pub fn batch_verify<F, Composition, Transcript>(
claims: &[SumcheckClaim<F, Composition>],
proof: Proof<F>,
transcript: &mut Transcript,
) -> Result<BatchSumcheckOutput<F>, Error>where
F: TowerField,
Composition: CompositionPolyOS<F>,
Transcript: CanObserve<F> + CanSample<F> + CanRead,
Expand description
Verify a batched sumcheck protocol execution.
The sumcheck protocol over can be batched over multiple instances by taking random linear combinations over the claimed sums and polynomials. When the sumcheck instances are not all over polynomials with the same number of variables, we can still batch them together, sharing later round challenges. Importantly, the verifier samples mixing challenges “just-in-time”. That is, the verifier samples mixing challenges for new sumcheck claims over n variables only after the last sumcheck round message has been sent by the prover.
For each sumcheck claim, we sample one random mixing coefficient. The multiple composite claims within each claim over a group of multilinears are mixed using the powers of the mixing coefficient.