refactor: Improve code readability and error handling in zeromorph

- Updated and enhanced clarity and consistency of mathematical notation in comments across `non_hiding_kzg.rs` and `non_hiding_zeromorph.rs` files.
- Implemented error handling in the `ZMPCS::verify` function within the `non_hiding_zeromorph.rs` file.

Author: huitseeker

src/provider/non_hiding_kzg.rs

@@ -22,11 +22,11 @@ use crate::{
 ))]
 #[abomonation_omit_bounds]
 pub struct UVUniversalKZGParam<E: Engine> {
-  /// Group elements of the form `{ \beta^i G }`, where `i` ranges from 0 to
+  /// Group elements of the form `{ β^i G }`, where `i` ranges from 0 to
   /// `degree`.
   #[abomonate_with(Vec<[u64; 8]>)] // // this is a hack; we just assume the size of the element.
   pub powers_of_g: Vec<E::G1Affine>,
-  /// Group elements of the form `{ \beta^i H }`, where `i` ranges from 0 to
+  /// Group elements of the form `{ β^i H }`, where `i` ranges from 0 to
   /// `degree`.
   #[abomonate_with(Vec<[u64; 16]>)] // this is a hack; we just assume the size of the element.
   pub powers_of_h: Vec<E::G2Affine>,
@@ -73,7 +73,7 @@ pub struct UVKZGVerifierKey<E: Engine> {
   /// The generator of G2.
   #[abomonate_with([u64; 16])] // this is a hack; we just assume the size of the element.
   pub h: E::G2Affine,
-  /// \beta times the above generator of G2.
+  /// β times the above generator of G2.
   #[abomonate_with([u64; 16])] // this is a hack; we just assume the size of the element.
   pub beta_h: E::G2Affine,
 }

src/provider/non_hiding_zeromorph.rs

@@ -219,7 +219,7 @@ where
     let y = transcript.squeeze(b"y")?;
 
     // Compute the batched, lifted-degree quotient `\hat{q}`
-    // q_hat = \sum_{i=0}^{num_vars-1} y^i *  X^{2^{num_vars} - d_k - 1} * q_i(x)
+    // qq_hat = ∑_{i=0}^{num_vars-1} y^i * X^(2^num_vars - d_k - 1) * q_i(x)
     let q_hat = batched_lifted_degree_quotient(y, &quotients_polys);
     // Compute and absorb the commitment C_q = [\hat{q}]
     let q_hat_comm = UVKZGPCS::commit(&pp.commit_pp, &q_hat)?;
@@ -232,7 +232,7 @@ where
     // Compute batched degree and ZM-identity quotient polynomial pi
     let (eval_scalar, (degree_check_q_scalars, zmpoly_q_scalars)) =
       eval_and_quotient_scalars(y, x, z, point);
-    // f = z * poly.Z + q\_hat + (-z * Φ_n(x) * e) + \sum_k (q\_scalars_k * q_k)
+    // f = z * poly.Z + q_hat + (-z * Φ_n(x) * e) + ∑_k (q_scalars_k * q_k)
     let mut f = UVKZGPoly::new(poly.Z.clone());
     f *= &z;
     f += &q_hat;
@@ -418,7 +418,7 @@ fn eval_and_quotient_scalars<F: Field>(y: F, x: F, z: F, point: &[F]) -> (F, (Ve
   let squares_of_x = iter::successors(Some(x), |&x| Some(x.square()))
     .take(num_vars + 1)
     .collect::<Vec<_>>();
-  // offsets_of_x = [Π_{j=i}^{num_vars-1} x^{2^j}, i \in 0..=num_vars-1] = [x^{2^num_vars - d_i - 1}, i \in 0..=num_vars-1]
+  // offsets_of_x = [Π_{j=i}^{num_vars-1} x^(2^j), i ∈ [0, num_vars-1]] = [x^(2^num_vars - d_i - 1), i ∈ [0, num_vars-1]]
   let offsets_of_x = {
     let mut offsets_of_x = squares_of_x
       .iter()
@@ -433,9 +433,9 @@ fn eval_and_quotient_scalars<F: Field>(y: F, x: F, z: F, point: &[F]) -> (F, (Ve
     offsets_of_x
   };
 
-  // vs = [ \frac{(x^{2^{num_vars}} - 1)}{x^{2^i} - 1}, i \in 0..=num_vars-1]
-  // Note Φ_{n-i}(x^{2^i}) = \frac{(x^{2^i})^{2^{n-i|} - 1}{x^{2^i} - 1} = \frac{(x^{2^{num_vars}} - 1)}{x^{2^i} - 1} = vs[i]
-  //      Φ_{n-i-1}(x^{2^{i+1}}) = \frac{(x^{2^{i+1}})^{2^{n-i-1}} - 1}{x^{2^{i+1}} - 1} = \frac{(x^{2^{num_vars}} - 1)}{x^{2^{i+1}} - 1} = vs[i+1]
+  // vs = [ (x^(2^num_vars) - 1) / (x^(2^i) - 1), i ∈ [0, num_vars-1]]
+  // Note Φ_(n-i)(x^(2^i)) = (x^(2^i))^(2^(n-i) - 1) / (x^(2^i) - 1) = (x^(2^num_vars) - 1) / (x^(2^i) - 1) = vs[i]
+  //      Φ_(n-i-1)(x^(2^(i+1))) = (x^(2^(i+1)))^(2^(n-i-1)) - 1 / (x^(2^(i+1)) - 1) = (x^(2^num_vars) - 1) / (x^(2^(i+1)) - 1) = vs[i+1]
   let vs = {
     let v_numer = squares_of_x[num_vars] - F::ONE;
     let mut v_denoms = squares_of_x
@@ -449,8 +449,8 @@ fn eval_and_quotient_scalars<F: Field>(y: F, x: F, z: F, point: &[F]) -> (F, (Ve
       .collect::<Vec<_>>()
   };
 
-  // q_scalars = [- (y^i * x^{2^num_vars - d_i - 1} + z * (x^{2^i} * vs_{i+1} - u_i * vs_i)), i = 0..=num_vars-1]
-  //           = [- (y^i * x^{2^num_vars - d_i - 1} + z * (x^{2^i} * Φ_{n-i-1}(x^{2^{i+1}}) - u_i * Φ_{n-i}(x^{2^i}))), i = 0..=num_vars-1]
+  // q_scalars = [- (y^i * x^(2^num_vars - d_i - 1) + z * (x^(2^i) * vs[i+1] - u_i * vs[i])), i ∈ [0, num_vars-1]]
+  //           = [- (y^i * x^(2^num_vars - d_i - 1) + z * (x^(2^i) * Φ_(n-i-1)(x^(2^(i+1))) - u_i * Φ_(n-i)(x^(2^i)))), i ∈ [0, num_vars-1]]
   let q_scalars = iter::successors(Some(F::ONE), |acc| Some(*acc * y))
     .zip(offsets_of_x)
     .zip(squares_of_x)
@@ -464,7 +464,7 @@ fn eval_and_quotient_scalars<F: Field>(y: F, x: F, z: F, point: &[F]) -> (F, (Ve
     )
     .unzip();
 
-  // -vs[0] * z = -z \frac{x^{2^{num\_vars}} - 1}{x - 1} = -z Φ_n(x)
+  // -vs[0] * z = -z * (x^(2^num_vars) - 1) / (x - 1) = -z Φ_n(x)
   (-vs[0] * z, q_scalars)
 }
 
@@ -514,7 +514,9 @@ where
     let commitment = ZMCommitment::from(UVKZGCommitment::from(*comm));
     let evaluation = ZMEvaluation(*eval);
 
-    ZMPCS::verify(vk, transcript, &commitment, point, &evaluation, arg)?;
+    if !ZMPCS::verify(vk, transcript, &commitment, point, &evaluation, arg)? {
+      return Err(NovaError::UnSat);
+    }
     Ok(())
   }
 }
@@ -730,11 +732,11 @@ mod test {
     let u_challenge: Vec<_> = (0..num_vars).map(|_| Scalar::random(&mut rng)).collect();
     let z_challenge = Scalar::random(&mut rng);
 
-    // Construct zeta_x using the function
+    // Construct ζ_x using the function
     let (_eval_scalar, (zeta_x_scalars, _right_quo_scalars)) =
       eval_and_quotient_scalars(y_challenge, x_challenge, z_challenge, &u_challenge);
 
-    // Now construct zeta_x explicitly
+    // Now construct ζ_x explicitly
     let n: u64 = 1 << num_vars;
     // q_batched - \sum_k q_k * y^k * x^{N - deg(q_k) - 1}
     assert_eq!(zeta_x_scalars[0], -x_challenge.pow([n - 1]));