zkSnark Intro by Maksym Petkus: Is the polynomial defined over $Z$ or is it defined over $Z_n$?

I am reading this explanation of zkSnark written by Maksym Petkus - http://www.petkus.info/papers/WhyAndHowZkSnarkWorks.pdf

Here he has a polynomial $p(x) = x^3 − 3x^2 + 2x$

and the homomorphic encryption defined as $E(c) = g^c \bmod 7$

It's a little unclear as to where the polynomial is defined over $Z$ or is it defined over $Z_7$ - it's left a little ambiguous in the text.

This matters in the step where the verifier evaluates $E(h.t) = E(h)^t$. I can better explain my question with $Z_{11}$ instead of $Z_7$, so I am using $Z_{11}$ below.

Let's assume $E(c) = g^c \bmod 11$

Verifier samples at s = 14

$E(s^0)= 5, E(s^1)= 9, E(s^2) = 5, E(s^3) = 9$

Prover calculates $E(p(s)) = (9 * 5^{-3} * 9^2) \bmod 11 = 9$

calculates $E(h(s)) = 5$. Sends E(p)= 9 and E(h) = 9 to verifier

Verifier calculates t(s=14) Consider two cases

Case1: Polynomial is over $Z$ In this case, t(s=14) = (13*12) = 156 So $E(h)^t$ = $9^156 \bmod 11 = 9$

So it verifies -> $E(p) = E(h)^t$

Case2: Polynomial is over $Z_{11}$ In this case, t(s=14) = (13*12)%11 = 2 So $E(h)^t$ = $9^2 \bmod 11 = 4$. Here it doesn't verify.

The reason it doesn't verify is because

$g^c \bmod m$ = $g^{c \bmod m-1} \bmod m$

i.e. t(s) needs to be reduced by 10 rather than by 11. However if the polynomial is over $Z_{11}$, then it gets reduced by 11 rather than by 10.

So based on this, I think the polynomial is defined over $Z$ rather than over $Z_7$.

However on page 7, he writes

while theoretically polynomial coefficients $c_i$ can have a vast range of values, in reality, it might be quite limited (6 in the previous example)

Where did the 6 come from here? If it's over $Z$, then co-efficient can be any integer. If he writes it's limited to 6, then it has to be over some $Z_n$. If it was over $Z_7$, then it would be limited to 7 & not 6. If it was over $Z_6$, then it would be limited to 6$.

So is the polynomial defined or $Z$ or is it defined over $Z_7$ or is it defined over $Z_6$?

What we would like for the most general applications is for $p(x)$ to be defined over $\mathbb Z$. However, there is no general, finite homomorphic cryptographic scheme into which we can injectively map elements of $\mathbb Z$. Instead we have to map into a large prime field (note that section 3.2 elides the use of an integral domain), which should suffice for demonstrating knowledge of $p(x)$ constructed from small integer roots. This group is represented as a prime order subgroup of whatever cryptographic group we’re using (we can work in the full group, but as noted this runs into the problem of not being an integral domain). In the case of the group $(\mathbb Z/7\mathbb Z)^\times$, the group is of order 6 and we should think that for verification purposes $p(x)$ is defined over $\mathbb Z/6\mathbb Z$ if we’re not concerned with working in an integral domain. In your mod 11 example therefore $p(x)$ should be thought of as a polynomial mod 10 (again ignoring problems of non-integral domains). As you can tell, small examples such as this run into all manner of ambiguity problems which become vanishingly unlikely as the size of the subgroup grows relative to the size and number of roots.