Trait ZerocheckProver

pub trait ZerocheckProver<'a, P: PackedField> {
    // Required methods
    fn n_vars(&self) -> usize;
    fn domain_size(&self, skip_rounds: usize) -> Option<usize>;
    fn execute_univariate_round(
        &mut self,
        skip_rounds: usize,
        max_domain_size: usize,
        batch_coeff: P::Scalar,
    ) -> Result<ZerocheckRoundEvals<P::Scalar>, Error>;
    fn fold_univariate_round(
        &mut self,
        challenge: P::Scalar,
    ) -> Result<Box<dyn SumcheckProver<P::Scalar> + 'a>, Error>;
    fn project_to_skipped_variables(
        self: Box<Self>,
        challenges: &[P::Scalar],
    ) -> Result<Vec<Arc<dyn MultilinearPoly<P> + Send + Sync>>, Error>;
}

A zerocheck prover interface.

The primary reason for providing this logic via a trait is the ability to type erase univariate round small fields, which may differ between the provers, and to decouple the batch prover implementation from the relatively complex type signatures of the individual provers.

The batch prover must obey a specific sequence of calls: Self::execute_univariate_round should be followed by Self::fold_univariate_round, and then Self::project_to_skipped_variables. Getters Self::n_vars and Self::domain_size are used for alignment and maximal domain size calculation required by the Lagrange representation of the univariate round polynomial. Folding univariate round results in a SumcheckProver instance that can be driven to completion to prove the remaining multilinear rounds.

This trait is object-safe.

Required Methods

fn n_vars(&self) -> usize

The number of variables in the multivariate polynomial.

fn domain_size(&self, skip_rounds: usize) -> Option<usize>

Maximal required Lagrange domain size among compositions in this prover.

Returns None if the current prover state doesn’t contain information about the domain size.

fn execute_univariate_round( &mut self, skip_rounds: usize, max_domain_size: usize, batch_coeff: P::Scalar, ) -> Result<ZerocheckRoundEvals<P::Scalar>, Error>

Computes the prover message for the univariate round as a univariate polynomial.

The prover message mixes the univariate polynomials of the underlying composites using the same approach as SumcheckProver::execute.

Unlike multilinear rounds, the returned univariate is not in monomial basis but in Lagrange basis.

fn fold_univariate_round( &mut self, challenge: P::Scalar, ) -> Result<Box<dyn SumcheckProver<P::Scalar> + 'a>, Error>

Folds into a regular multilinear prover for the remaining rounds.

fn project_to_skipped_variables( self: Box<Self>, challenges: &[P::Scalar], ) -> Result<Vec<Arc<dyn MultilinearPoly<P> + Send + Sync>>, Error>

Projects witness onto the “skipped” variables for the univariatizing reduction.

Implementations on Foreign Types

impl<'a, P: PackedField, Prover: ZerocheckProver<'a, P> + ?Sized> ZerocheckProver<'a, P> for Box<Prover>

fn n_vars(&self) -> usize

fn domain_size(&self, skip_rounds: usize) -> Option<usize>

fn execute_univariate_round( &mut self, skip_rounds: usize, max_domain_size: usize, batch_coeff: P::Scalar, ) -> Result<ZerocheckRoundEvals<P::Scalar>, Error>

fn fold_univariate_round( &mut self, challenge: P::Scalar, ) -> Result<Box<dyn SumcheckProver<P::Scalar> + 'a>, Error>

fn project_to_skipped_variables( self: Box<Self>, challenges: &[P::Scalar], ) -> Result<Vec<Arc<dyn MultilinearPoly<P> + Send + Sync>>, Error>

Implementors

impl<'a, F, FDomain, FBase, P, CompositionBase, Composition, M, DomainFactory, Backend> ZerocheckProver<'a, P> for ZerocheckProverImpl<'a, FDomain, FBase, P, CompositionBase, Composition, M, DomainFactory, Backend>

where F: TowerField, FDomain: TowerField, FBase: ExtensionField<FDomain>, P: PackedField<Scalar = F> + PackedExtension<F, PackedSubfield = P> + PackedExtension<FBase> + PackedExtension<FDomain>, CompositionBase: CompositionPoly<PackedSubfield<P, FBase>> + 'static, Composition: CompositionPoly<P> + 'static, M: MultilinearPoly<P> + Send + Sync + 'a, DomainFactory: EvaluationDomainFactory<FDomain>, Backend: ComputationBackend,