More Optimizations to Sum-Check Proving

Quang Dao; Justin Thaler

Paper 2024/1210

More Optimizations to Sum-Check Proving

Quang Dao, Carnegie Mellon University

Justin Thaler, Georgetown University, a16z crypto research

Abstract

Many fast SNARKs apply the sum-check protocol to an $n$ -variate polynomial of the form $g (x) = eq (w, x) \cdot p (x)$ , where $p$ is a product of multilinear polynomials, $w \in F^{n}$ is a random vector, and $eq$ is the multilinear extension of the equality function. In this setting, we describe an optimization to the sum-check prover that substantially reduces the cost coming from the $eq (w, x)$ factor. Our work further improves on a prior optimization by Gruen (ePrint 2023), and in the small-field case, can be combined with additional optimizations by Bagad, Domb, and Thaler (ePrint 2024), and Dao and Thaler (ePrint 2024). Over large prime-order fields, our optimization eliminates roughly field multiplications compared to a standard linear-time implementation of the prover, and roughly field multiplications when considered on top of Gruen's optimization. These savings are about a 25% (respectively 10%) end-to-end prover speedup in common use cases, and potentially even larger when working over binary tower fields.

Metadata

Available format(s): PDF
Category: Cryptographic protocols
Publication info: Preprint.
Keywords: sum-check protocol interactive proofs SNARKs
Contact author(s): justin r thaler @ gmail com
History: 2024-07-29: approved; 2024-07-27: received; See all versions
Short URL: https://ia.cr/2024/1210
License: CC BY

BibTeX

@misc{cryptoeprint:2024/1210,
      author = {Quang Dao and Justin Thaler},
      title = {More Optimizations to Sum-Check Proving},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/1210},
      year = {2024},
      url = {https://eprint.iacr.org/2024/1210}
}