Add QM31 implementation

[FrancoGiachetta]

Summary

The purpose of this PR is to move QM31's implementation from Cairo VM to types-rs. It adds a wrapper over FieldElement<Stark252PrimeField> which allows a safer usage of QM31 operations.
The implemented set of operations only corresponds to the ones in Cairo VM.

Pull Request type

Please add the labels corresponding to the type of changes your PR introduces:

• Feature

What is the current behavior?

QM31 is not implemented in types-rs

Resolves: #NA

What is the new behavior?

Add QM31Felt abstraction for performing QM31 operation in a safe manner.

Does this introduce a breaking change?

No

Other information

[0xLucqs]

why are we using u64s here ?
and why a limb would be 36 bits ?
Shouldn't we also introduce CM31 as an intermediate type ?

[FrancoGiachetta]

why are we using u64s here

So that we can hold 36 bits.

and why a limb would be 36 bits ?

This is how it was implemented in Cairo VM. This is the commit which introduced it. The comments suggests QM31 is composted of 4 u64 limbs which represent 36 bit values, so 144 bits in total.

Shouldn't we also introduce CM31 as an intermediate type ?

This is implementation of a QM31. Instead of having two CM31, we have the four coordinates.

This PR migrates what was implemented in the Cairo VM. Is there anything you think should be changed?

[0xLucqs]

a felt in M31 is 31 bits i don't get why here it'd be 36, am i missing something ?

This PR migrates what was implemented in the Cairo VM.

I understand that but it feels weird to have the quartic EF and not the base field imo. Fine for now but i think the rest should be added in a follow up PR

[FrancoGiachetta]

Found this comment from one of the commits that implemented this feature in Cairo VM. It explains why is was decided to use u64 as m31 representation. Seems it uses 36 bits for a m31 for an efficient Felt representation.
As you suggested, I think it's better to u32 instead of u64. I'll make this change. Sorry about the inconvenience.

[FrancoGiachetta]

Change the representation to u32 coordinates 020c0dc.

[tdelabro]

you changed the coordinates to be [u32; 4] but 32*4 = 128.
We need 144 bits.
Which is 4,5 u32. So we need [u35; 5].

Or am I missing something?

[FrancoGiachetta]

I mess up with the docs in cairo VM. This firstly was implemented in the cairo VM and since it only operates with felts, a qm31 was always being packed into a Felt. For efficiency reasons (check this lambdaclass/cairo-vm#1944 (comment)), related to the multiplication operation, it's better to represent every M31 with 36 bits instead of 31 (as it should). This mens that, only in the felt representation, a QM31 is 144 bits long.

This implementation treats every M31 as 31 bit value. So only when packing a QM31 into a felt a M31 be represented with 36 bits now. This is why we still check that, when unpacking from a Felt, the value is no longer than 144 bits.

[gabrielbosio]

Suggested change

	pub fn inner(&self) -> [u32; 4] {
	pub fn to_coordinates(&self) -> [u32; 4] {

[FrancoGiachetta]

Done in: edd3fa5

[gabrielbosio]

Suggested change

	fn inner_u64(&self) -> [u64; 4] {
	fn to_coordinates_u64(&self) -> [u64; 4] {

[FrancoGiachetta]

Done in: edd3fa5

[tdelabro]

convinient -> convenient

[gabrielbosio]

I didn't realize that renaming to to_coordinates_u64 would cause a clippy error. Maybe we can rename it to as_coordinates_u64 (or as_u64_coordinates) since it's private

[FrancoGiachetta]

Yes, I ended up doing that

[tdelabro]

@FrancoGiachetta We still need top level (//!) documentation to explain what "quadruple mersenne 31" is, and when it should be used.

[FrancoGiachetta]

Hi @tdelabro! Added the requested top level docs.

[tdelabro]

in the Mersenne 31 field ?
"in" missing + field don't have to be capitalized

[FrancoGiachetta]

Fix here: 7f3d6ef

[tdelabro]

"If any" typo
"a M31" is it "a" like the value you named "a" or a regular english word?

[FrancoGiachetta]

It refers to the value a named. This is to avoid repeating "a value from the Mersenne 31 field". The first typo is already fixed in this commit: b65e34b

[gabrielbosio]

of the Complex extension the Mersenne 31 field

It doesn't seem very clear, maybe a word is missing here?

[FrancoGiachetta]

Yes, I forgot to add an "in". Fix here: 6bad58f

[gabrielbosio]

Suggested change

	//! If only a M31 was used by the verifier, then a 31 bit value wouldn't be enough to provide security
	//! If only an M31 was used by the verifier, then a 31 bit value wouldn't be enough to provide security

[FrancoGiachetta]

Done here: 6bad58f

[gabrielbosio]

the verifier is able

What verifier? The Cairo one?

Suggested change

	//! the verifier is able to generate challeges with a proper level of randomness, ensuring the security of the protocol.
	//! the verifier is able to generate challenges with a proper level of randomness, ensuring the security of the protocol.

[FrancoGiachetta]

A verifier in general. A 31 bit value is not enough to provided security since the range of random values is too short and vulnerable to brute-force attacks

[FrancoGiachetta]

fixed typo here: 6bad58f. Also changed the verifier for a verifier as the comment aims to a verifier in general.

[gabrielbosio]

I would add the corresponding link to the cairo repo, at the end of this paragraph.

[FrancoGiachetta]

Done here: 6bad58f

[gabrielbosio]

The conversion to a Felt is done by using the four elements of the struct, refered to as coordinates, as bytes

It doesn't seem very clear. I would briefly explain what a coordinate is and then describe the Felt conversion. That way you don't have to define coordinates in the middle of the description of the conversion.

[FrancoGiachetta]

Done here: 035a87c