Feat Nova incremental inclusion verification

[enricobottazzi]

This PR adds an example of how a full flow of Incremental Proof of Inclusion verification can be performed using Nova as a prover. A more detailed explanation can be found in Incremental Inclusion Verfication.

• zk_prover/circom, contains the circuit implementation for the nova prover + some template circuits from circomlib
• examples/nova_incremental_verifier.rs contains the script to run the example
• examples/build contains the wasm and r1cs artifacts automatically generated by circom after the circuit compilation.

As you will see in the example script, I had to add different support functions related to the Merkle Sum Tree. The issue comes from the fact that the Poseidon Hasher used in circomlib behaves differently from our own implementation of the Poseidon Hasher so I couldn't use our MerkleSumTree struct. Luckily I found a rust library poseidon-rs that is compatible with circom's posiedon. Unfortunately, I meant recreating all the utils with this different hasher.

If we decide to move forward with this implementation, we need to find a way to create compatibility between the 2 hashers.

[alxkzmn]

Is it enough to just assign the inputs of Num2Bits without checking the output?

[enricobottazzi]

Copying from internal discussion

"My understanding is that to perform range check on a number we don’t really have to consume the output, we just want to check that the number can be expressed in a specific bit range. So if the number doesn’t fit this assertion will fail => https://github.com/iden3/circomlib/blob/master/circuits/bitify.circom#L38"

You can also reproduce this on ZKREPL by following this gist.

[sifnoc]

Good alternative approach.
Perhaps we can move this outside of the examples folder in the future.