Hello ZkProof community!

I have been trying to implement the PCS-based Range Proofs as described here.

My code is shared in a public repository.

I have difficulties in understanding the verification part. The authors have said:

This entire process makes two polynomial commitments, to g and q, and uses the polynomial evaluation protocol three times to evaluate g(ρ), w_cap(ρ), and g(ρω).

In order to verify the commitment to `w_cap(X)`

, the prover will also have to commit to the polynomial `f(X)`

as well as a commitment to `w_cap(X)`

, am I correct? Using the commitments to `f(X)`

and `q(X)`

, the verifier can verify that the calculated commitment to `w_cap(X)`

is in fact the one claimed by the prover.

Also, in my case, I have chosen `f(X)`

to simple be a constant polynomial `f(X) = z`

. So revealing any evaluation of `f`

is not an option.

How can the verifier calculate `w(ρ)`

, from the available information to them:

- values {
`ρ`

and`τ`

} - evaluations {
`g(ρ)`

,`w_cap(ρ)`

, and`g(ρω)`

} - commitments {
`f_commit`

,`g_commit`

,`q_commit`

,`w_cap_commit`

}

From the evaluation challenge `ρ`

and above evaluations, I know the evaluation of `w2`

and `w3`

at `X = ρ`

. But I am missing something here majorly to be able to get to `w(ρ)`

.

Any help would be appreciated. Thank you.