SubLogarithmic Linear Time SNARKs from Compressed Sum-Check

Nitin Singh; Sikhar Patranabis

Paper 2025/908

SubLogarithmic Linear Time SNARKs from Compressed Sum-Check

Nitin Singh

, IBM Research India

Sikhar Patranabis, IBM Research India

Abstract

We leverage recently proposed multilinear polynomial commitment schemes, with linear time prover and constant proof size to reduce the communication complexity of the classical sum-check protocol for multivariate polynomials. Specifically, we consider degree $d$ multivariate polynomials in $μ$ variables which can be decomposed into $ℓ$ multilinear polynomials. We exhibit a new multivariate sum-check protocol with $O (ℓ + d \log \log n)$ communication for $n = 2^{μ}$ . Our protocol retains the $O (n)$ prover cost~(where the precise constant depends on $ℓ$ , $d$ and the multivariate form). Thus we improve on the $O (\log n)$ communication inherent in all applications of existing multivariate sum-check protocol. Multivariate sum-check is a key ingredient in the design of several prover-efficient SNARKs, such as HyperPlonk (EUROCRYPT 2023), Spartan (CRYPTO 2020), Hyrax (IEEE S&P 2018), Libra (CRYPTO 2019), Gemini (EUROCRYPT 2022), Virgo (S&P 2020) etc. All of these SNARKS incur at least proof size, with the smallest concrete proof size being KB for circuits of size . Our improved multivariate sum-check protocol improves the proof size of all of the above SNARKs while retaining the prover cost. In particular, plugging our sum-check protocol into the HyperPlonk multilinear PIOP yields -- the first SNARK that simultaneously achieves prover, sublogarithmic proof size of , and verifier. Concretely, the proof size of is about 2 KB for circuit sizes up to . We note that SNARKs with smaller proof size than are based on univariate polynomials, and are not prover-efficient as they inherently incur prover cost due to polynomial multiplications. Moreover, avoids proof recursion techniques and non-black-box usage of cryptographic primitives. We believe that our improved multivariate sum-check protocol is of independent interest, and could have applications beyond SNARKs.

Note: Expanded construction of Hyperplonk PIOP based on compressed sum-check. Incorporating comments on first version.

Metadata

Available format(s): PDF
Category: Cryptographic protocols
Publication info: Preprint.
Keywords: SNARK Zero Knowledge Proofs Polynomial Commitment Multilinear SNARKs Sum Check
Contact author(s): nitisin1 @ in ibm com
Sikhar Patranabis @ ibm com
History: 2025-06-26: last of 3 revisions; 2025-05-21: received; See all versions
Short URL: https://ia.cr/2025/908
License: CC0

BibTeX

@misc{cryptoeprint:2025/908,
      author = {Nitin Singh and Sikhar Patranabis},
      title = {{SubLogarithmic} Linear Time {SNARKs} from Compressed Sum-Check},
      howpublished = {Cryptology {ePrint} Archive, Paper 2025/908},
      year = {2025},
      url = {https://eprint.iacr.org/2025/908}
}