Efficient multivariate low-degree tests via interactive oracle proofs of proximity for polynomial codes

We consider the proximity testing problem for error-correcting codes which consist in evaluations of multivariate polynomials either of bounded individual degree or bounded total degree. Namely, given an oracle function f : L m → F q , where L ⊂ F q , a verifier distinguishes whether f is the evaluation of a low-degree polynomial or is far (in relative Hamming distance) from being one, by making only a few queries to f . This topic has been studied in the context of locally testable codes, interactive proofs, probalistically checkable proofs, and interactive oracle proofs. We present the first interactive oracle proofs of proximity (IOPP) for tensor products of Reed–Solomon codes (evaluation of polynomials with bounds on individual degrees) and for Reed–Muller codes (evaluation of polynomials with a bound on the total degree) that simultaneously achieve logarithmic query complexity, logarithmic verification time, linear oracle proof length and linear prover running time. Such low-degree polynomials play a central role in constructions of probabilistic proof systems and succinct non-interactive arguments of knowledge with zero-knowledge. For these applications, highly-efficient multivariate low-degree tests are desired, but prior probabilistic proofs of proximity required super-linear proving time. In contrast, for multivariate codes of length N , our constructions admit a prover running in time linear in N and a verifier which is logarithmic in N . Our constructions are directly inspired by the IOPP for Reed–Solomon codes of [Ben-Sasson et al. , ICALP 2018] named “FRI protocol”. Compared to the FRI protocol, our IOPP for tensor products of Reed–Solomon codes achieves the same efficiency parameters. As for Reed–Muller codes, for fixed constant number of variables m , the concrete efficiency of our IOPP for Reed–Muller codes compares well, all things equal.