feat: generalize transcript

Current `Transcript` assumes that its commitment type is an affine
point. This commit breaks this assumption and it differentiates cases.

1. Commitment and Scalar are same types, such as FRI commitment cases.
2. Commitment and Scalar are different types, such as KZG commitment cases.

Also `TranscriptReader` and `TranscriptWriter` child classes uses
`Curve` type as a template parameter which is different from
`Commitment` type from a parent class. This commit unifies template
parameter for consistency as well.

Other than above, it does as follows.

- move halo2 specific things to `zk/plonk/halo2`.
- remove `Challenge255` which leads to removing
  `SqueezeChallengeAsScalar()`.
- rename `ReadScalar()` and `ReadPoint()` to `Read()`.
- remove unused headers from transcript implementation.

tachyon/crypto/commitments/kzg/BUILD.bazel

@@ -43,9 +43,9 @@ tachyon_cc_unittest(
     deps = [
         ":shplonk",
         "//tachyon/base/buffer:vector_buffer",
-        "//tachyon/crypto/transcripts:poseidon_transcript",
         "//tachyon/math/elliptic_curves/bn/bn254:g1",
         "//tachyon/math/elliptic_curves/bn/bn254:g2",
         "//tachyon/math/polynomials/univariate:univariate_evaluation_domain_factory",
+        "//tachyon/zk/plonk/halo2:poseidon_transcript",
     ],
 )

tachyon/crypto/commitments/kzg/shplonk.h

@@ -88,7 +88,7 @@ class SHPlonk : public UnivariatePolynomialCommitmentScheme<
     const absl::btree_set<PointDeepRef>& super_point_set =
         grouper.super_point_set();
 
-    Field y = writer->SqueezeChallengeAsScalar();
+    Field y = writer->SqueezeChallenge();
 
     // Create [H₀(X), H₁(X), H₂(X)].
     // clang-format off
@@ -107,7 +107,7 @@ class SHPlonk : public UnivariatePolynomialCommitmentScheme<
               y, low_degree_extensions_vec[i]);
         });
 
-    Field v = writer->SqueezeChallengeAsScalar();
+    Field v = writer->SqueezeChallenge();
 
     // Create a linear combination of polynomials [H₀(X), H₁(X), H₂(X)] with
     // with |v|.
@@ -119,7 +119,7 @@ class SHPlonk : public UnivariatePolynomialCommitmentScheme<
     if (!this->Commit(h_poly, &h)) return false;
 
     CHECK(writer->WriteToProof(h));
-    Field u = writer->SqueezeChallengeAsScalar();
+    Field u = writer->SqueezeChallenge();
 
     // Create [L₀(X), L₁(X), L₂(X)].
     // L₀(X) = z₀ * ((P₀(X) - R₀(u)) + y(P₁(X) - R₁(u)) + y²(P₂(X) - R₂(u)))

tachyon/crypto/commitments/kzg/shplonk_unittest.cc

@@ -4,10 +4,10 @@
 
 #include "gtest/gtest.h"
 
-#include "tachyon/crypto/transcripts/poseidon_transcript.h"
 #include "tachyon/math/elliptic_curves/bn/bn254/g1.h"
 #include "tachyon/math/elliptic_curves/bn/bn254/g2.h"
 #include "tachyon/math/polynomials/univariate/univariate_evaluation_domain_factory.h"
+#include "tachyon/zk/plonk/halo2/poseidon_transcript.h"
 
 namespace tachyon::crypto {
 
@@ -33,7 +33,7 @@ class SHPlonkTest : public testing::Test {
   void SetUp() override {
     KZG<math::bn254::G1AffinePoint, kMaxDegree, math::bn254::G1AffinePoint> kzg;
     base::VectorBuffer write_buf;
-    writer_ = PoseidonWriter<math::bn254::G1Curve>(std::move(write_buf));
+    writer_ = zk::halo2::PoseidonWriter<Commitment>(std::move(write_buf));
     pcs_ = PCS(std::move(kzg), &writer_);
     ASSERT_TRUE(pcs_.UnsafeSetup(N));
 
@@ -79,7 +79,7 @@ class SHPlonkTest : public testing::Test {
   std::vector<Poly> polys_;
   std::vector<F> points_;
   std::vector<PolynomialOpening<Poly>> poly_openings_;
-  PoseidonWriter<math::bn254::G1Curve> writer_;
+  zk::halo2::PoseidonWriter<Commitment> writer_;
 };
 
 }  // namespace

tachyon/crypto/hashes/sponge/poseidon/BUILD.bazel

@@ -12,15 +12,6 @@ tachyon_cc_library(
     ],
 )
 
-tachyon_cc_library(
-    name = "halo2_poseidon",
-    hdrs = ["halo2_poseidon.h"],
-    deps = [
-        ":poseidon",
-        "@local_config_gmp//:gmp",
-    ],
-)
-
 tachyon_cc_library(
     name = "poseidon_config",
     hdrs = ["poseidon_config.h"],

tachyon/crypto/transcripts/BUILD.bazel

@@ -1,59 +1,22 @@
-load("//bazel:tachyon_cc.bzl", "tachyon_cc_library", "tachyon_cc_unittest")
+load("//bazel:tachyon_cc.bzl", "tachyon_cc_library")
 
 package(default_visibility = ["//visibility:public"])
 
-tachyon_cc_library(
-    name = "blake2b_transcript",
-    hdrs = ["blake2b_transcript.h"],
-    deps = [
-        ":transcript",
-        "//tachyon/math/elliptic_curves:points",
-        "@com_google_boringssl//:crypto",
-    ],
-)
-
-tachyon_cc_library(
-    name = "poseidon_transcript",
-    hdrs = ["poseidon_transcript.h"],
-    deps = [
-        ":transcript",
-        "//tachyon/crypto/hashes/sponge/poseidon:halo2_poseidon",
-        "//tachyon/math/elliptic_curves:points",
-    ],
-)
-
-tachyon_cc_library(
-    name = "sha256_transcript",
-    hdrs = ["sha256_transcript.h"],
-    deps = [
-        ":transcript",
-        "//tachyon/base/ranges:algorithm",
-        "//tachyon/base/types:always_false",
-        "//tachyon/math/elliptic_curves:points",
-        "@com_google_boringssl//:crypto",
-    ],
-)
-
 tachyon_cc_library(
     name = "transcript",
     hdrs = ["transcript.h"],
     deps = [
+        ":transcript_traits",
         "//tachyon/base/buffer:vector_buffer",
         "//tachyon/math/base:big_int",
     ],
 )
 
-tachyon_cc_unittest(
-    name = "transcript_unittests",
-    srcs = [
-        "blake2b_transcript_unittest.cc",
-        "poseidon_transcript_unittest.cc",
-        "sha256_transcript_unittest.cc",
-    ],
+tachyon_cc_library(
+    name = "transcript_traits",
+    hdrs = ["transcript_traits.h"],
     deps = [
-        ":blake2b_transcript",
-        ":poseidon_transcript",
-        ":sha256_transcript",
-        "//tachyon/math/elliptic_curves/bn/bn254:g1",
+        "//tachyon/math/elliptic_curves:points",
+        "//tachyon/math/finite_fields:prime_field_base",
     ],
 )