I am reading this explanation of zkSnark written by Maksym Petkus - http://www.petkus.info/papers/WhyAndHowZkSnarkWorks.pdf
I have understood everything in the first 15 pages.
In 3.4 Restricting a Polynomial (Page 16)
We do already restrict a prover in the selection of encrypted powers of s, but such restriction is not enforced, e.g., one could use
any possible means to find some arbitrary values $z_p$ and $z_h$ which satisfy equation $z_p = (z_h)^{t(s)}$ and provide them to the verifier instead of $g^p$ and $g^h$. For example, for some random r $z_h = g^r$ and $z_p = (g^{t(s)})^{r}$, where $g^{t(s)}$ can be computed from the provided encrypted powers of $s$. That is why verifier needs the proof that only supplied encryptions of powers of $s$ were used to calculate
$g^p$ and $g^h$ and nothing else.
I am unable to understand how a prover can find some arbitrary values of $z_p$ and $z_h$ which satisfy $z_p = (z_h)^{t(s)}$? For example, for some random r $z_h = g^r$ and $z_p = (g^{t(s)})^{r}$
The prover doesn't know $s$ & nor does he know $g$, so how will he do this?
In short, I am unable to figure out what is the attack (to protect against) for which "restricting a polynomial" is needed.