Sumcheck integration #977
Sumcheck integration #977
Conversation
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #977 +/- ##
==========================================
+ Coverage 71.99% 72.02% +0.03%
==========================================
Files 159 159
Lines 34792 34892 +100
==========================================
+ Hits 25047 25130 +83
- Misses 9745 9762 +17 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
| The Sumcheck Protocol allows a prover to convince a verifier that the sum of a multivariate polynomial over the Boolean hypercube equals a claimed value, without the verifier having to compute the entire sum. | ||
|
|
||
| The protocol proceeds in rounds, with one round per variable of the multivariate polynomial. In each round, the prover sends a univariate polynomial, and the verifier responds with a random challenge. This process reduces a claim about a multivariate polynomial to a claim about a single evaluation point. | ||
|
|
There was a problem hiding this comment.
It is an essential building block for many SNARK protocols, given that it reduces the complexity of computing the sum to summing O(\nu) elements, plus an evaluation at a random point.
| FE::from(11), | ||
| ]); | ||
|
|
||
| let (claimed_sum, proof_polys) = prove(poly.clone()); |
There was a problem hiding this comment.
In future versions, it would be better to work directly with a reference to poly
| let c_1 = prover.c_1(); | ||
| println!("\nInitial claimed sum c₁: {:?}", c_1); | ||
| let mut transcript = DefaultTranscript::<F>::default(); | ||
| let mut verifier = verifier::Verifier::new(poly.num_vars(), Some(poly), c_1); |
There was a problem hiding this comment.
Typically, we do not want to have the verifier access to the polynomial; this is replaced by an oracle to the polynomial (in the non-interactive version, it has a commitment to P, plus an evaluation proof at r)
provers/sumcheck/src/prover.rs
Outdated
| let univar = prover.poly.to_univariate(); | ||
| proof_polys.push(univar.clone()); | ||
|
|
||
| transcript.append_felt(&univar.coefficients[0]); |
There was a problem hiding this comment.
You have to append the total sum
There was a problem hiding this comment.
Fixed in ab91ea5
provers/sumcheck/src/prover.rs
Outdated
|
|
||
| // Only generate next challenge if this isn't the final round | ||
| if round < n - 2 { | ||
| transcript.append_felt(&univar.coefficients[0]); |
There was a problem hiding this comment.
intermediate sums should also be committed
There was a problem hiding this comment.
Fixed in ab91ea5
| assert!(ok, "Final round verification failed"); | ||
| break; | ||
| for (i, univar) in proof_polys.into_iter().enumerate() { | ||
| match verifier.do_round(univar, &mut transcript)? { |
There was a problem hiding this comment.
check that all elements appended by the prover are appended by the verifier
There was a problem hiding this comment.
Fixed in ab91ea5
There was a problem hiding this comment.
It seems like we're deleting all the tests in this file? Why?
There was a problem hiding this comment.
I moved them to lib.rs. Should I put them back in verifier.rs ?
Sumcheck integration
Description
This PR is a follow-up to PR #973. It completes the integration of the Sumcheck protocol by adding complete proof generation and verification functionality.
It also adds a README describing the protocol
Type of change
Please delete options that are not relevant.
Checklist