pub trait SumcheckProver<F: Field> {
// Required methods
fn n_vars(&self) -> usize;
fn execute(&mut self, batch_coeff: F) -> Result<RoundCoeffs<F>, Error>;
fn fold(&mut self, challenge: F) -> Result<(), Error>;
fn finish(self) -> Result<Vec<F>, Error>;
}Expand description
A sumcheck prover with a round-by-round execution interface.
Sumcheck prover logic is accessed via a trait because important optimizations are available depending on the structure of the multivariate polynomial that the protocol targets. For example, Gruen24 observes a significant optimization available to the sumcheck prover when the multivariate is the product of a multilinear composite and an equality indicator polynomial, which arises in the zerocheck protocol.
The trait exposes a round-by-round interface so that protocol execution logic that drives the prover can interleave the executions of the interactive protocol, for example in the case of batching several sumcheck protocols.
The caller must make a specific sequence of calls to the provers. For a prover where
Self::n_vars is $n$, the caller must call Self::execute and then Self::fold $n$
times, and finally call Self::finish. If the calls aren’t made in that order, the caller
will get an error result.
This trait is object-safe.
Required Methods§
sourcefn execute(&mut self, batch_coeff: F) -> Result<RoundCoeffs<F>, Error>
fn execute(&mut self, batch_coeff: F) -> Result<RoundCoeffs<F>, Error>
Computes the prover message for this round as a univariate polynomial.
The prover message mixes the univariate polynomials of the underlying composites using the
powers of batch_coeff.
Let $alpha$ refer to batch_coeff. If Self::fold has already been called on the prover
with the values $r_0$, …, $r_{k-1}$ and the sumcheck prover is proving the sums of the
composite polynomials $C_0, …, C_{m-1}$, then the output of this method will be the
polynomial
$$ \sum_{v \in B_{n - k - 1}} \sum_{i=0}^{m-1} \alpha^i C_i(r_0, …, r_{k-1}, X, {v}) $$