Add solidity verifier of the nova+cyclefold (#87)

* Add solidity verifier of the nova+cyclefold, and add method to prepare the calldata from Decider's proof. Missing conversion of the point coordinates into limbs (ark compatible)

* chore: adding comments linking to the contract's signature

* chore: update .gitignore

* chore: add num-bigint as dev dependency

* fix: work with abs path for storing generated sol code

* chore: update comment

* feat: solidity verifier working on single and multi-input circuits

* feat: multi-input folding verification working + fixing encoding of additive identity in calldata

* chore: make bigint a dependency

* refactor: import utils functions from utils.rs and make them available from anywhere

* chore: make utils and evm available publicly

* fix: pub mod instead

* chore: make relevant method public and add `get_decider_template_for_cyclefold_decider` to exported objects

* solidity-verifiers: move tests to their corresponding files

* small update: Cyclefold -> CycleFold at the missing places

* abstract nova-cyclefold solidity verifiers tests to avoid code duplication, and abstract also the computed setup params (FS & Decider) to compute them only once for all related tests to save test time

* small polish after rebase to last main branch changes

* rm unneeded Option for KZGData::g1_crs_batch_points

* add checks modifying z_0 & z_i to nova_cyclefold_solidity_verifier test

* add light-test feature to decider_eth_circuit to use it in solidity-verifier tests without the big circuit

* solidity-verifiers: groth16 template: port the fix from https://github.com/iden3/snarkjs/pull/480 & https://github.com/iden3/snarkjs/issues/479

* add print warning msg for light-test in DeciderEthCircuit

* solidity-verifiers: update limbs logic to nonnative last version, parametrize limbs params

solidity-verifiers:
* update solidity limbs logic to last nonnative impl version, and to
  last u_i.x impl
* parametrize limbs params
* add light-test feature: replace the '#[cfg(not(test))]' by the
  'light-test' feature that by default is not enabled, so when running
  the github actions we enable the feature 'light-tests', and then we can
  have a full-test that runs the test without the 'light-tests' flag, but
  we don't run this big test every time.  The choice of a feature is to
  allow us to control this from other-crates tests (for example for the
  solidity-verifier separated crate tests, to avoid running the full heavy
  circuit in the solidity tests)

* move solidity constants into template constants for auto compute of params

* polishing

* revm use only needed feature

This is to avoid c depencency for c-kzg which is behind the c-kzg flag
and not needed.

* nova_cyclefold_decider.sol header

* rearrange test helpers position, add error for min number of steps

* in solidity-verifiers: 'data'->'vk/verifier key'

* add From for NovaCycleFoldVerifierKey from original vks to simplify dev flow, also conditionally template the batchCheck related structs and methods from the KZG10 solidity template

---------

Co-authored-by: dmpierre <pdaixmoreux@gmail.com>

folding-schemes/src/lib.rs

@@ -3,7 +3,7 @@
 #![allow(non_camel_case_types)]
 #![allow(clippy::upper_case_acronyms)]
 
-use ark_ec::CurveGroup;
+use ark_ec::{pairing::Pairing, CurveGroup};
 use ark_ff::PrimeField;
 use ark_std::rand::CryptoRng;
 use ark_std::{fmt::Debug, rand::RngCore};
@@ -34,8 +34,6 @@ pub enum Error {
     ProtoGalaxy(folding::protogalaxy::ProtoGalaxyError),
     #[error("std::io::Error")]
     IOError(#[from] std::io::Error),
-    #[error("{0}")]
-    Other(String),
 
     // Relation errors
     #[error("Relation not satisfied")]
@@ -68,6 +66,8 @@ pub enum Error {
     OutOfBounds,
     #[error("Could not construct the Evaluation Domain")]
     NewDomainFail,
+    #[error("The number of folded steps must be greater than 1")]
+    NotEnoughSteps,
 
     // Commitment errors
     #[error("Pedersen parameters length is not sufficient (generators.len={0} < vector.len={1} unsatisfied)")]
@@ -78,6 +78,8 @@ pub enum Error {
     CommitmentVerificationFail,
 
     // Other
+    #[error("{0}")]
+    Other(String),
     #[error("Randomness for blinding not found")]
     MissingRandomness,
     #[error("Missing value: {0}")]
@@ -178,8 +180,27 @@ pub trait Decider<
         z_i: Vec<C1::ScalarField>,
         running_instance: &Self::CommittedInstance,
         incoming_instance: &Self::CommittedInstance,
-        proof: Self::Proof,
+        proof: &Self::Proof,
         // returns `Result<bool, Error>` to differentiate between an error occurred while performing
         // the verification steps, and the verification logic of the scheme not passing.
     ) -> Result<bool, Error>;
 }
+
+/// DeciderOnchain extends the Decider into preparing the calldata
+pub trait DeciderOnchain<E: Pairing, C1: CurveGroup, C2: CurveGroup>
+where
+    C1: CurveGroup<BaseField = C2::ScalarField, ScalarField = C2::BaseField>,
+    C2::BaseField: PrimeField,
+{
+    type Proof;
+    type CommittedInstance: Clone + Debug;
+
+    fn prepare_calldata(
+        i: C1::ScalarField,
+        z_0: Vec<C1::ScalarField>,
+        z_i: Vec<C1::ScalarField>,
+        running_instance: &Self::CommittedInstance,
+        incoming_instance: &Self::CommittedInstance,
+        proof: Self::Proof,
+    ) -> Result<Vec<u8>, Error>;
+}