Docs fix spelling issues (#24)

Co-authored-by: William Woodruff <william@yossarian.net>

content/docs/zkdocs/commitments/kzg_polynomial_commitment.md

@@ -152,10 +152,10 @@ The KZG commitment scheme as presented above can be viewed as a generalization o
 
 In a similar vein, let $\varf(\varx)$ be a degree-$t$ polynomial.
 * An adversary capable of solving the Discrete Log problem can find the discrete log of $\varC(\varf) = {\varf(\alpha)} \cdot g_1$ and acquire $\langle \alpha, \varf(\alpha)\rangle$. Thus the scheme is only computationally hiding.
-* If $\varf(\varx_0)$ is chosen from a small set, say $\\{0,1\\}$, then given $t$ openings an adversary can "guess and check" the value of $\varf(\varx_0)$. Thus the scheme does not possess indistinguishablity.
+* If $\varf(\varx_0)$ is chosen from a small set, say $\\{0,1\\}$, then given $t$ openings an adversary can "guess and check" the value of $\varf(\varx_0)$. Thus the scheme does not possess indistinguishability.
 
 There are two common approaches to resolve these issues:
-1. Choose one extra point on $f$ at random: if you want to commit to $t$ "useful" points, instead commit to $t+1$ points, where the last point is chosen uniformly at random. Then, any subset of the $t$ useful points may be revealed without breaking indistinguishablity.
+1. Choose one extra point on $f$ at random: if you want to commit to $t$ "useful" points, instead commit to $t+1$ points, where the last point is chosen uniformly at random. Then, any subset of the $t$ useful points may be revealed without breaking indistinguishability.
 2. Use the "Pedersen Variant": let $h_1$ be an agreed-upon random generator of $\cgroup_1$. To commit to a degree-$t$ polynomial $\varf$, choose a random degree-$t$ polynomial $\hat{\varf}$ and publish ${\varf(\alpha)}\cdot g_1 +  {\hat{\varf}(\alpha)} \cdot h_1$. To open at a point $\varx_0$, let 
 $$
 w = {\frac{\varf(\alpha) - \varf(\varx_0)}{\alpha - \varx_0}}\cdot g_1 + {\frac{\hat{\varf}(\alpha) - \hat{\varf}(\varx_0)}{\alpha - \varx_0}}\cdot h_1
@@ -181,4 +181,4 @@ $$
 ## Security Pitfalls
 * __Small-order elements:__ Pairing based cryptography often involves elliptic curve groups of composite order. Any elliptic curve points accepted from untrusted parties must be verified to reside in the proper large prime-order subgroup.
 * __Polynomial interpolation:__ If $t+1$ points on a degree-$t$ polynomial are revealed, then all further points can be recovered.
-* __Trusted setup:__ If using a trusted setup, $\mathbf{SK}$ must be generated with strong randomness and erased immediately after generating $\mathbf{PK}$.
+* __Trusted setup:__ If using a trusted setup, $\mathbf{SK}$ must be generated with strong randomness and erased immediately after generating $\mathbf{PK}$.

content/docs/zkdocs/security-of-zkps/when-to-use-hvzk.md

@@ -31,7 +31,7 @@ Recall that in [Short factoring proofs](../../zero-knowledge-protocols/short-fac
  $$
 {{< /rawhtml >}}
 
-After the initial commit, the verifier responds with a challenge $e$ supposedly sampled from $\range{B}$. However, being malicious, the verifier choses $\vare=A$, the maximum value that $\varr$ can be. So, that after receiving $\vary = \varr + (\varN - \varphi(\varN))\cdot \vare$, they can compute $\varN - \vary//\vare$ which will reveal $\varphi(\varN)$.
+After the initial commit, the verifier responds with a challenge $e$ supposedly sampled from $\range{B}$. However, being malicious, the verifier chooses $\vare=A$, the maximum value that $\varr$ can be. So, that after receiving $\vary = \varr + (\varN - \varphi(\varN))\cdot \vare$, they can compute $\varN - \vary//\vare$ which will reveal $\varphi(\varN)$.
 
 
 ## The case of the Two-Prime-Divisor proof

content/docs/zkdocs/zero-knowledge-protocols/ipa.md

@@ -54,7 +54,7 @@ We will construct the commitment as a combination of commitments to vector $\vec
 $$
 \varC_P \coloneqq \ip{\veca}{\vecG} + \ip{\vecb}{\vecH}.
 $$
-Then, the verifier samples a random group element $\sampleCgroup{\varU}$ and sends it the prover. The prover and the verifier independently compute the full commitment
+Then, the verifier samples a random group element $\sampleCgroup{\varU}$ and sends it to the prover. The prover and the verifier independently compute the full commitment
 $$
 \varC \coloneqq \ip{\veca}{\vecG} + \ip{\vecb}{\vecH} + \ip{\veca}{\vecb} \cdot \varU.
 $$
@@ -342,4 +342,4 @@ This construction requires the prover to send $2m + 1$ group elements ($\varC_P,
 
 
 ## See also
- - {{< section_entry "docs/zkdocs/commitments/ipa-pcs" >}}
+ - {{< section_entry "docs/zkdocs/commitments/ipa-pcs" >}}

content/docs/zkdocs/zero-knowledge-protocols/product-primes/square-freeness.md

@@ -31,7 +31,7 @@ We assume that both parties agree with the security parameters $\alpha, \kappa$
 
 ## Interactive protocol (HVZK)
 {{< hint danger >}}
-**Security note:** The protocol is zero-knowledge (does not reveal the factorization of $\varN$) only when the verifier is honest and generates each $\rhovar_i$ randomly. If the verifier choses these values maliciously they can recover the factorization of $\varN$. If your attacker model takes this into consideration, use the non-interactive version. More details on [Using HVZKP in the wrong context](../../../security-of-zkps/when-to-use-hvzk).
+**Security note:** The protocol is zero-knowledge (does not reveal the factorization of $\varN$) only when the verifier is honest and generates each $\rhovar_i$ randomly. If the verifier chooses these values maliciously they can recover the factorization of $\varN$. If your attacker model takes this into consideration, use the non-interactive version. More details on [Using HVZKP in the wrong context](../../../security-of-zkps/when-to-use-hvzk).
 {{< /hint >}}
 
 {{< rawhtml >}}