Fix how we handle public inputs in Tube circuit

[lucasxia01]

We currently just add some (correct amount of) public inputs as new variables to the builder when constructing the Tube circuit. However, we need to set witnesses (from the folding proof) to be public inputs instead.

[ludamad]

@Rumata888 can you add more details here? I recall you thinking this was tricky

[Rumata888]

There are two problems right now:

1. Recursive verifiers take a vector of field elements as inputs, construct the transcript from them and only after that recursively verify the proof. The current architecture doesn't allow checking the correctness of those field elements (that the transcript in the decider corresponds to the Translator transcript, for example). We don't have access to those elements in circuit field form, so we can't set that as public input
2. The concept of the public input of the circuit and the context of results of the folding proof differ. It is ambiguous right now in the protocol what we want the Tube to present as public inputs. If the public inputs are just the public inputs of the last folding proof then it can become a problem, because technically two folding proofs can have the same public inputs and if we export just those it might not be possible to correctly pick the original ClientIVC proof that produced those. So technically what we need to export is probably at least the folding proof transcript. Maybe we need to show everything that we are recursively verifying as public inputs.

[ledwards2225]

Aside from the security caveats above, this is a basic description of what needs to be done to pipe the right public inputs into the base rollup:

The base rollup circuit needs to perform some checks on the public inputs of the tail private kernel. With the Honk integration / introduction of the Tube circuit, the public inputs connection was broken. What needs to happen is roughly the following:

• a ClientIvc Proof contains a FoldProof which contains the explicit public inputs of the final circuit in the IVC (kernel tail or whatever)
• These public inputs are extracted in the ProtoGalaxyRecursiveVerifier (part of the ClientIvc recursive verifier, aka the tube) where they become private witnesses by default
• These witnesses must be explicitly converted to public inputs in that circuit (e.g. builder->set_public_input(pub_input.get_witness_index()) )
• This will result in those public inputs being explicitly added to the Tube circuit proof which gets sent to the base rollup circuit
• The base rollup circuit extracts the public inputs from the proof and uses them for Azteky checks as needed