Make code to match the last Plonk paper

[xevisalle]

This PR makes the protocol to match the last version of the Plonk paper. Furthermore, it includes a document specifying our implementation of Plonk, which deviates from the original one to include custom gates.

Main changes

The main changes are:

• Make round 4 and 5 of the prover to match the paper.
• Update the computation of the linearization polynomial r.
  • The prover now adds the evaluation of the public inputs polynomial at z_challenge to r.
  • The prover now subtracts the factor multiplying the evaluation of the vanishing polynomial at z_challenge by the quotient polynomial from r. As such, the quotient polynomial is not needed to compute W_z(X).
  • The verifier now computes r_0_eval. As such, the verifier no longer needs to receive r_eval.
  • The verifier now subtracts the factor multiplying the evaluation of the vanishing polynomial at z_challenge by the quotient polynomial commitment from [D]_1. As such, the verifier doesn't need to compute t_eval, as it is not needed to compute [E]_1.
• The verifier adds u_challenge when computing the polynomial commitment [D]_1.

Minor changes

Some minor changes have been addressed:

• Rename some variables to match the paper, making it easier to assess the correctness of the protocol.
• Refactor the proof verification to improve the efficiency and to make the code more clear.
• Other minor fixes.

Collateral effects

The above changes have led to the following collateral effects:

• Proof verification is now 40% faster (~ from 6ms to 3.7ms on Apple M1).
• Proof size has been reduced by 1 BlsScalar.

[codecov]

Codecov Report

Attention: Patch coverage is 96.38298% with 17 lines in your changes missing coverage. Please review.

Project coverage is 85.44%. Comparing base (372319e) to head (883ace4).

Files	Patch %	Lines
src/composer/gate.rs	0.00%	5 Missing ⚠️
src/composer/compress.rs	55.55%	4 Missing ⚠️
src/commitment_scheme/kzg10/key.rs	90.00%	2 Missing ⚠️
src/compiler/prover.rs	97.95%	2 Missing ⚠️
src/proof_system/proof.rs	97.43%	2 Missing ⚠️
src/proof_system/widget/arithmetic/verifierkey.rs	75.00%	1 Missing ⚠️
...stem/widget/ecc/scalar_mul/fixed_base/proverkey.rs	88.88%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master     #830      +/-   ##
==========================================
+ Coverage   85.32%   85.44%   +0.11%     
==========================================
  Files          57       57              
  Lines        3687     3723      +36     
==========================================
+ Hits         3146     3181      +35     
- Misses        541      542       +1     

Files	Coverage Δ
src/commitment_scheme/kzg10/proof.rs	31.57% <100.00%> (-5.27%)	⬇️
src/commitment_scheme/kzg10/srs.rs	85.07% <100.00%> (ø)
src/compiler.rs	98.83% <100.00%> (ø)
src/composer.rs	90.36% <100.00%> (ø)
src/composer/constraint_system/constraint.rs	63.46% <100.00%> (ø)
src/composer/permutation.rs	92.60% <100.00%> (ø)
src/debugger.rs	76.11% <100.00%> (ø)
src/fft/polynomial.rs	69.31% <100.00%> (-0.17%)	⬇️
src/proof_system/linearization_poly.rs	99.04% <100.00%> (-0.16%)	⬇️
src/proof_system/quotient_poly.rs	100.00% <100.00%> (ø)
... and 19 more

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 372319e...883ace4. Read the comment docs.

[marta-belles]

LGTM