binius_core::protocols::sumcheck::prove

Trait UnivariateZerocheckProver

source 
pub trait UnivariateZerocheckProver<F: Field> {
    type RegularZerocheckProver: SumcheckProver<F>;

    // Required methods
    fn n_vars(&self) -> usize;
    fn domain_size(&self, skip_rounds: usize) -> usize;
    fn execute_univariate_round(
        &mut self,
        skip_rounds: usize,
        max_domain_size: usize,
        batch_coeff: F,
    ) -> Result<LagrangeRoundEvals<F>, Error>;
    fn fold_univariate_round(
        self,
        challenge: F,
    ) -> Result<Self::RegularZerocheckProver, Error>;
}
Expand description

A univariate zerocheck prover interface.

The primary reason for providing this logic via a trait is the ability to type erase univariate round small fields, which may differ between the provers, and to decouple the batch prover implementation from the relatively complex type signatures of the individual provers.

The batch prover must obey a specific sequence of calls: Self::execute_univariate_round should be followed by Self::fold_univariate_round. Getters Self::n_vars and Self::domain_size are used to align claims and determine the maximal domain size, required by the Lagrange representation of the univariate round polynomial. Folding univariate round results in a SumcheckProver instance that can be driven to completion to prove the remaining multilinear rounds.

This trait is not object safe.

Required Associated Types§

source

type RegularZerocheckProver: SumcheckProver<F>

“Regular” prover for the multilinear rounds remaining after the univariate skip.

Required Methods§

source

fn n_vars(&self) -> usize

The number of variables in the multivariate polynomial.

source

fn domain_size(&self, skip_rounds: usize) -> usize

Maximal required Lagrange domain size among compositions in this prover.

source

fn execute_univariate_round( &mut self, skip_rounds: usize, max_domain_size: usize, batch_coeff: F, ) -> Result<LagrangeRoundEvals<F>, Error>

Computes the prover message for the univariate round as a univariate polynomial.

The prover message mixes the univariate polynomials of the underlying composites using the same approach as SumcheckProver::execute.

Unlike multilinear rounds, the returned univariate is not in monomial basis but in Lagrange basis.

source

fn fold_univariate_round( self, challenge: F, ) -> Result<Self::RegularZerocheckProver, Error>

Folds into a regular multilinear prover for the remaining rounds.

Implementors§

source§

impl<'a, 'm, F, FDomain, PBase, P, CompositionBase, Composition, M, Backend> UnivariateZerocheckProver<F> for UnivariateZerocheck<'a, 'm, FDomain, PBase, P, CompositionBase, Composition, M, Backend>
where F: TowerField + ExtensionField<PBase::Scalar> + ExtensionField<FDomain>, FDomain: TowerField, PBase: PackedFieldIndexable<Scalar: ExtensionField<FDomain>> + PackedExtension<FDomain, PackedSubfield: PackedFieldIndexable>, P: PackedFieldIndexable<Scalar = F> + RepackedExtension<PBase> + PackedExtension<FDomain>, CompositionBase: CompositionPolyOS<PBase>, Composition: CompositionPolyOS<P>, M: MultilinearPoly<P> + Send + Sync + 'm, Backend: ComputationBackend,

source§

type RegularZerocheckProver = ZerocheckProver<'a, FDomain, PBase, P, CompositionBase, Composition, Arc<dyn MultilinearPoly<P> + Sync + Send + 'm>, Backend>