I am reading this explanation of zkSnark written by Maksym Petkus - http://www.petkus.info/papers/WhyAndHowZkSnarkWorks.pdf
Here he has a polynomial
$p(x) = x^3 − 3x^2 + 2x$
and the homomorphic encryption defined as $E(c) = g^c \bmod 7$
It's a little unclear as to where the polynomial is defined over $Z$ or is it defined over $Z_7$ - it's left a little ambiguous in the text.
This matters in the step where the verifier evaluates $E(h.t) = E(h)^t$. I can better explain my question with $Z_{11}$ instead of $Z_7$, so I am using $Z_{11}$ below.
Let's assume $E(c) = g^c \bmod 11$
Verifier samples at s = 14
$E(s^0)= 5, E(s^1)= 9, E(s^2) = 5, E(s^3) = 9$
Prover calculates $E(p(s)) = (9 * 5^{-3} * 9^2) \bmod 11 = 9$
calculates $E(h(s)) = 5$. Sends E(p)= 9 and E(h) = 9 to verifier
Verifier calculates t(s=14)
Consider two cases
Case1: Polynomial is over $Z$
In this case, t(s=14) = (13*12) = 156
So $E(h)^t$ = $9^156 \bmod 11 = 9$
So it verifies -> $E(p) = E(h)^t$
Case2: Polynomial is over $Z_{11}$
In this case, t(s=14) = (13*12)%11 = 2
So $E(h)^t$ = $9^2 \bmod 11 = 4$.
Here it doesn't verify.
The reason it doesn't verify is because
$g^c \bmod m$ = $g^{c \bmod m-1} \bmod m$
i.e. t(s) needs to be reduced by 10 rather than by 11. However if the polynomial is over $Z_{11}$, then it gets reduced by 11 rather than by 10.
So based on this, I think the polynomial is defined over $Z$ rather than over $Z_7$.
However on page 7, he writes
while theoretically polynomial coefficients $c_i$ can have a vast range of values, in reality, it might be quite limited (6 in the previous example)
Where did the 6 come from here? If it's over $Z$, then co-efficient can be any integer. If he writes it's limited to 6, then it has to be over some $Z_n$. If it was over $Z_7$, then it would be limited to 7 & not 6. If it was over $Z_6$, then it would be limited to 6$.
So is the polynomial defined or $Z$ or is it defined over $Z_7$ or is it defined over $Z_6$?