Paper 2024/1210

More Optimizations to Sum-Check Proving

Quang Dao, Carnegie Mellon University
Justin Thaler, Georgetown University, a16z crypto research
Abstract

Many fast SNARKs apply the sum-check protocol to an $n$-variate polynomial of the form $g(x) = \text{eq}(w,x) \cdot p(x)$, where $p$ is a product of multilinear polynomials, $w \in \mathbb{F}^n$ is a random vector, and $\text{eq}$ is the multilinear extension of the equality function. In this setting, we describe an optimization to the sum-check prover that substantially reduces the cost coming from the $\text{eq}(w, x)$ factor. Our work further improves on a prior optimization by Gruen (ePrint 2023), and in the small-field case, can be combined with additional optimizations by Bagad, Domb, and Thaler (ePrint 2024), and Dao and Thaler (ePrint 2024). Over large prime-order fields, our optimization eliminates roughly $2^{n + 1}$ field multiplications compared to a standard linear-time implementation of the prover, and roughly $2^{n-1}$ field multiplications when considered on top of Gruen's optimization. These savings are about a 25% (respectively 10%) end-to-end prover speedup in common use cases, and potentially even larger when working over binary tower fields.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint.
Keywords
sum-check protocolinteractive proofsSNARKs
Contact author(s)
justin r thaler @ gmail com
History
2024-07-29: approved
2024-07-27: received
See all versions
Short URL
https://ia.cr/2024/1210
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2024/1210,
      author = {Quang Dao and Justin Thaler},
      title = {More Optimizations to Sum-Check Proving},
      howpublished = {Cryptology ePrint Archive, Paper 2024/1210},
      year = {2024},
      note = {\url{https://eprint.iacr.org/2024/1210}},
      url = {https://eprint.iacr.org/2024/1210}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.