulus: ConstTranscribable,

Sumcheck prover main entry point.

This function executes the Prover side of the Sumcheck protocol. It verifies a claim of the form:

$$ \sum_{x \in {0, 1}^{\text{nvars}}} \text{comb\_fn}(\text{mles}(x)) = \text{claimed\_sum}. $$

It is designed to be used as a subprotocol within a larger system since it takes the FS transcript (transcript argument) as input and returns the internal ProverState alongside the final proof.

The claimed sum is derived by the prover.

---

Arguments

• transcript: A mutable reference to a Fiat-Shamir Transcript.
• mles: A Vec of dense multilinear extension over the base field F. The sumcheck polynomial is made over the combined result of these multilinear extensions.
• nvars: The number of variables over which the mles are defined. This must be consistent across all mles.
• degree: The maximum combined degree of the mles under the comb_fn.
• comb_fn: A closure that defines the combination function $G(\text{mles}(x))$. It takes a slice of field elements (the evaluations of the mles at a point $x$) and returns a single field element.
• config: The configuration for the underlying field used in the protocol.

---

Returns

A tuple containing:

1. SumcheckProof<F>: The final sumcheck proof.
2. ProverState<F>: The state of the Prover after the protocol completes.

---

Panics

• Panics if the number of variables is 0.

pub fn verify_as_subprotocol( transcript: &mut impl Transcript, num_vars: usize, degree: usize, proof: &SumcheckProof<F>, config: &F::Config, ) -> Result<Subclaim<F>, SumCheckError<F>>

where F::Inner: ConstTranscribable, F::Modulus: ConstTranscribable,

Sumcheck verifier main entry point.

This function executes the Verifier side of the Sumcheck protocol. It takes a proof and a claimed_sum and verifies the intermediate steps of the sumcheck.

The sumcheck verifies the claim:

$$ \sum_{x \in {0, 1}^{\text{num\_vars}}} G(x) = \text{claimed\_sum}. $$

It is designed to be used as a subprotocol within a larger system. If successful, it returns a Subclaim, a final equation that the outer protocol must satisfy for the overall proof to be valid.

---

Arguments

• transcript: A mutable reference to a Fiat-Shamir Transcript.
• num_vars: The number of variables over which the sum was originally computed.
• degree: The maximum combined degree of the underlying polynomial $G(x)$. This must match the degree used by the Prover.
• proof: A reference to the SumcheckProof<F> generated by the Prover.
• config: The configuration for the underlying field used in the protocol.

---

Returns

A Result which is:

• Ok(Subclaim<F>): If the Sumcheck protocol passes successfully, it returns a Subclaim. This claim consists of:

  1. The final random challenge point $r \in \text{F}^{\text{num\_vars}}$.
  2. The expected evaluation $v$ of the combined polynomial $G(r)$ at that point.

• Err(SumCheckError<F>): If any of the round checks fail during the protocol.

---

Panics

• Panics if the number of variables is 0.