feat: replace zeromorph with shplemini

.gitignore

@@ -12,3 +12,5 @@ docs/
 
 # Dotenv file
 .env
+
+.DS_Store

src/reference/Fr.sol

@@ -1,18 +1,17 @@
-// SPDX-License-Identifier: MIT
-pragma solidity >=0.8.21;
+pragma solidity ^0.8.27;
 
 type Fr is uint256;
 
 using {add as +} for Fr global;
 using {sub as -} for Fr global;
 using {mul as *} for Fr global;
 
-// Yuck using ^ for exp  - todo maybe make it manual
 using {exp as ^} for Fr global;
 using {notEqual as !=} for Fr global;
 using {equal as ==} for Fr global;
 
 uint256 constant MODULUS = 21888242871839275222246405745257275088548364400416034343698204186575808495617; // Prime field order
+Fr constant MINUS_ONE = Fr.wrap(MODULUS - 1);
 
 // Instantiation
 library FrLib {
@@ -39,11 +38,10 @@ library FrLib {
             mstore(add(free, 0x20), 0x20)
             mstore(add(free, 0x40), 0x20)
             mstore(add(free, 0x60), v)
-            mstore(add(free, 0x80), sub(MODULUS, 2)) // TODO: check --via-ir will compiler inline
+            mstore(add(free, 0x80), sub(MODULUS, 2)) 
             mstore(add(free, 0xa0), MODULUS)
             let success := staticcall(gas(), 0x05, free, 0xc0, 0x00, 0x20)
             if iszero(success) {
-                // TODO: meaningful error
                 revert(0, 0)
             }
             result := mload(0x00)
@@ -52,7 +50,6 @@ library FrLib {
         return Fr.wrap(result);
     }
 
-    // TODO: edit other pow, it only works for powers of two
     function pow(Fr base, uint256 v) internal view returns (Fr) {
         uint256 b = Fr.unwrap(base);
         uint256 result;
@@ -64,11 +61,10 @@ library FrLib {
             mstore(add(free, 0x20), 0x20)
             mstore(add(free, 0x40), 0x20)
             mstore(add(free, 0x60), b)
-            mstore(add(free, 0x80), v) // TODO: check --via-ir will compiler inline
+            mstore(add(free, 0x80), v) 
             mstore(add(free, 0xa0), MODULUS)
             let success := staticcall(gas(), 0x05, free, 0xc0, 0x00, 0x20)
             if iszero(success) {
-                // TODO: meaningful error
                 revert(0, 0)
             }
             result := mload(0x00)
@@ -77,11 +73,21 @@ library FrLib {
         return Fr.wrap(result);
     }
 
-    // TODO: Montgomery's batch inversion trick
     function div(Fr numerator, Fr denominator) internal view returns (Fr) {
-        Fr inversion = invert(denominator);
         return numerator * invert(denominator);
     }
+
+    function sqr(Fr value) internal pure returns (Fr) {
+        return value * value;
+    }
+
+    function unwrap(Fr value) internal pure returns (uint256) {
+        return Fr.unwrap(value);
+    }
+
+    function neg(Fr value) internal pure returns (Fr) {
+        return Fr.wrap(MODULUS - Fr.unwrap(value));
+    }
 }
 
 // Free functions
@@ -97,7 +103,6 @@ function sub(Fr a, Fr b) pure returns (Fr) {
     return Fr.wrap(addmod(Fr.unwrap(a), MODULUS - Fr.unwrap(b), MODULUS));
 }
 
-// TODO: double check this !
 function exp(Fr base, Fr exponent) pure returns (Fr) {
     if (Fr.unwrap(exponent) == 0) return Fr.wrap(1);
     // Implement exponent with a loop as we will overflow otherwise

src/reference/HonkTypes.sol

@@ -2,20 +2,18 @@
 pragma solidity >=0.8.21;
 
 // Temp only set here for testing, logn will be templated
-import {LOG_N} from "./keys/EcdsaHonkVerificationKey.sol";
-
 import {Fr} from "./Fr.sol";
 
 uint256 constant CONST_PROOF_SIZE_LOG_N = 28;
 
-uint256 constant NUMBER_OF_SUBRELATIONS = 18;
-uint256 constant BATCHED_RELATION_PARTIAL_LENGTH = 7;
-uint256 constant NUMBER_OF_ENTITIES = 42;
-uint256 constant NUMBER_OF_ALPHAS = 17;
+uint256 constant NUMBER_OF_SUBRELATIONS = 26;
+uint256 constant BATCHED_RELATION_PARTIAL_LENGTH = 8;
+uint256 constant NUMBER_OF_ENTITIES = 44;
+uint256 constant NUMBER_UNSHIFTED = 35;
+uint256 constant NUMBER_TO_BE_SHIFTED = 9;
 
-// Prime field order
-uint256 constant Q = 21888242871839275222246405745257275088696311157297823662689037894645226208583; // EC group order
-uint256 constant P = 21888242871839275222246405745257275088548364400416034343698204186575808495617; // Prime field order
+// Alphas are used as relation separators so there should be NUMBER_OF_SUBRELATIONS - 1
+uint256 constant NUMBER_OF_ALPHAS = 25;
 
 // ENUM FOR WIRES
 enum WIRE {
@@ -30,6 +28,8 @@ enum WIRE {
     Q_ELLIPTIC,
     Q_AUX,
     Q_LOOKUP,
+    Q_POSEIDON2_EXTERNAL,
+    Q_POSEIDON2_INTERNAL,
     SIGMA_1,
     SIGMA_2,
     SIGMA_3,
@@ -94,6 +94,8 @@ library Honk {
         G1Point qAux; // Auxillary
         G1Point qElliptic; // Auxillary
         G1Point qLookup; // Lookup
+        G1Point qPoseidon2External;
+        G1Point qPoseidon2Internal;
         // Copy cnstraints
         G1Point s1;
         G1Point s2;
@@ -123,18 +125,19 @@ library Honk {
         Honk.G1ProofPoint w2;
         Honk.G1ProofPoint w3;
         Honk.G1ProofPoint w4;
-        // Lookup helpers - permutations
+        // Lookup helpers - Permutations
         Honk.G1ProofPoint zPerm;
-        // Lookup helpers - logup plookup
+        // Lookup helpers - logup
         Honk.G1ProofPoint lookupReadCounts;
         Honk.G1ProofPoint lookupReadTags;
         Honk.G1ProofPoint lookupInverses;
         // Sumcheck
         Fr[BATCHED_RELATION_PARTIAL_LENGTH][CONST_PROOF_SIZE_LOG_N] sumcheckUnivariates;
         Fr[NUMBER_OF_ENTITIES] sumcheckEvaluations;
-        // Zero morph
-        Honk.G1ProofPoint[CONST_PROOF_SIZE_LOG_N] zmCqs;
-        Honk.G1ProofPoint zmCq;
-        Honk.G1ProofPoint zmPi;
+        // Gemini
+        Honk.G1ProofPoint[CONST_PROOF_SIZE_LOG_N - 1] geminiFoldComms;
+        Fr[CONST_PROOF_SIZE_LOG_N] geminiAEvaluations;
+        Honk.G1ProofPoint shplonkQ;
+        Honk.G1ProofPoint kzgQuotient;
     }
 }