Check integrity of snark artifacts

[cedoor]

Description

After downloading the wasm/zkey files to generate valid proofs, it will be necessary to verify that those files are authentic. There are theoretically two checks to be made:

1. Check that the downloaded files are the same ones that were uploaded to NPM,
2. Verify that the downloaded files were generated by a specific trusted-setup.

It is necessary to understand what we need to do for each of these checks, and whether 2 somehow makes 1 redundant.

It is also necessary to understand when to have these checks.

It'll probably make sense to add a README file to each package with the instructions needed to perform these checks, with the correct versions of the packages to be used, or with scripts to simplify the process.

[sripwoud]

For 2. I'll discuss it with the p0tion team

[sripwoud]

@cedoor should we have an additional package there? I mean besides the @zk-kit/*-artifacts packages that only contain artifacts? a package that would become a dep in @zk-kit/utils and provide:

• function to do the integrity checks (cases 1 and 2): function would be used in the functions fo @zk-kit/utils that download the artifacts.
• provide an enum to inform about the artifacts we provide (see conv https://github.com/privacy-scaling-explorations/zk-kit/pull/275#discussion_r1582982895)

[cedoor]

@sripwoud What about creating a new @zk-kit/artifacts package with:

• a CLI to download artifacts and run a fake trusted setup (re https://github.com/privacy-scaling-explorations/zk-kit/issues/250)
• functions to download artifacts (the ones we have in the utils package right now)
• functions to check the artifacts' integrity
• enum

How does it sound?

[cedoor]

Privately agreed on creating such a package.