Compute Decider's CM challenges in Groth16 circuit, link G16 & KZG proofs in Onchain Decider, refactor CommitmentScheme trait (#79)

* Compute Decider's CM challenges in Groth16 circuit, link G16 & KZG proofs in Onchain Decider, refactor CommitmentScheme trait

- Refactor commitment package
  - Refactor `Commitment` trait and the kzg, ipa, pedersen impls
  - Add methods to prove & verify given challenges (not computing them in-method)
- Add KZG challenges computation in decider_eth_circuit
- Add cmE & cmW KZG proving & verification in DeciderEth
- Link Decider's Groth16 proof & KZG proofs data
- Fix point to bytes arkworks inconsistency
- Patch ark_curves to use a cherry-picked version with bn254::constraints & grumpkin for v0.4.0 (once arkworks v0.5.0 is released this will no longer be needed)

* DeciderEthCircuit: Add check eval=p(c) for E & W

The check is temporary disabled due
https://github.com/privacy-scaling-explorations/folding-schemes/issues/80,
but the public inputs and logic are there, to be able to continue the
other parts development while issue #80 is solved.

solidity-verifiers/src/verifiers/mod.rs

@@ -68,8 +68,8 @@ mod tests {
     use askama::Template;
     use folding_schemes::{
         commitment::{
-            kzg::{KZGProver, KZGSetup, ProverKey},
-            CommitmentProver,
+            kzg::{ProverKey, KZG},
+            CommitmentScheme,
         },
         transcript::{
             poseidon::{poseidon_test_config, PoseidonTranscript},
@@ -131,7 +131,7 @@ mod tests {
         let (g16_pk, g16_vk) = Groth16::<Bn254>::setup(circuit, &mut rng).unwrap();
 
         let (kzg_pk, kzg_vk): (ProverKey<G1>, VerifierKey<Bn254>) =
-            KZGSetup::<Bn254>::setup(&mut rng, n);
+            KZG::<Bn254>::setup(&mut rng, n).unwrap();
         (kzg_pk, kzg_vk, g16_pk, g16_vk, circuit)
     }
 
@@ -290,9 +290,8 @@ mod tests {
         let v: Vec<Fr> = std::iter::repeat_with(|| Fr::rand(&mut rng))
             .take(DEFAULT_SETUP_LEN)
             .collect();
-        let cm = KZGProver::<G1>::commit(&kzg_pk, &v, &Fr::zero()).unwrap();
-        let (eval, proof) =
-            KZGProver::<G1>::prove(&kzg_pk, transcript_p, &cm, &v, &Fr::zero(), None).unwrap();
+        let cm = KZG::<Bn254>::commit(&kzg_pk, &v, &Fr::zero()).unwrap();
+        let proof = KZG::<Bn254>::prove(&kzg_pk, transcript_p, &cm, &v, &Fr::zero(), None).unwrap();
         let template = HeaderInclusion::<KZG10Verifier>::builder()
             .template(kzg_data)
             .build()
@@ -303,10 +302,10 @@ mod tests {
         let mut evm = Evm::default();
         let verifier_address = evm.create(kzg_verifier_bytecode);
 
-        let (cm_affine, proof_affine) = (cm.into_affine(), proof.into_affine());
+        let (cm_affine, proof_affine) = (cm.into_affine(), proof.proof.into_affine());
         let (x_comm, y_comm) = cm_affine.xy().unwrap();
         let (x_proof, y_proof) = proof_affine.xy().unwrap();
-        let y = eval.into_bigint().to_bytes_be();
+        let y = proof.eval.into_bigint().to_bytes_be();
 
         transcript_v.absorb_point(&cm).unwrap();
         let x = transcript_v.get_challenge();
@@ -372,9 +371,8 @@ mod tests {
         let v: Vec<Fr> = std::iter::repeat_with(|| Fr::rand(&mut rng))
             .take(DEFAULT_SETUP_LEN)
             .collect();
-        let cm = KZGProver::<G1>::commit(&kzg_pk, &v, &Fr::zero()).unwrap();
-        let (eval, proof) =
-            KZGProver::<G1>::prove(&kzg_pk, transcript_p, &cm, &v, &Fr::zero(), None).unwrap();
+        let cm = KZG::<Bn254>::commit(&kzg_pk, &v, &Fr::zero()).unwrap();
+        let proof = KZG::<Bn254>::prove(&kzg_pk, transcript_p, &cm, &v, &Fr::zero(), None).unwrap();
 
         let decider_template = HeaderInclusion::<NovaCyclefoldDecider>::builder()
             .template(nova_cyclefold_data)
@@ -387,10 +385,10 @@ mod tests {
         let mut evm = Evm::default();
         let verifier_address = evm.create(nova_cyclefold_verifier_bytecode);
 
-        let (cm_affine, proof_affine) = (cm.into_affine(), proof.into_affine());
+        let (cm_affine, proof_affine) = (cm.into_affine(), proof.proof.into_affine());
         let (x_comm, y_comm) = cm_affine.xy().unwrap();
         let (x_proof, y_proof) = proof_affine.xy().unwrap();
-        let y = eval.into_bigint().to_bytes_be();
+        let y = proof.eval.into_bigint().to_bytes_be();
 
         transcript_v.absorb_point(&cm).unwrap();
         let x = transcript_v.get_challenge();