binius_core/protocols/greedy_evalcheck/
verify.rs

1// Copyright 2024-2025 Irreducible Inc.
2
3use binius_field::TowerField;
4use binius_math::EvaluationOrder;
5use binius_utils::bail;
6
7use super::error::Error;
8use crate::{
9	fiat_shamir::Challenger,
10	oracle::MultilinearOracleSet,
11	protocols::{
12		evalcheck::{deserialize_evalcheck_proof, EvalcheckMultilinearClaim, EvalcheckVerifier},
13		sumcheck::{self, batch_verify, constraint_set_sumcheck_claims, SumcheckClaimsWithMeta},
14	},
15	transcript::VerifierTranscript,
16};
17
18pub fn verify<F, Challenger_>(
19	oracles: &mut MultilinearOracleSet<F>,
20	claims: impl IntoIterator<Item = EvalcheckMultilinearClaim<F>>,
21	transcript: &mut VerifierTranscript<Challenger_>,
22) -> Result<Vec<EvalcheckMultilinearClaim<F>>, Error>
23where
24	F: TowerField,
25	Challenger_: Challenger,
26{
27	let mut evalcheck_verifier = EvalcheckVerifier::new(oracles);
28
29	// Verify the initial evalcheck claims
30	let claims = claims.into_iter().collect::<Vec<_>>();
31
32	let mut initial_evalcheck_proofs = Vec::with_capacity(claims.len());
33	let mut reader = transcript.message();
34	for _ in 0..claims.len() {
35		let eval_check_proof = deserialize_evalcheck_proof(&mut reader)?;
36		initial_evalcheck_proofs.push(eval_check_proof);
37	}
38	evalcheck_verifier.verify(claims, initial_evalcheck_proofs)?;
39
40	loop {
41		let SumcheckClaimsWithMeta { claims, metas } = constraint_set_sumcheck_claims(
42			evalcheck_verifier.take_new_sumcheck_constraints().unwrap(),
43		)?;
44
45		if claims.is_empty() {
46			break;
47		}
48
49		// Reduce the new sumcheck claims for virtual polynomial openings to new evalcheck claims.
50		let sumcheck_output = batch_verify(EvaluationOrder::HighToLow, &claims, transcript)?;
51
52		let new_evalcheck_claims =
53			sumcheck::make_eval_claims(EvaluationOrder::HighToLow, metas, sumcheck_output)?;
54
55		let mut evalcheck_proofs = Vec::with_capacity(new_evalcheck_claims.len());
56		let mut reader = transcript.message();
57		for _ in 0..new_evalcheck_claims.len() {
58			let evalcheck_proof = deserialize_evalcheck_proof(&mut reader)?;
59			evalcheck_proofs.push(evalcheck_proof)
60		}
61
62		evalcheck_verifier.verify(new_evalcheck_claims, evalcheck_proofs)?;
63	}
64
65	let new_sumchecks = evalcheck_verifier.take_new_sumcheck_constraints().unwrap();
66	if !new_sumchecks.is_empty() {
67		bail!(Error::MissingVirtualOpeningProof);
68	}
69
70	let committed_claims = evalcheck_verifier
71		.committed_eval_claims_mut()
72		.drain(..)
73		.collect::<Vec<_>>();
74	Ok(committed_claims)
75}