I hope I'm asking the question properly. I've never asked anything on this exchange before, but I didn't know where else to ask.
The paper in question I've almost got all the pieces to understand can be found here http://research.microsoft.com/pubs/180286/pinocchio.pdf
So, on page 3, section 2.2.1 is the definition of a Quadratic Arithmetic Program, and specifically it shows in figure 2 how $v_k$ is 0 for every wire that isn't a left input in their encoding. Sure.
It then says that we pick an arbitrary root $r_g \in \mathbb{F}$ for each multiplication gate. Where $\mathbb{F}$ is the finite field our QAP is computing over.
The same is true for $w_k$ on the right, and $y_k$ for output.
$$ p(x) = \left( v_0(x) + \sum_{k=1}^m c_k \cdot v_k(x)\right) \cdot \left( w_0(x) + \sum_{k=1}^m c_k \cdot w_k(x)\right) - \left( y_0(x) + \sum_{k=1}^m c_k \cdot y_k(x)\right) $$
is defined, and it says that if you compute $p(r_g)$ you should get 0 (where $r_g$ is one of our arbitrary roots).
Since, though, $v_k(x)$ and the others are defined to be 0 when $x$ does not represent an input, wouldn't $p(x) = 0$ also for $x \notin r_g$?
That seems kinda useless.
Then, later, on page 5, section 3.1 we build our $EK_F$ which has some $g^{v_k(s)}$ for a chosen $s \leftarrow^{R} \mathbb{F}$ (I can't get the $R$ over the arrow, but it is in the paper)
So, if any $s$ is chosen besides one of my roots, most of my key seems to become $g^0$, which seems dumb too, but then if that was an issue I would have thought that they would have been stricter in telling me which $s$ I can choose. I would think that if you had any $\mathbb{F}$ worth having, the chances of $s$ being one of the roots you happened to choose is vanishingly small, and so almost every key is just a bunch of $1$s.
So, I think I'm just missing something. It's possible it's something I've just misread, or it's possible it's something I don't understand.
First, I find it hard to google for "A left arrow with a letter over it", so I bet that has some significant meaning I'm missing. If so, that'd be great to know.
Second, when it comes to picking "an arbitrary root $r_g \in \mathbb{F}$" we're in the context of building a polynomial like $t(x) = (x - r_g)$, which is a root of that polynomial, which is what I assumed it meant. Is there also some other meaning in there I've missed that makes the choice of $r_g$ a little more special than anything in my field? It doesn't say "root of unity" or anything, but maybe that's implied and just went over me, or maybe there are other obvious meanings of root for a field that I missed completely.
Third, it's possible that none of that is the problem, and it's something even more fundamental that I've missed. I'm pretty sure I understand all the bits that make it work algorithmically, but computationally I have to generate a $v_k(s)$, and I can't figure out how that ever works out to something useful.
Fourth, what the hell is $v_0(x)$? I've read through the paper a bunch and not anywhere is $v_0(x)$ defined that I can see. As far as I can tell the "wires" are numbered from 1, and in their figure they give the value from $v_1$ to $v_6$ on the same page as they use $v_0$ in an equation.
Anyway, I hope this post isn't inappropriate for this area, and someone out there is willing to help me bridge this (hopefully) last gap.
Thanks for reading.