Some Improvements for the PIOP for ZeroCheck

Angus Gruen

Paper 2024/108

Some Improvements for the PIOP for ZeroCheck

Angus Gruen

, Polygon Zero

Abstract

Most multivariate proof systems require, at some point, an algebraic check against the rows of the trace. One popular protocol for this is known as zerocheck which is a sumcheck based protocol which proves a constraint function is zero over the $n$ -dimensional Boolean hypercube. One of the drawbacks of running zerocheck over a small field, is that it usually involves a large number of evaluations of the constraint polynomial over a cryptographically large extension field $G$ . We describe several improvements to the zerocheck protocol over a small field which both reduce the number of constraint evaluations the prover needs to perform and shifts some computation from the extension field back into the base field . Specifically, for a table of length , integer parameter and constraint function of degree with evaluation costs we show the protocol can be performed with prover cost roughly To check the proof, the verifier needs to perform a single interpolation of degree and interpolations of degree . Thus varying allows for a tradeoff between prover and verifier cost.

Metadata

Available format(s): PDF
Category: Cryptographic protocols
Publication info: Preprint.
Keywords: Sumcheck Interactive Oracle Proofs SNARKS
Contact author(s): agruen @ polygon technology
History: 2024-01-26: approved; 2024-01-24: received; See all versions
Short URL: https://ia.cr/2024/108
License: CC BY

BibTeX

@misc{cryptoeprint:2024/108,
      author = {Angus Gruen},
      title = {Some Improvements for the {PIOP} for {ZeroCheck}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/108},
      year = {2024},
      url = {https://eprint.iacr.org/2024/108}
}