* bn256+grumpkin from halo2curves

* chore: Integrate halo2curves more extensively

- Extend existing tests with additional test cases using the new curve types

* fix: Assign correct orders to bn256 and grumpkin scalar fields

- Swap scalar orders between grumpkin and bn256 in `impl_traits!` implementation

* test: Finish improving test integration with halo2curves

- Enhances test coverage for `pasta_curves` and `halo2curves`
- Cleans up commented code in `test_ivc_nontrivial` and `test_ivc_nontrivial_with_compression` tests
- Updates relevant test cases in `src/lib.rs` to include new curve tests

* chore: Remove commented-out/uneeded code in bn254_grumpkin.rs

* test: reproduce test_from_label for bn254_grumpkin

- Implement the `from_label_serial` function in bn254_grumpkin provider
- Add a test to compare parallel and serial implementations of `from_label` function

* refactor: Clean up to_coordinate & summarize changes

* refactor: rename bn254_grumpkin -> bn256_grumpkin

* test: Expand testing for public params digest using bn256 and grumpkin

* chore: Update halo2curves dependency in Cargo.toml

- Updated the `halo2curves` dependency in `Cargo.toml` to the latest version `0.1.0` from a specific git branch.

* refactor: Refactor multi-exponentiation methods across providers

- Updated bn256_grumpkin.rs to use the cpu_best_multiexp function from pasta provider instead of its native function.
- Modified visibility of cpu_best_multiexp function in pasta.rs from private to crate level.

* chore: set up dependencies to import the correct getrandom feature on Wasm

---------

Co-authored-by: Leo Alt <leo@ethereum.org>

* test: compute_path

* refactor: path computation

- Improve path concatenation by utilizing built-in `join` method

* refactor: replace `PartialEq` with derived instance

- Derive `PartialEq` for `SatisfyingAssignment` struct
- Remove redundant manual implementation of `PartialEq`

Cargo-expand generates:
```
        #[automatically_derived]
        impl<G: ::core::cmp::PartialEq + Group> ::core::cmp::PartialEq
        for SatisfyingAssignment<G>
        where
            G::Scalar: PrimeField,
            G::Scalar: ::core::cmp::PartialEq,
            G::Scalar: ::core::cmp::PartialEq,
            G::Scalar: ::core::cmp::PartialEq,
            G::Scalar: ::core::cmp::PartialEq,
            G::Scalar: ::core::cmp::PartialEq,
        {
            #[inline]
            fn eq(&self, other: &SatisfyingAssignment<G>) -> bool {
                self.a_aux_density == other.a_aux_density
                    && self.b_input_density == other.b_input_density
                    && self.b_aux_density == other.b_aux_density && self.a == other.a
                    && self.b == other.b && self.c == other.c
                    && self.input_assignment == other.input_assignment
                    && self.aux_assignment == other.aux_assignment
            }
        }
```

* refactor: avoid default for PhantomData Unit type

* refactor: replace fold with sum where applicable

- Simplify code by replacing `fold` with `sum` in various instances

* refactor: decompression method in sumcheck.rs

* refactor: test functions to use slice instead of vector conversion

* refactor: use more references in functions

- Update parameter types to use references instead of owned values in various functions that do not need them
- Replace cloning instances with references

* Improve performance of recursive

* Fix the test after rebase

* Fix CI/CD warnings

* Update benchmark to work with new interface of RecursiveSNARK

* Fix example to make sure step 1 is correct

* refactor: Removes unneeded pass-by value in verification

- Update function arguments to use borrowing instead of passing ownership

* Resolve the conflict with upstream branch

* refactor: Avoid extra input cloning in RecursiveSNARK::new

* Update criterion to 0.5.1 to prevent the panic with its plot

* Fix benchmark issue with new recursive_snark instance

* Fix CI/CD warning with

* refactor: Make mutation easier to observe

- Utilize mutable references to Points for better memory management

* chore: Downgrade clippy dependency for compatibility

---------

Co-authored-by: François Garillot <francois@garillot.net>

* genericize test_tiny_r1cs

* chore: remove redundant clone in scalar_mul

Makes clippy happy

* refactor: make circuit tests generic wrt curves

- Improve modularity by introducing generic `test_recursive_circuit_with` function in `src/circuit.rs`
- Refactor `test_recursive_circuit` to utilize the new function
- Implement type constraints for `test_recursive_circuit_with` function

* refactor: make bellperson tests generic in type of group

- Introduce `test_alloc_bit_with` function utilizing generic types
- Adapt existing `test_alloc_bit` function to use the new `test_alloc_bit_with` function with correct types

* refactor: make the nifs test generic in the type of group

* refactor: make the ivc tests generic in the type of curve

* refactor: simplify generics in tests

* make the keccak tests generic

* make the poseidon tests generic

* make the spartan tests generic

* chore: update to ff/group 0.13 and associated dependencies

Updates:
- zkcrypto/ff, zkcrypto/group to 0.13,
- bellperson to 0.25,
- pasta_curves to 0.5.1, and removes the fil_pasta_curves fork
- pasta-msm should no longer need a fork (WIP)

Adapts source in function, mostly for const usage and API updates.

* expose the portable feature of pasta-MSM

* update pointer to pasta-msm

* Clippy

---------

Co-authored-by: François Garillot <francois@garillot.net>

* spark-based commitments to R1CS matrices

* small fixes

* checkpoint

* simplify further

* checkpoint

* gens --> ck

* update benches

* address clippy

* cleanup

* update version

make spartan generic over the evaluation engine

update version

disable Wasm CI check

* Clippy with Rust 1.67

* Clippy/Rustfmt with Rust 1.66.1

* make ecc gadgets defined over Group rather than PrimeField

* use curve parameters from Group trait

* optimize ECC ops

* update version

* optimize add constraints

* optimize double by rewriting a constraint involving an inverted element

* support for arbitrary arity for F

* revive MinRoot example

* revive tests

* revive ecdsa

* remove unused code

* use None instead of Some(1u32)

* revive benches

* fix clippy warning

* integrate with neptune's sponge

* fix clippy warning

* add checks to ensure at most one squeeze

* add checks to ensure at most one squeeze

* rename methods for better clarity

* rename

* Bump version

* cleanup RO usage inside the circuit: use traits

* Add a note

* rename types for clarity

* make addition complete. test addition corner cases. optimizations

* optimization and comment

* fix errors

* all tests pass

* begin adding verification checks

* add verifier checks

* remove unnecessary dead_code

* recursion attempt

* address clippy

* initialize the running instance and witness of the primary correctly

* add asserts for debugging

* fix a bug in AllocatedPoint

* add debug statements

* fix an issue with how we inputize hashes; remove debug statements

* rename

* cleanup

* speedup tests

* require step_circuit implementors to provide a way to execute step computation

* recursion APIs (WIP)

* PublicParams struct and associated new

* fix build

* draft of APIs

* start with tests

* add a test case for the base case of recursion

* output the incoming instance as the running instance in one of the circuits

* Make some verifier circuit inputs optional (for base case)

* switch to RO in the Group trait

* simplify compression

* absorb IO as bignum for relaxedR1CS

* add hash(params, U, z0, zi, i) when generating a challenge

* address clippy

* fix build

* switch to stable

* make gadgets public, expose coords, cleanup

* fix clippy

* update crate versions

* refactor

* small tweaks

* run cargo fmt

* fix comments

* remove unused code

* address clippy

Co-authored-by: Srinath Setty <srinath@microsoft.com>

* VerificationCircuit --> NIFSVerifierCircuit, for clarity

* InnerCircuit --> StepCircuit

* Rename

* cleanup imports

* additional cleanup in the test

* small cleanup

* ECC scalar multiplication (first draft)

* fix clippy nits

* start implementing the ro gadget: 1st design Poseidon + truncate

* truncate to 128 bits

* implement add + double in constraints

* finish implementing constraints for ecc

* cargo fmt

* input of smul should be an array of bits

* cleanup ro a bit. Make the challenge returned be a vec of allocated bits

* switch to neptune 6.0

* start implementing high level circuit

* incomplete version of the verifier circuit with many TODOS

* optimize ecc ops. add i ==0 case to the circuit

* fix 0/1 constants at the circuit

* wrap CompressedGroupElement of Pallas and Vesta

* cargo fmt

* generate poseidon constants once instead of every time we call get_challenge

* Implement RO-based poseidon to use outside of circuit. Reorganize the repo

* add inner circuit to verification circuit

* start adding folding of the io. there is an error in the first call to  mult_mod

* add test to check that bellperson-nonnative is compatible with nova

* remove swap file

* add another test that fails

* add inputs to the circuits in tests

* rename q to m in circuit.rs. add more tests in test_bellperson_non_native. change a in test_mult_mod to expose error

* push test for equal_with_carried. fix the issue is src/r1cs.rs

* cargo fmt + update the verifier circuit: add folding of X and update all hashes with X

* make limb_width and n_limbs parameters

* make params part of h1

* allocate the field order as constant. add check that z0 == zi when i == 0

* fix error in test_poseidon_ro

* remove merge error

* small fixes

* small fixes to comments

* clippy lints

* small edits; rename tests

* move inputize before from_num

* _limbs --> _bn

* _limbs --> _bn

Co-authored-by: Ioanna <iontzialla@gmail.com>