I'm trying to understand the structure of Rings used in Ring-LWE based on Chris Peikert's Decade of Lattice Based Cryptography paper. The paper says that $$R := \mathbb{Z}[x]\big /\langle f(x) \rangle$$ and clearly for this to make sense, $f(x) \in \mathbb{Z}[x]$. But then $R_q$ is defined as $$R_q := R\big / qR \stackrel{?}{=} \mathbb{Z}_q[x]\big / \langle f(x) \rangle$$
So my question is which ring does $f(x)$ in the second equation come from? That is, is $f(x) \in \mathbb{Z}_q[x]$ in the second equation, or is there some other interpretation of $f(x)$ in the definition of $R_q$?
To take a concrete example, if $$f(x) = x^4 + 31 \in \mathbb{Z}[x]$$ and $q = 7$, then is it safe to say that $$ R = \mathbb{Z}[x]\big / \langle x^4 + 31 \rangle $$ and $$ R_q = \mathbb{Z}_7[x]\big / \langle x^4 + 3 \rangle$$ since $31 \equiv 3 \mod 7$.
I somehow find the notion used in cryptography extremely confusing. For starters, who uses $\mathbb{Z}_q$ to mean $\mathbb{Z}\big /q \mathbb{Z}$?
whose canonical representatives are polynomials of degree less than n with coefficients from some set of canonical representatives of$Z_q$. Yes, polynomial in $Z_q$ – kelalaka Oct 19 '21 at 08:00