From the PLONK paper.
On pages 19 & 20, the paper describes the prescribed permutation check in PLONK.
---------------------------------------------
My question is about the Step 3 in the protocol which I have marked in red
I am interpreting $1 \le j < i$ as $j =1$ to $j = i-1$
So the $\prod$ equation becomes
$Z(\mathbf{g}^i) = \prod_{j=1}^{j=i-1} f'(\mathbf{g}^j)/g'(\mathbf{g}^j)$
I think this should be $\prod_{j=1}^{j=i}$ instead of $\prod_{j=1}^{j=i-1}$
My reasoning is as below shown with an example where $H$ is a subgroup of 4 elements, so $n = 4$ & $[n] = \{1, 2, 3, 4\}$ & $H = \{ \mathbf{g}, \mathbf{g}^2, \mathbf{g}^3, \mathbf{g}^4\}$
I think the end result in the proof in this case is to prove that
$f'(\mathbf{g})/g'(\mathbf{g}) \star f'(\mathbf{g}^2)/g'(\mathbf{g}^2) \star f'(\mathbf{g}^3)/g'(\mathbf{g}^3) \star f'(\mathbf{g}^4)/g'(\mathbf{g}^4) = 1 $
This has 4 $f'/g'$ terms multiplied with each other.
In the case of $n=4$, the prod range becomes
So the $\prod$ equation becomes
$\prod_{j=1}^{j=4-1}$ which is $\prod_{j=1}^{j=3}$
So $j=1$ to $j=3$ will get us only 3 terms multiplied by each other. But we need 4 terms so the prod range needs to be $\prod_{j=1}^{j=i}$ instead of $\prod_{j=1}^{j=i-1}$
Or am I mistaken?
