feat: add div-mod constraints

[stuarttimwhite]

Please be sure to look over the pull request guidelines here: https://github.com/spaceandtimelabs/sxt-proof-of-sql/blob/main/CONTRIBUTING.md#submit-pr.

Please go through the following checklist

• The PR title and commit messages adhere to guidelines here: https://github.com/spaceandtimelabs/sxt-proof-of-sql/blob/main/CONTRIBUTING.md. In particular ! is used if and only if at least one breaking change has been introduced.
• I have run the ci check script with source scripts/run_ci_checks.sh.
• I have run the clean commit check script with source scripts/check_commits.sh, and the commit history is certified to follow clean commit guidelines as described here: https://github.com/spaceandtimelabs/sxt-proof-of-sql/blob/main/COMMIT_GUIDELINES.md
• The latest changes from main have been incorporated to this PR by simple rebase if possible, if not, then conflicts are resolved appropriately.

Rationale for this change

The constraints for div and mod expr need to be added. This will allow it to be a fully secure gadget.

What changes are included in this PR?

All the constraints for div-and-mod-expr.

Are these changes tested?

Yes. There is a tamperproof test for each constraint, demonstrating that each constraint is necessary.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 96.14%. Comparing base (a8e21f9) to head (2ab2ab6).

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #646      +/-   ##
==========================================
+ Coverage   96.08%   96.14%   +0.05%     
==========================================
  Files         331      331              
  Lines       58897    59607     +710     
==========================================
+ Hits        56593    57307     +714     
+ Misses       2304     2300       -4     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[JayWhite2357]

Can you make a PR with a LaTeX document with the constraints here:
https://github.com/spaceandtimelabs/sxt-proof-of-sql/tree/main/docs/protocols

We can then reference that in this PR.

[JayWhite2357]

Can you put all of these together? That way the order is clear, and separated from the constraints.

[stuarttimwhite]

Should I do this on the prove side as well? Put the constraints after the commitments?

[JayWhite2357]

There should be some comments indicating

// r - remainder
// t' - t
// u - b_div_q
// etc.

Perhaps t should be t_prime.

[JayWhite2357]

This isn't quite the constraint that is being enforced here.
It is actually $$-2^B \leq q < 2^B$$ for some $B$.

[stuarttimwhite]

Aren't we making the assumption that MIN = -2^B for some B for all our supported data types?

[JayWhite2357]

Could we get away with $$-2^B \leq s < 2^B$$ for some $B$?

[JayWhite2357]

We already need to show that $q\in[T_{min},-T_{min}]$.
Additionally, we know that $b\in[T_{min}, -T_{min}-1]$ since that is guaranteed by the input.
So, as long as $T_{min}^2\leq S_{max}$, we don't need this check.
This is true for all integer types (except u128, which I want to deprecate).
It is not true for all decimal types. (But is true for some of them.)

[stuarttimwhite]

What's the smallest order field we would ever use for our scalar type? Is i128 the biggest type we will use long term? Are decimals with high precision something that might be relevant here?

[JayWhite2357]

NIT: ′ is not '. − is not -.

[JayWhite2357]

This does the same thing. The definition of v changes, but it's just a hint anyway.

Suggested change

	// (q' - MIN) * (q + MIN) * v - (q' - MIN) = 0
	// (q + MIN) * v - (q' - MIN) = 0

[JayWhite2357]

Slightly prefer

(q + MIN) * v + (q' - MIN) = 0

[JayWhite2357]

Slightly prefer

(r - b) * (r + b) * t' + b = 0

[JayWhite2357]

We could avoid this extra bit if we do $q'\in[MIN,MAX]$ instead.
This, paired with $(q - q') * (q + MIN) = 0$ guarentees that $q$ is correctly bounded.