Apply suggestions from code review

Co-authored-by: Daira Hopwood <daira@jacaranda.org>
Co-authored-by: str4d <jack@electriccoin.co>

book/src/design/circuit/gadgets/ecc.md

@@ -5,13 +5,13 @@ Inputs: $P = (x_P, y_P), Q = (x_Q, y_Q)$
 Output: $A = P + Q = (x_A, y_A)$
 
 Formulae:
-- $\lambda \cdot (x_p - x_{q}) = y_p - y_{q}$
-- $x_{a} = \lambda^2 - x_{q} - x_p$
-- $y_{a} = \lambda(x_{q} - x_{a}) - y_{q}$
+- $\lambda \cdot (x_p - x_q) = y_p - y_q$
+- $x_a = \lambda^2 - x_q - x_p$
+- $y_a = \lambda(x_q - x_a) - y_q$
 
 Substituting for $\lambda$, we get the constraints:
-- $(x_{a} + x_{q} + x_p) \cdot (x_p - x_q)^2 - (y_p - y_{q})^2 = 0$
-- $(y_{a} + y_{q})(x_p - x_{q}) - (y_p - y_{q})(x_{q} - x_{a}) = 0$
+- $(x_a + x_q + x_p) \cdot (x_p - x_q)^2 - (y_p - y_q)^2 = 0$
+- $(y_a + y_q)(x_p - x_q) - (y_p - y_q)(x_q - x_a) = 0$
 
 ## Complete addition
 
@@ -34,8 +34,8 @@ $$
 \begin{aligned}
 P + Q &= R\\
 (x_p, y_p) + (x_q, y_q) &= (x_r, y_r) \\
-                \lambda &= \frac{y_q - y_p}{x_q - x_p} \\
-                    x_r &= \lambda^2 - x_p - x_q \\
+                \lambda &= \frac{y_p - y_q}{x_p - x_q} \\
+                    x_r &= \lambda^2 - x_q - x_p \\
                     y_r &= \lambda(x_p - x_r) - y_p
 \end{aligned}
 $$

book/src/design/circuit/gadgets/ecc/fixed-base-scalar-mul.md

@@ -14,8 +14,8 @@ $$\alpha = k_0 + k_1 \cdot (2^3)^1 + \cdots + k_{84} \cdot (2^3)^{84}, k_i \in [
 ## Load fixed base
 Then, we precompute multiples of the fixed base $B$ for each window. This takes the form of a window table: $M[0..85)[0..8)$ such that:
 
-- for the first 84 rows $M[0..83][0..7]$: $$M[w][k] = [(k+1) \cdot (2^3)^w]B$$
-- in the last row $M[84][0..7]$: $$M[w][k] = [k \cdot (2^3)^w - \sum\limits_{j=0}^{83} (2^3)^j]B$$
+- for the first 84 rows $M[0..84)[0..8)$: $$M[w][k] = [(k+1) \cdot (2^3)^w]B$$
+- in the last row $M[84][0..8)$: $$M[w][k] = [k \cdot (2^3)^w - \sum\limits_{j=0}^{83} (2^3)^j]B$$
 
 The additional $(k + 1)$ term lets us avoid adding the point at infinity in the case $k = 0$. We offset these accumulated terms by subtracting them in the final window, i.e. we subtract $\sum\limits_{j=0}^{83} (2^3)^j$.
 
@@ -23,7 +23,7 @@ For each window of fixed-base multiples $M[w] = (M[w][0], \cdots, M[w][7]), w \i
 - Define a Lagrange interpolation polynomial $\mathcal{L}_x(k)$ that maps $k \in [0..7]$ to the $x$-coordinate of the multiple $M[w][k]$, i.e.
   $$
   \mathcal{L}_x(k) = \begin{cases}
-    ([(k + 1) \cdot 8^w] B)_x &\text{for } w \in [0..83]; \\
+    ([(k + 1) \cdot 8^w] B)_x &\text{for } w \in [0..84); \\
     ([k \cdot (8)^w - \sum\limits_{j=0}^{83} (8)^j] B)_x &\text{for } w = 84; \text{ and}
   \end{cases}
   $$
@@ -40,7 +40,7 @@ We load these precomputed values into fixed columns whenever we do fixed-base sc
 ## Fixed-base scalar multiplication
 Given a decomposed scalar $\alpha$ and a fixed base $B$, we compute $[\alpha]B$ as such:
 
-1. For each $k_w, w \in [0..84], k_w \in [0..7]$ in the scalar decomposition, witness the $x$- and $y$-coordinates $(x_w,y_w) = M[w][k_w].$
+1. For each $k_w, w \in [0..85), k_w \in [0..8)$ in the scalar decomposition, witness the $x$- and $y$-coordinates $(x_w,y_w) = M[w][k_w].$
 2. Check that $(x_w, y_w)$ is on the curve: $y_w^2 = x_w^3 + b$.
 3. Witness $u_w$ such that $y_w + z_w = u_w^2$.
 4. Use [incomplete addition](./incomplete-add.md) to sum the $M[w][k_w]$'s, resulting in $[\alpha]B$.