On the Power of Polynomial Preprocessing: Proving Computations in Sublinear Time, and More

Matteo Campanelli; Mario Carrillo; Ignacio Cascudo; Dario Fiore; Danilo Francati; Rosario Gennaro

Paper 2025/238

On the Power of Polynomial Preprocessing: Proving Computations in Sublinear Time, and More

Matteo Campanelli

, Offchain Labs

Mario Carrillo, Universitat Rovira i Virgili

Ignacio Cascudo

, IMDEA Software

Dario Fiore

, IMDEA Software

Danilo Francati

, Royal Holloway University of London

Rosario Gennaro

, The City College of New York

Abstract

Cryptographic proof systems enable a verifier to be convinced of of a computation's correctness without re-executing it; common efficiency requirements include both succinct proofs and fast verification. In this work we put forth the general study of cryptographic proof systems with sublinear proving time (after a preprocessing). Prior work has achieved sublinear proving only for limited computational settings (e.g., vector commitments and lookup arguments), relying on specific assumptions or through non-black-box use of cryptographic primitives. In this work we lift many of these limitations through the systematic study of a specific object: polynomial commitments (PC) with sublinear proving time, a choice motivated by the crucial role that PC play in the design of efficient cryptographic schemes. Our main result is a simple construction of a PC with sublinear prover based on any vector commitment scheme (VC) and any preprocessing technique for fast polynomial evaluation. We prove that this PC satisfies evaluation binding, which is the standard security notion for PC, and show how to expand our construction to achieve the stronger notion of knowledge soundness (extractability). The first application of our result is a construction of "index-efficient" SNARKs meaning that the prover is sublinear, after preprocessing, in the size of the index (i.e., the NP-relation describing the proven statement). Our main technical contribution is a method to transform a class of standard Polynomial Interactive Oracle Proofs (PIOPs) into index-efficient PIOPs. Our construction of index-efficient SNARKs makes black-box use of such index-efficient PIOPs and a PC with sublinear prover. As a corollary, this yields the first lookup argument for unstructured tables in which the prover is sublinear in the size of the table, while making only black-box use of a VC and thus allowing instantiations from generic assumptions such as collision-resistant hash functions. Prior lookup arguments with sublinear provers were only known with non-black-box use of cryptographic primitives, or from pairings. Finally, our last application is a transformation that builds UC-secure SNARKs from simulation-extractable ones, with an approximately linear overhead in proving time (as opposed to quadratic in prior work).

Metadata

Available format(s): PDF
Category: Cryptographic protocols
Publication info: Preprint.
Keywords: snarks polynomial commitment sublinear uc lookup argument piop compiler
Contact author(s): binarywhalesinternaryseas @ gmail com
dario fiore @ imdea org
danilo francati @ rhul ac uk
History: 2025-02-17: approved; 2025-02-15: received; See all versions
Short URL: https://ia.cr/2025/238
License: CC BY

BibTeX

@misc{cryptoeprint:2025/238,
      author = {Matteo Campanelli and Mario Carrillo and Ignacio Cascudo and Dario Fiore and Danilo Francati and Rosario Gennaro},
      title = {On the Power of Polynomial Preprocessing: Proving Computations in Sublinear Time, and More},
      howpublished = {Cryptology {ePrint} Archive, Paper 2025/238},
      year = {2025},
      url = {https://eprint.iacr.org/2025/238}
}