[zk-token-sdk] Add range proof generation error types

[samkim-crypto]

Problem

#33507, #33509, #33510, and #33525.

Summary of Changes

• 96020b3: Previously, mismatch on vector lengths used in range proof was addressed by assert statements. This commit replaces them with RangeProofGenerationError::VectorLengthMismatch.
• 782b617: Range proof on 0-bit numbers does not really make sense, but we did not specifically take care of this case. This commit takes care of this special case.
• 9f923da: Replaced assert statements related to generator length mismatch with RangeProofGenerationError::GeneratorLengthMismatch.
• d55d048: Removed unchecked arithmetic with checked arithmetic and unwraps. For places that are not obvious whether it is safe, I added comments. Addresses [zk-token-sdk] Potential overflow due to unchecked shift operation in range proof calculation (ottersec #4) #33507.
• 9b18167: When the input to the range proof generator become very large, then this could lead to expected behavior. I added a cap of 2^32, which should be plenty for all practical use cases. Addresses [zk-token-sdk] Potential overflow when gens_capcity for the bulletproof generators become too large (ottersec #6) #33509.
• 962ae00: Made inner product to return RangeProofGenerationError::InnerProductLengthMismatch when invoked on vectors of different lengths. Addresses [zk-token-sdk] Range proof scalar inner product panics if input lengths are different (ottersec #8) #33510.
• 5f03de9: When verifying range proof, I added a condition to check that the number of commitments are capped at MAX_COMMITMENTS. Addresses [zk-token-sdk] Potential for a malicious prover to generate proofs over MAX_COMMITEMNTS (ottersec #7) #33525.

Fixes #

[codecov]

Codecov Report

Merging #34065 (7d9d95a) into master (0e6dd54) will increase coverage by 0.0%.
The diff coverage is 86.4%.

Additional details and impacted files

@@           Coverage Diff           @@
##           master   #34065   +/-   ##
=======================================
  Coverage    81.9%    81.9%           
=======================================
  Files         819      819           
  Lines      219145   219162   +17     
=======================================
+ Hits       179529   179561   +32     
+ Misses      39616    39601   -15     

[joncinque]

Looks good for the most part! For backporting, we should just focus on the bits required by the runtime, ie. the new checks on the verification functions. We can probably leave off all the client-side bits

[joncinque]

What's the purpose of this error over RangeProofGenerationError? They both have MaximumGeneratorLengthExceeded

[samkim-crypto]

Yeah, both proof generation and verification uses a subroutine to generate "group generators" that could return an if the generator length is too large. I made it so that if the subroutine errors during proof generation, it returns RangeProofGenerationError::Maximum...Exceeded (here) and if it errors during verification, it returns RangeProofVerificationError::Maximum...Exceeded (here).

[joncinque]

❤️

[joncinque]

Looks great!