binius_core/protocols/

mod.rs

// Copyright 2023-2025 Irreducible Inc.

//! Implementations of various virtual polynomial protocols.
//!
//! A virtual polynomial protocol is subprotocol of a polynomial IOP. See [DP23] Definition 4.7 for
//! a formal definition. Each protocol has a prover-side implementation and a verifier-side
//! implementation. These protocols are all public-coin and made non-interactive by the Fiat-Shamir
//! transformation. Thus, the prover-side implementations all simulate a verifier in order to
//! accurately construct the transcript.
//!
//! The protocol implementations have separate functions for each round. We model the virtual
//! polynomial protocols this way because in many settings we want the ability to batch together
//! multiple protocols at different rounds. For example, if we had one sumcheck claim for an
//! $\nu$-variate polynomial and one sumcheck claim for a $\nu - 1$-variate polynomial, we would
//! want to run one sumcheck round on the first claim, then batch the remaining rounds with the
//! second claim.
//!
//! Each verifier round proceeds as
//! 1) Receive the round message (ie. read it from the non-interactive proof)
//! 2) Send the round message to the challenger
//! 3) Sample challenge from the challenger
//! 4) Verify the round message and reduce old claims, message, and challenge to new claims
//!
//! Each prover round proceeds as
//! 1) (Simulate verifier's last round) Send last round message to the challenger
//! 2) (Simulate verifier's last round) Sample challenge from the challenger
//! 3) (Simulate verifier's last round) Reduce old claims, message, and challenge to new claims
//! 4) Compute the round message
//!
//! [DP23]: https://eprint.iacr.org/2023/1784

pub mod evalcheck;
pub mod fri;
pub mod gkr_exp;
pub mod gkr_gpa;
pub mod greedy_evalcheck;
pub mod sumcheck;

#[allow(dead_code)]
#[doc(hidden)]
pub mod test_utils;