Update 2023-07-21-PLONKWHY.md

_posts/2023-07-21-PLONKWHY.md

@@ -97,36 +97,23 @@ In Round 1, the left, right & output polynomials are evaluated only at one point
 
 We want to combine them into one polynomial $f$ such that if $f$ is 0 at some point, then all of $f_i$'s are also zero at the same point.
 
-Consider the set ${1, z, z^2, z^3}$
+Consider the set ${1, z, z^2, z^3}$. \
 This is a linearly independent set.
 
-We can use this set to combine four variables $a_1, a_2, a_3$ & $a_4$ like this
+We can use this set to combine four variables $a_1, a_2, a_3, a_4$ like this: $g(Z) = a_1 + a_2 \cdot Z + a_3 \cdot Z^2 + a_4 \cdot Z^3$.
 
-$g(Z) = a1 + a2\cdot Z + a3\cdot Z^2 + a4\cdot Z^3$  
+If $g(Z)=0$ at some $Z \ne 0$, then it means $a_1 = a_2 = a_3 = a_4 = 0$ (by the definition of linearly independent set).
 
-If $g(Z)=0$ at some $Z \ne 0$, then it means $a_1 = a_2 = a_3 = a_4 = 0$ (by the definition of a linearly independent set)
+So, we can combine the polynomials $f_i$ as $f(X,Z) = f_1(X) + Z \cdot f_2(X) + Z^2 \cdot f_3(X) + Z^3 \cdot f_4(X)$.
 
-So, we can combine the polynomials $f_i$'s as
+At some $X = r_1$, let $f_1(r_1) = a_1, f_2(r_1) = a_2, f_3(r_1) = a_3, f_4(r_1) = a_4$.
 
-$f(X,Z) = f1(Z) + Z\cdot f2(x) + Z^2 \cdot f3(X) + Z^3\cdot f4(X)$
+So now $f(X=r_1, Z) = a_1 + a_2 \cdot Z + a_3 \cdot Z^2 + a_4 \cdot Z^3$.
 
-At some  $X = r_1$, let 
+At some random value $r_2$ chosen from $\mathbb F_p$, if $f(X=r_1, Z = r_2) = 0$ then it means $a_1 = a_2 = a_3 = a_4 = 0$; \
+i.e. $f_1(r_1, r_2) =f_2(r_1, r_2) = f_3(r_1, r_2) =  f_4(r_1, r_2) = 0$.
 
-$f_1(r_1) = a_1$, $f_2(r_1) = a_2$, $f_3(r_1) = a_3$, $f_4(r_1) = a_4$,
-
-So now
-
-$f(X=r_1, X) = a1 + a2\cdot Z + a3\cdot Z^2 + a4\cdot Z^3$
-
-At some random value $r_2$ chosen from $\mathbb F_p$, if 
-
-$f(X=r_1, Z = r_2) = 0$   
-
-then it means  $a1 = a2 = a3 = a4 = 0$ 
-
-i.e. $f_1(r_1, r_2) =f_2(r_1, r_2) = f_3(r_1, r_2) =  f_4(r_1, r_2) = 0$
-
-If $f_1$, $f_2$, $f_3$, $f_4$ are all $0$ at some random value $r_2$, then by the Schwartz-Zippel lemma, $f_1$, $f_2$, $f_3$, $f_4$ are all zero polynomials with very high probability because the maximum degree of these polynomials is very, very small as compared to $p$
+If $f_1$, $f_2$, $f_3$, $f_4$ are all $0$ at some random value $r_2$, then by the Schwartz-Zippel lemma, $f_1$, $f_2$, $f_3$, $f_4$ are all zero polynomials with very high probability because the maximum degree of these polynomials is very, very small as compared to $p$.
 
 So if we want to test if multiple polynomials are zero polynomials or not, we combine them using a lineraly independent set so we can test them with just one evaluation at a random point rather than testing them separately. Round 3 in the $\mathcal{P} \mathfrak{lon}\mathcal{K}$ paper creates the polynomial $t(X)$ with the linearly independent set $[1, \alpha, \alpha^2]$ to do this. In Round 5, the set $\lbrace 1, v, v^2, v^3, v^4, v^5 \rbrace$ is used to combine several polynomials to form a single opening proof polynomial $W_\zeta(X)$. It may be used at other places also.