add separation for links

neps/nep-0488.md

@@ -16,13 +16,13 @@ Native NEAR runtime functions for operations on BLS12-381 curve. This NEP introd
 
 ## Motivation
 
-The BLS12-381[^1][^11][^52] is a widely used[^2][^3][^4][^5][^6][^7] elliptic curve with 120+ bits security level[^8], which supports *the pairing operation*. It is an alternative for BN254 elliptic curve[^9][^12], which also supports the aggregation, and has been already implemented on NEAR as host functions[^10]. Recent research shows that BN254 security level is lower than 100-bit[^13]. Also, there is a tendency to switch from BN254 to BLS12-381 in the industry – ZCash[^14], Ethereum[^15][^3], Tezos[^16][^5] or just use it – Filecoin[^6].
+The BLS12-381[^1],[^11],[^52] is a widely used[^2],[^3],[^4],[^5],[^6],[^7] elliptic curve with 120+ bits security level[^8], which supports *the pairing operation*. It is an alternative for BN254 elliptic curve[^9],[^12], which also supports the aggregation, and has been already implemented on NEAR as host functions[^10]. Recent research shows that BN254 security level is lower than 100-bit[^13]. Also, there is a tendency to switch from BN254 to BLS12-381 in the industry – ZCash[^14], Ethereum[^15],[^3], Tezos[^16],[^5] or just use it – Filecoin[^6].
 
 The host functions implementation for the BLS12-381 curve operations from this NEP will allow to efficiently verify the BLS signature and zkSNARKs. At the moment, BLS signature verification for BLS12-381 is impossible due to the 300 TGas gas limit per one transaction on Near.
 
 As we have seen above, other blockchains are using the BLS12-381 signature. In the context of cross-chain interactions we want to have a possibility to verify transactions from these blockchains on Near. Usually, it is done by implementing the on-chain client on Near, which will verify the corresponding BLS signatures. It is especially important for the Rainbow Bridge[^17] to send trustless transfers from Ethereum to Near.
 
-zkSNARKs are useful to work with the user's private information[^18][^19]. Zeropool[^20] is a project, which implements zkSNARKs verifier on Near and is currently based on BN254. Implementation of the host functions for BLS12-381 can make the projects like that more secure. zkSNARKs are also used in Rollups[^21][^22][^23] scaling solution.
+zkSNARKs are useful to work with the user's private information[^18],[^19]. Zeropool[^20] is a project, which implements zkSNARKs verifier on Near and is currently based on BN254. Implementation of the host functions for BLS12-381 can make the projects like that more secure. zkSNARKs are also used in Rollups[^21],[^22],[^23] scaling solution.
 
 This proposal is based on a similar proposal for Ethereum: EIP-2537[^15], so you will find similar functions there.
 The closest analogues on Near are functions available for BN254 curve, also known as Alt-BN128[^10].
@@ -63,7 +63,7 @@ $$
 
 together with an imaginary point at infinity 0, where: $A, B \in F_p$, p is prime > 3, and $4A^3 + 27B^2 \not \equiv 0 \mod p$
 
-In the case of BLS12-381 equation is $y^2 \equiv x^3 + 4 \mod p$[^15][^51][^14][^11]
+In the case of BLS12-381 equation is $y^2 \equiv x^3 + 4 \mod p$[^15],[^51],[^14],[^11]
 
 **Parameters for our case:**
 
@@ -104,7 +104,7 @@ Notation: |G|  or #G, where G is group
 
 For some technical reason (for `pairing` operation which we will define later), we will work not with the hole $E(F_p)$, but only with the two subgroups $G_1$ and $G_2$ with the same **order** $r$. $G_1$ is a subset of $E(F_p)$, $G_2$ is a subgroup of another group, which we will define later. The $r$ should be prime and $G1 \ne G2$
 
-For our BLS12-381 Elliptic Curve, **the order r** of $G1$  and $G2$[^15][^51]:
+For our BLS12-381 Elliptic Curve, **the order r** of $G1$  and $G2$[^15],[^51]:
 
 - $r = 52435875175126190479447740508185965837690552500527637822603658699938581184513$
 
@@ -173,7 +173,7 @@ In most cases we will work with points from $G_2' \subset E'(F_{p^2})$ and use f
 
 
 
-$G_1$ and $G_2$ are cyclic subgroups with the following generators[^15][^51]:
+$G_1$ and $G_2$ are cyclic subgroups with the following generators[^15],[^51]:
 
 $G_1$:
 
@@ -279,7 +279,7 @@ $$h' = 3055023339312683442009997531931215042144660192541881426676640329822676041
 Key  BLS12-381 parameter used in Miller Loop:
 $$x = -15132376222941642752$$
 
-All parameters were taken from[^15][^51] and [^14], all of them consistent between sources.
+All parameters were taken from[^15],[^51] and [^14], all of them consistent between sources.
 
 ### Map to curve specification
 
@@ -747,7 +747,7 @@ Here you can find benchmark test vectors for EIP-2537[^46]. It doesn’t contain
 
 ***Tests References:***
 
-We can use all the tests for addition for Ethereum[^47][^48] to check the case with k = 2. Also, we can reuse the `error` points. Can use the vectors for multiexp functions if separately perform multiplication.
+We can use all the tests for addition for Ethereum[^47],[^48] to check the case with k = 2. Also, we can reuse the `error` points. Can use the vectors for multiexp functions if separately perform multiplication.
 
 ***Error cases:***
 
@@ -822,7 +822,7 @@ The same as for **`bls12381_g1_sum`** only change points from $G_1$ and $E(F_p)$
 
 ***Tests References:***
 
-We can use all the tests for addition for Ethereum[^47][^48] to check the case with k = 2. Also, we can reuse the `error` points. Can use the vectors for multiexp functions if separately perform multiplication.
+We can use all the tests for addition for Ethereum[^47],[^48] to check the case with k = 2. Also, we can reuse the `error` points. Can use the vectors for multiexp functions if separately perform multiplication.
 
 ***Error cases:***
 
@@ -915,7 +915,7 @@ Addition test cases:
 
 ***Tests References:***
 
-The EIP-2537 contains the same function, so we can reuse test vectors from Ethereum[^47][^48].
+The EIP-2537 contains the same function, so we can reuse test vectors from Ethereum[^47],[^48].
 
 ***Error cases:***
 
@@ -1007,7 +1007,7 @@ The same as for **`bls12381_g1_multiexp`** only change points from $G_1$ and $E(
 
 ***Tests References:***
 
-The EIP-2537 contains the same function, so we can reuse test vectors from Ethereum[^47][^48].
+The EIP-2537 contains the same function, so we can reuse test vectors from Ethereum[^47],[^48].
 
 ***Error cases:***
 
@@ -1076,7 +1076,7 @@ The gas consumption is a constant calculated empirically.
 - $a \ge p$
 - Edge cases for inner algorithms for mapping[^49]
 
-***Tests References:*** The EIP-2537 contains the same function, so we can reuse test vectors from Ethereum[^47][^48].
+***Tests References:*** The EIP-2537 contains the same function, so we can reuse test vectors from Ethereum[^47],[^48].
 
 ***Error cases:***
 
@@ -1133,7 +1133,7 @@ The gas consumption is a constant calculated empirically.
 - One of the `a` value $\ge p$
 - Edge cases for inner algorithms for mapping[^49]
 
-***Tests References:*** The EIP-2537 contains the same function, so we can reuse test vectors from Ethereum[^47][^48].
+***Tests References:*** The EIP-2537 contains the same function, so we can reuse test vectors from Ethereum[^47],[^48].
 
 ***Error cases:***
 
@@ -1221,7 +1221,7 @@ Here you can find benchmark test vectors for EIP-2537[^46].
 - The field elements are encoded incorrectly
 - Empty input
 
-***Tests References:*** The EIP-2537 contains the same function, so we can reuse test vectors from Ethereum[^47][^48].
+***Tests References:*** The EIP-2537 contains the same function, so we can reuse test vectors from Ethereum[^47],[^48].
 
 ***Error cases:***
 
@@ -1294,7 +1294,7 @@ A and B are constants calculated empirically.
 
 ***Tests References:***
 
-- Take the correct points on the curve from Ethereum tests[^47][^48] and check the correctness after decompression
+- Take the correct points on the curve from Ethereum tests[^47],[^48] and check the correctness after decompression
 - Randomly generate compressed points and check the equation correctness after decompression.
 
 ***Error cases:***
@@ -1368,7 +1368,7 @@ A and B are constants calculated empirically.
 
 ***Tests References:***
 
-- Take the correct points on the curve from Ethereum tests[^47][^48] and check the correctness after decompression
+- Take the correct points on the curve from Ethereum tests[^47],[^48] and check the correctness after decompression
 - Randomly generate compressed points and check the equation correctness after decompression.
 
 ***Error cases:***