What is the KZG PCS

[τ]_{1}

stand for

τ G_{1}

Public Parameters:
$srs = ([1]_{1}, [τ]_{1}, [τ^{2}]_{1}, [τ^{3}]_{1}, \dots, [τ^{n - 1}]_{1}, [1]_{2}, [τ]_{2})$ , where the
$τ$ is a random, and will be deleted to make sure no one knows it after set up.
Prover knows:
$f (X) = a_{0} + a_{1} X + a_{2} X^{2} + \dots + a_{n - 1} X^{n - 1}$
for a Polynomial
$f (X)$ , its KZG10 Commitment is
$C_{f (X)} = f (τ) G = a_{0} G + a_{1} τ G + a_{2} τ^{2} G + \dots a_{n - 1} τ^{n - 1} G = a_{0} [1]_{1} + a_{1} [τ]_{1} + a_{2} [τ^{2}]_{1} + \dots + a^{n - 1} [τ^{n - 1}]_{1}$ , so the Prover can calculate
$C_{f (X)}$ according to the srs, and public the
$C_{f (X)}$ at first.

The verifier provides the challenge value
$ζ$ to prover, where
$ζ$ is a random value.
the prover calculate
$f (ζ) = y$ .
the prover calculate
$q (X)$ according to
$f (X) - y = q (X) \cdot (X - ζ) X \in F_{n}$
the prover calculate
$C_{q (X)} = q (τ) G$ according to the srs.
the prover send the values
$y, C_{q (X)}$ to verifier.
the verifier check
$e (C_{f (x)} - y \cdot [1]_{1}, [1]_{2}) = e (C_{q (X)}, [τ]_{2} - ζ \cdot [1]_{2})$ , because
$(f (τ) - y) \cdot 1 = q (τ) \cdot (τ - ζ)$ and
$e ([a]_{1}, [b]_{1}) = e (G, H)^{a b}$ , so if
$a_{1} b_{1} = a_{2} b_{2} \Rightarrow e ([a_{1}]_{1}, [b_{1}]_{2}) = e ([a_{2}]_{1}, [b_{2}]_{2})$

Reference

f (x) = \sum_{i = 1}^{8} (f_{i} \cdot \prod_{1 \leq j \leq 8}^{j \neq i} \frac{x - j}{i - j})

f_{1} \cdot \frac{x - 2}{1 - 2} \frac{x - 3}{1 - 3} \frac{x - 4}{1 - 4} \frac{x - 5}{1 - 5} \frac{x - 6}{1 - 6} \frac{x - 7}{1 - 7} \frac{x - 8}{1 - 8}

c = f (s) G_{1}

π_{i} = \frac{f (s) - f_{i}}{s - i} \cdot G_{1}