issue 72

chapters/arithmetics-moonmath.tex

@@ -1090,8 +1090,10 @@ \subsection{Prime Factors} Recall that the fundamental theorem of arithmetic \re
 \begin{equation}
 R_0(P):=\{x_0\in R\;|\; P(x_0)=0\}
 \end{equation}
-The roots of a polynomial are of special interest with respect to its prime factorization, since it can be shown that, for any given root $x_0$ of $P$, the polynomial $F(x)=(x-x_0)$ is a prime factor of $P$.
-
+The roots of a polynomial are of special interest with respect to its prime factorization, since it can be shown that, for any given root $x_0$ of $P$, the polynomial $F(x)=(x-x_0)$ is a prime factor of $P$. A root $x_0$ of a polynomial $P$ is said to have a \term{multiplicity} of $k$ if the polynomial $(x-x_0)^k$ is a factor of $P$, that is if there is a polynomial $Q$ such that we can write $P$ as
+\begin{equation}
+P(x)= (x-x_0)^k \cdot Q(x)
+\end{equation}
 Finding the roots of a polynomial is sometimes called \term{solving the polynomial}. It is a difficult problem that has been the subject of much research throughout history.
 
 It can be shown that if $m$ is the degree of a polynomial $P$, then $P$ cannot have more than $m$ roots. However, in general, polynomials can have less than $m$ roots.
@@ -1114,7 +1116,7 @@ \subsection{Prime Factors} Recall that the fundamental theorem of arithmetic \re
 $$
 \end{example}
 \begin{exercise}
-Show that if a polynomial $P\in R[x]$ of degree $deg(P)=m$ has less than $m$ roots, it must have a prime factor $F$ of degree $deg(F)>1$.
+Show that if the sum of the multiplicity of all roots of a polynomial $P\in R[x]$ of degree $deg(P)=m$ is less than $m$, the polynomial must have a prime factor $F$ of degree $deg(F)>1$.
 \end{exercise}
 \begin{exercise}
 Consider the polynomial $P=x^7 + 3 x^6 + 3 x^5 + x^4 - x^3 - 3 x^2 - 3 x - 1\in \Z_6[x]$. Compute the set of all roots of $R_0(P)$ and then compute the prime factorization of $P$.

chapters/zk-protocols-moonmath.tex

@@ -69,8 +69,8 @@ \section{The ``Groth16'' Protocol}
 \begin{itemize}
 \item (Setup-Phase): $(CRS,\Tau)\leftarrow \textsc{Setup}(R)$: Algorithm $\textsc{Setup}$ takes the R1CS $R$ as input and computes a \term{\concept{Common Reference String}} $CRS$ and a \term{simulation trapdoor} $\Tau$.
 \item (Prover-Phase): $\pi\leftarrow \textsc{Prove}(R,CRS,I,W)$: Given a constructive proof $(I;W)$ for $R$, algorithm $\textsc{Prove}$ takes the R1CS $R$, the \concept{Common Reference String} $CRS$ and the constructive proof $(I,W)$ as input and computes an zk-SNARK $\pi$.
-\item Verify: $\{\mathtt{accept},\mathtt{reject}\}\leftarrow \textsc{Vfy}(R,CRS,I,\pi)$:   Algorithm \textsc{Vfy} takes the R1CS $R$, the \concept{Common Reference String} $CRS$, the instance $I$ and the zk-SNARK $\pi$ as input and returns \texttt{reject} or \texttt{accept}.
-\item $\pi\leftarrow \textsc{Sim}(R,\Tau,CRS, I)$: Algorithm \textsc{Sim} takes the R1CS $R$, the \concept{Common Reference String} $CRS$, the simulation trapdoor $\Tau$ and the instance $I$ as input and returns a zk-SNARK $\pi$. 
+\item (Verification Phase): $\{\mathtt{accept},\mathtt{reject}\}\leftarrow \textsc{Vfy}(R,CRS,I,\pi)$:   Algorithm \textsc{Vfy} takes the R1CS $R$, the \concept{Common Reference String} $CRS$, the instance $I$ and the zk-SNARK $\pi$ as input and returns \texttt{reject} or \texttt{accept}.
+\item (Simulation) $\pi\leftarrow \textsc{Sim}(R,\Tau,CRS, I)$: Algorithm \textsc{Sim} takes the R1CS $R$, the \concept{Common Reference String} $CRS$, the simulation trapdoor $\Tau$ and the instance $I$ as input and returns a zk-SNARK $\pi$. 
 \end{itemize}
 We will explain these algorithms together with detailed examples in the remainder of this section.