Huge thanks to Oba, Ziemann and Nico for their help and feedback! ❤️
The Sum-Check Protocol is a fundamental tool in cryptographic proofs, particularly in zero-knowledge proofs (ZKPs) and verifiable computation. It allows a verifier to efficiently check that a prover has correctly summed up evaluations of a polynomial over a boolean hypercube without computing every evaluation explicitly.
If that sounds confusing, don't worry, that’s exactly why this article exists.
We’ll break down the key concepts needed to understand the Sum-Check Protocol and then walk through the protocol itself in an easy-to-follow manner.
To assist you, I wrote a few scripts with Sage: ‣
Before diving into the Sum-Check Protocol, we need to understand some fundamental mathematical concepts.
A multivariate polynomial is a polynomial with more than one variable. For example:
$$ f(x,y)=3x^3y^4+2xy^2+5y+7 $$
<aside> 💡
A multivariate polynomial is typically written as: $f(\vec{x})$
where $\vec{x}$ is a vector of variables, ex: $\vec{x} = (x_1, x_2, \dots, x_n)$. Its length corresponds to the number of input variables in the function.
</aside>
Key things to note:
x has degree 3 and y has degree 4Other examples:
x has 1 and y has 2)