fix: ultra num public inputs derivation

[iakovenkos]

• Don't use get_value() on vk member, derive from proof size, make sure it matches the value from the vk

• Added new bb::ProofLength gadget responsible for all Chonk and Honk proof/public inputs lengths computations

[iakovenkos]

It was somewhat misleading to call those w/o pub inputs in VMs

[iakovenkos]

Realized that MLB Flavor is quite confusing due to copy-pasted structures. Simplified those as a byproducr

[iakovenkos]

Should be faster to modify now

[iakovenkos]

This class was essentially unused, + eq's are not witnesses.

[iakovenkos]

So, my goal was to always derive num_public_inputs from the proof size. But the methods used to compute the "fixed" sizes were flavor-linked. Instead I wanted to have something context-dependent like HypernovaInstanceToAccum length that still re-uses lots from Honk proof building blocks. As a result, we have all honk/chonk proof length computations in one place + it's easy to deduce num_public inputs

[iakovenkos]

note that previously we would use .get_value(). though substituting the real witness value with something else would have created a different circuit, feels more robust when such discrepancy immediately leads to a failed constraint

[ledwards2225]

Interesting, so the idea is that leads to a better error in the circuit failure case?

[iakovenkos]

I was concerned about vk->num_public_inputs.get_value() in general, as then we would need to analyze whether a malicious actor can ignore this value + the binding of the vk field with the proof was very implicit, namely through the loop for receiving the public inputs that uses the underlying native value, changing which would be enough to change this circuit's VK and cause a verification failure against a correctly computed VK, but now it's obvious that this loop uses the same value that's in the vk

[iakovenkos]

Had to split process_padding method, cause integer log_n is needed before oink, and padding indicator array can only be computed after oink -- vk member log_circuit_size gets hashed and untagged as a free witness

[ledwards2225]

LGTM - thanks for the improvements

[AztecBot]

Flakey Tests

🤖 says: This CI run detected 4 tests that failed, but were tolerated due to a .test_patterns.yml entry.

\033FLAKED\033 (8;;http://ci.aztec-labs.com/47bbe7f15962c754�47bbe7f15962c7548;;�):  yarn-project/end-to-end/scripts/run_test.sh simple src/e2e_epochs/epochs_first_slot.test.ts (230s) (code: 1) group:e2e-p2p-epoch-flakes (\033iakovenkos\033: upd vks hash)
\033FLAKED\033 (8;;http://ci.aztec-labs.com/48187d2442d1e742�48187d2442d1e7428;;�):  yarn-project/end-to-end/scripts/run_test.sh simple src/e2e_epochs/epochs_high_tps_block_building.test.ts (279s) (code: 1) group:e2e-p2p-epoch-flakes (\033iakovenkos\033: upd vks hash)
\033FLAKED\033 (8;;http://ci.aztec-labs.com/d224bff8670c857e�d224bff8670c857e8;;�):  yarn-project/end-to-end/scripts/run_test.sh simple src/e2e_p2p/reqresp.test.ts (368s) (code: 1) group:e2e-p2p-epoch-flakes (\033iakovenkos\033: upd vks hash)
\033FLAKED\033 (8;;http://ci.aztec-labs.com/dc8d8eac9e38bcf9�dc8d8eac9e38bcf98;;�):  yarn-project/end-to-end/scripts/run_test.sh simple src/e2e_p2p/valid_epoch_pruned_slash.test.ts (404s) (code: 1) group:e2e-p2p-epoch-flakes (\033iakovenkos\033: upd vks hash)