chore(zk): match zkv2 hash impl with the description

- encode the position of bits proven to be 0 in the hashes
- hash the infinite norm instead of the euclidean one
- hash the value of k with the statement

Author: nsarlin-zama

tfhe-zk-pok/src/backward_compatibility/pke_v2.rs

@@ -2,12 +2,15 @@
 #![allow(non_snake_case)]
 
 use std::convert::Infallible;
+use std::error::Error;
+use std::fmt::Display;
 
 use tfhe_versionable::{Upgrade, Version, VersionsDispatch};
 
 use crate::curve_api::{CompressedG1, CompressedG2, Compressible, Curve};
 use crate::proofs::pke_v2::{
-    CompressedComputeLoadProofFields, CompressedProof, ComputeLoadProofFields, PkeV2HashMode, Proof,
+    CompressedComputeLoadProofFields, CompressedProof, ComputeLoadProofFields, PkeV2HashMode,
+    PkeV2SupportedHashConfig, Proof,
 };
 
 use super::IncompleteProof;
@@ -89,10 +92,10 @@ pub struct ProofV1<G: Curve> {
     compute_load_proof_fields: Option<ComputeLoadProofFields<G>>,
 }
 
-impl<G: Curve> Upgrade<Proof<G>> for ProofV1<G> {
+impl<G: Curve> Upgrade<ProofV2<G>> for ProofV1<G> {
     type Error = Infallible;
 
-    fn upgrade(self) -> Result<Proof<G>, Self::Error> {
+    fn upgrade(self) -> Result<ProofV2<G>, Self::Error> {
         let ProofV1 {
             C_hat_e,
             C_e,
@@ -108,7 +111,7 @@ impl<G: Curve> Upgrade<Proof<G>> for ProofV1<G> {
             compute_load_proof_fields,
         } = self;
 
-        Ok(Proof {
+        Ok(ProofV2 {
             C_hat_e,
             C_e,
             C_r_tilde,
@@ -126,11 +129,92 @@ impl<G: Curve> Upgrade<Proof<G>> for ProofV1<G> {
     }
 }
 
+#[derive(Version)]
+pub struct ProofV2<G: Curve> {
+    C_hat_e: G::G2,
+    C_e: G::G1,
+    C_r_tilde: G::G1,
+    C_R: G::G1,
+    C_hat_bin: G::G2,
+    C_y: G::G1,
+    C_h1: G::G1,
+    C_h2: G::G1,
+    C_hat_t: G::G2,
+    pi: G::G1,
+    pi_kzg: G::G1,
+    compute_load_proof_fields: Option<ComputeLoadProofFields<G>>,
+    hash_mode: PkeV2HashMode,
+}
+
+#[derive(Debug)]
+pub struct UnsupportedHashConfig(String);
+
+impl Display for UnsupportedHashConfig {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        write!(f, "Unsupported Hash config in pke V2 Proof: {}", self.0)
+    }
+}
+
+impl Error for UnsupportedHashConfig {}
+
+impl TryFrom<PkeV2HashMode> for PkeV2SupportedHashConfig {
+    type Error = UnsupportedHashConfig;
+
+    fn try_from(value: PkeV2HashMode) -> Result<Self, Self::Error> {
+        match value {
+            PkeV2HashMode::BackwardCompat => Ok(PkeV2SupportedHashConfig::V0_4_0),
+            PkeV2HashMode::Classical => Err(UnsupportedHashConfig(String::from(
+                "Proof use hash mode \"Classical\" which has never been part of a default configuration",
+            ))),
+            PkeV2HashMode::Compact => Ok(PkeV2SupportedHashConfig::V0_7_0),
+        }
+    }
+}
+
+impl<G: Curve> Upgrade<Proof<G>> for ProofV2<G> {
+    type Error = UnsupportedHashConfig;
+
+    fn upgrade(self) -> Result<Proof<G>, Self::Error> {
+        let ProofV2 {
+            C_hat_e,
+            C_e,
+            C_r_tilde,
+            C_R,
+            C_hat_bin,
+            C_y,
+            C_h1,
+            C_h2,
+            C_hat_t,
+            pi,
+            pi_kzg,
+            compute_load_proof_fields,
+            hash_mode,
+        } = self;
+
+        Ok(Proof {
+            C_hat_e,
+            C_e,
+            C_r_tilde,
+            C_R,
+            C_hat_bin,
+            C_y,
+            C_h1,
+            C_h2,
+            C_hat_t,
+            pi,
+            pi_kzg,
+            compute_load_proof_fields,
+            hash_config: hash_mode.try_into()?,
+        })
+    }
+}
+
 #[derive(VersionsDispatch)]
 pub enum ProofVersions<G: Curve> {
     V0(ProofV0<G>),
     V1(ProofV1<G>),
-    V2(Proof<G>),
+    V2(ProofV2<G>),
+    V3(Proof<G>),
 }
 
 #[derive(VersionsDispatch)]
@@ -230,14 +314,14 @@ where
     compute_load_proof_fields: Option<CompressedComputeLoadProofFields<G>>,
 }
 
-impl<G: Curve> Upgrade<CompressedProof<G>> for CompressedProofV1<G>
+impl<G: Curve> Upgrade<CompressedProofV2<G>> for CompressedProofV1<G>
 where
     G::G1: Compressible,
     G::G2: Compressible,
 {
     type Error = Infallible;
 
-    fn upgrade(self) -> Result<CompressedProof<G>, Self::Error> {
+    fn upgrade(self) -> Result<CompressedProofV2<G>, Self::Error> {
         let CompressedProofV1 {
             C_hat_e,
             C_e,
@@ -253,7 +337,7 @@ where
             compute_load_proof_fields,
         } = self;
 
-        Ok(CompressedProof {
+        Ok(CompressedProofV2 {
             C_hat_e,
             C_e,
             C_r_tilde,
@@ -271,6 +355,69 @@ where
     }
 }
 
+#[derive(Version)]
+pub struct CompressedProofV2<G: Curve>
+where
+    G::G1: Compressible,
+    G::G2: Compressible,
+{
+    C_hat_e: CompressedG2<G>,
+    C_e: CompressedG1<G>,
+    C_r_tilde: CompressedG1<G>,
+    C_R: CompressedG1<G>,
+    C_hat_bin: CompressedG2<G>,
+    C_y: CompressedG1<G>,
+    C_h1: CompressedG1<G>,
+    C_h2: CompressedG1<G>,
+    C_hat_t: CompressedG2<G>,
+    pi: CompressedG1<G>,
+    pi_kzg: CompressedG1<G>,
+    compute_load_proof_fields: Option<CompressedComputeLoadProofFields<G>>,
+    hash_mode: PkeV2HashMode,
+}
+
+impl<G: Curve> Upgrade<CompressedProof<G>> for CompressedProofV2<G>
+where
+    G::G1: Compressible,
+    G::G2: Compressible,
+{
+    type Error = UnsupportedHashConfig;
+
+    fn upgrade(self) -> Result<CompressedProof<G>, Self::Error> {
+        let CompressedProofV2 {
+            C_hat_e,
+            C_e,
+            C_r_tilde,
+            C_R,
+            C_hat_bin,
+            C_y,
+            C_h1,
+            C_h2,
+            C_hat_t,
+            pi,
+            pi_kzg,
+            compute_load_proof_fields,
+            hash_mode,
+        } = self;
+
+        Ok(CompressedProof {
+            C_hat_e,
+            C_e,
+            C_r_tilde,
+            C_R,
+            C_hat_bin,
+            C_y,
+            C_h1,
+            C_h2,
+            C_hat_t,
+            pi,
+            pi_kzg,
+            compute_load_proof_fields,
+            hash_config: hash_mode.try_into()?,
+        })
+    }
+}
+
 #[derive(VersionsDispatch)]
 pub enum CompressedProofVersions<G: Curve>
 where
@@ -279,7 +426,8 @@ where
 {
     V0(CompressedProofV0<G>),
     V1(CompressedProofV1<G>),
-    V2(CompressedProof<G>),
+    V2(CompressedProofV2<G>),
+    V3(CompressedProof<G>),
 }
 
 #[derive(VersionsDispatch)]
@@ -297,3 +445,9 @@ pub enum PkeV2HashModeVersions {
     #[allow(dead_code)]
     V0(PkeV2HashMode),
 }
+
+#[derive(VersionsDispatch)]
+pub enum PkeV2SupportedHashConfigVersions {
+    #[allow(dead_code)]
+    V0(PkeV2SupportedHashConfig),
+}