Implement conditional_check_verify for NIZKs (#195)

* Implement `ToBitsGadget` for `UInt8` and `Vec<UInt8>`
* Add `kary_or` function to `Boolean`.

r1cs-std/src/bits/boolean.rs

@@ -549,6 +549,22 @@ impl Boolean {
         Ok(cur)
     }
 
+    pub fn kary_or<ConstraintF, CS>(mut cs: CS, bits: &[Self]) -> Result<Self, SynthesisError>
+    where
+        ConstraintF: Field,
+        CS: ConstraintSystem<ConstraintF>,
+    {
+        assert!(!bits.is_empty());
+        let mut bits = bits.iter();
+
+        let mut cur: Self = *bits.next().unwrap();
+        for (i, next) in bits.enumerate() {
+            cur = Boolean::or(cs.ns(|| format!("OR {}", i)), &cur, next)?;
+        }
+
+        Ok(cur)
+    }
+
     /// Asserts that at least one operand is false.
     pub fn enforce_nand<ConstraintF, CS>(mut cs: CS, bits: &[Self]) -> Result<(), SynthesisError>
     where

r1cs-std/src/bits/mod.rs

@@ -58,6 +58,15 @@ impl<ConstraintF: Field> ToBitsGadget<ConstraintF> for Vec<Boolean> {
     }
 }
 
+impl<ConstraintF: Field> ToBitsGadget<ConstraintF> for UInt8 {
+    fn to_bits<CS: ConstraintSystem<ConstraintF>>(
+        &self,
+        _cs: CS,
+    ) -> Result<Vec<Boolean>, SynthesisError> {
+        Ok(self.into_bits_le())
+    }
+}
+
 impl<ConstraintF: Field> ToBitsGadget<ConstraintF> for [UInt8] {
     fn to_bits<CS: ConstraintSystem<ConstraintF>>(
         &self,
@@ -71,6 +80,19 @@ impl<ConstraintF: Field> ToBitsGadget<ConstraintF> for [UInt8] {
     }
 }
 
+impl<ConstraintF: Field> ToBitsGadget<ConstraintF> for Vec<UInt8> {
+    fn to_bits<CS: ConstraintSystem<ConstraintF>>(
+        &self,
+        _cs: CS,
+    ) -> Result<Vec<Boolean>, SynthesisError> {
+        let mut result = Vec::with_capacity(&self.len() * 8);
+        for byte in self {
+            result.extend_from_slice(&byte.into_bits_le());
+        }
+        Ok(result)
+    }
+}
+
 pub trait ToBytesGadget<ConstraintF: Field> {
     /// Outputs a canonical byte-wise representation of `self`.
     ///