feat: Add support for Twisted Edwards Curves into the elliptic curve VM extension

[Avaneesh-axiom]

New changes after rebase:

• Update build script to support TE curves
• Add lazy setup functionality for TE curves
• Remove decompression-related code for TE curves (decompression is done in guest code now)

Primary change:

• Added a chip that adds two Twisted Edwards curve points and also implements a setup instruction. This chip is built using the mod-builder framework
• The setup instruction checks that the modulus is correct and the coefficients a and d from the equation of a Twisted Edwards curve are correct
• The chip's constructor checks that a is a quadratic residue and that d is not a quadratic residue. This property of a Twisted Edwards curve ensures that the addition operation is the same for all input points
• Added the Ed25519 curve to the guest library for ease-of-use
• Adapted the CachedMulTable msm approach for Twisted Edwards curves
• Renamed WeierstrassExtension to EccExtension

Related changes:

• Updated the mod-builder framework to handle setup rows that verify more than one constant
• Updated the mod-builder framework to the new method of padding rows. That is, by using a temporary range checker and constructing a dummy row (see fix: EcDoubleChip dummy row #1239)
• Updated the doubling chip for Weierstrass curves to use the updated mod-builder framework
• Changed the CurveConfig struct to accommodate for curves in Twisted Edwards curve form
• Updated the OpenVM book to explain how to use twisted Edwards curves

See this document for code-level details on differences between SW and TE curves.

Closes INT-2999

[jonathanpwang]

we got rid of num-bigint-dig, let's only use num-bigint from now on

[Avaneesh-axiom]

num-bigint-dig has jacobi symbol computation while num-bigint doesn't. I'll try to replicate it with num-bigint

[Avaneesh-axiom]

I need jacobi symbol for checking if a is QR and d is not QR for completeness

[jonathanpwang]

hm... that is really unfortunate (I don't want two bigint crates, and num-bigint-dig is less maintained than num-bigint) let me investigate

[Avaneesh-axiom]

I forgot to update you, but I have removed the dependency on num-bigint-dig. I copied over the jacobi symbol code into extensions/ecc/circuit/src/edwards_chip/utils.rs

[Avaneesh-axiom]

FYI: I added some more changes that fix a bug that I found (weierstrass and edwards opcodes would overlap in some cases)

I also added decompression hints (just like for weierstrass) to the edwards curves since I will use it in eddsa

[Avaneesh-axiom]

Update: rebased onto develop

[github-actions]

group	app.proof_time_ms	app.cycles	app.cells_used	leaf.proof_time_ms	leaf.cycles	leaf.cells_used
verify_fibair	(+27 [+2.2%]) 1,254	322,699	17,340,132	-	-	-
fibonacci	(+3 [+0.1%]) 2,660	1,500,277	50,589,503	-	-	-
regex	(-43 [-0.5%]) 7,910	4,165,226	166,511,152	-	-	-
ecrecover	(+17 [+1.5%]) 1,170	136,241	8,089,270	-	-	-
pairing	(+23 [+0.5%]) 4,524	1,862,964	97,277,783	-	-	-

Commit: 1f0d42c

Benchmark Workflow

[jonathanpwang]

Closing this in favor of #1858

Can we force reset feat/ed25519 to branch off of feat/new-execution?

[jonathanpwang]

how come github can't detect this is a git mv weierstrass_extension.rs

[Avaneesh-axiom]

I think the content is different enough that it can't detect it as a rename

[Avaneesh-axiom]

Yeah, it looks like it has 46% similarity