Sum-check protocol

A sum-check protocol is a cryptographic protocol for the construction of interactive proof systems,^[1] used widely in zero-knowledge protocols.^[2]

The sum-check protocol was created by Carsten Lund, Lance Fortnow, Howard Karloff, and Noam Nisan and formalized in 1990.^[3][1]

In an interactive proof, the goal is for a verifier V to offload an expensive computation to an untrusted prover P.^[4] The sum-check protocol allows the prover to convince the verifier that the sum of a multivariate polynomial is equal to a known value.^[2] The goals of the sum-check protocol are to make the verifier run in time linear to the input size, to keep the proof logarithmically small, and to keep the prover efficient.^[4]

For a v-variate polynomial g defined over a finite field ${\displaystyle \mathbb{𝔽}}$, the prover provides the verifier with the following sum:^[5]

${\displaystyle H:=\sum _{b_1\in \{0,1\}}\sum _{b_2\in \{0,1\}}\cdots \sum _{b_v\in \{0,1\}}g(b_1,\dots ,b_v).}$

Without a prover, the verifier has to perform ${\displaystyle 2^n}$ evaluations of g to verify the statement, which is a very large runtime. With the sumcheck protocol, the verifier's runtime is${\displaystyle O(v+\text{[the cost to evaluate }g\text{ at a single input in }{\mathbf{𝐅}}^v])}$.^[4]

The sum-check protocol leads to proofs that are of at least logarithmic length.^[4]

The protocol is not zero-knowledge by itself, and like all interactive proofs, it is not succinct for NP statements.^[4]

zk-SNARK proofs combine the sum-check protocol with commitment schemes to obtain zero-knwoledge and succinct arguments.^[4][6]

• Cryptographic protocol
• Interactive proof systems
• Zero-knowledge proof

• Thaler, Justin (July 18, 2023). "3.1, 4.1, 4.2" (in en). Proofs, Arguments, and Zero-Knowledge. Georgetown University. https://people.cs.georgetown.edu/jthaler/ProofsArgsAndZK.pdf. 
• Tauman Kalai, Yael (2023). "Lecture 1: Interactive Proofs and the Sum-Check Protocol". https://ocw.mit.edu/courses/6-5630-advanced-topics-in-cryptography-fall-2023/pages/lecture-1-interactive-proofs-and-the-sum-check-protocol/. 

0.00 (0 votes) Original source: https://en.wikipedia.org/wiki/Sum-check protocol. Read more