chore: domain separator tweaks (#19199)

Working towards improving domain separation.

(Getting ci to run the tests for me, to see what mistakes I've made)

In this PR:

- Remove unused domain separators from constants.nr
- Add some comments to constants.nr (and some physical reordering to
group them better... this is fine because the eventual goal is to use
strings for domain separators instead of brittle enums).
- Rename from `GENERATOR_INDEX__` to `DOM_SEP__`, because "generator
index" is carried over from when we used to use pedersen hashes and
makes no sense anymore.
    - Most of the line changes of this PR come from this.
- Renamed one of the separators from `__CONTRACT_LEAF` to
`__CONTRACT_CLASS_ID` to help my brain.
- Created `domain_separators.nr`, which contains dormant tests to
generate "proper" domain separators using strings. This PR won't go as
far as instating those strings, because all the hard-coded constants in
all tests in the repo will break. That'll be a fun task for someone in
January.

Future domain separation tasks for another PR:
- instate the domain separation strings.
- Claude says there are poseidon2 hashes which aren't using any domain
separator, which could be at risk of collisions. We'll need to add
those.

Author: iAmMichaelConnor

barretenberg/cpp/pil/vm2/bytecode/address_derivation.pil

@@ -37,7 +37,7 @@ namespace address_derivation;
     // It's reused between the partial address and salted initialization hash. Weird.
     // TODO: We need this temporarily while we dont allow for aliases in the lookup tuple
     pol commit partial_address_domain_separator;
-    sel * (partial_address_domain_separator - constants.GENERATOR_INDEX__PARTIAL_ADDRESS) = 0;
+    sel * (partial_address_domain_separator - constants.DOM_SEP__PARTIAL_ADDRESS) = 0;
 
     // TODO: We need these temporarily while we dont allow for aliases in the lookup tuple
     pol commit const_two;
@@ -73,7 +73,7 @@ namespace address_derivation;
 
     // TODO: We need this temporarily while we dont allow for aliases in the lookup tuple
     pol commit public_keys_hash_domain_separator;
-    sel * (public_keys_hash_domain_separator - constants.GENERATOR_INDEX__PUBLIC_KEYS_HASH) = 0;
+    sel * (public_keys_hash_domain_separator - constants.DOM_SEP__PUBLIC_KEYS_HASH) = 0;
 
     // Remove all the 0s for is_infinite when removed from public_keys.nr
     // https://github.com/AztecProtocol/aztec-packages/issues/7529
@@ -104,7 +104,7 @@ namespace address_derivation;
 
     // TODO: We need this temporarily while we dont allow for aliases in the lookup tuple
     pol commit preaddress_domain_separator;
-    sel * (preaddress_domain_separator - constants.GENERATOR_INDEX__CONTRACT_ADDRESS_V1) = 0;
+    sel * (preaddress_domain_separator - constants.DOM_SEP__CONTRACT_ADDRESS_V1) = 0;
 
     #[PREADDRESS_POSEIDON2]
     sel { sel /* =1 */, preaddress_domain_separator, public_keys_hash, partial_address, preaddress }

barretenberg/cpp/pil/vm2/bytecode/bc_hashing.pil

@@ -108,7 +108,7 @@ namespace bc_hashing;
 
     // At the start of a new bytecode hash, the initial field has to be the separator, and we skip the lookup:
     #[START_IS_SEPARATOR]
-    start * (packed_fields_0 - constants.GENERATOR_INDEX__PUBLIC_BYTECODE) = 0;
+    start * (packed_fields_0 - constants.DOM_SEP__PUBLIC_BYTECODE) = 0;
 
     #[GET_PACKED_FIELD_0]
     sel_not_start { pc_index, bytecode_id, packed_fields_0 }

barretenberg/cpp/pil/vm2/bytecode/class_id_derivation.pil

@@ -17,18 +17,18 @@ namespace class_id_derivation;
     pol commit private_functions_root;
     pol commit public_bytecode_commitment; // This is constrained via executions's lookup to instr_fetching, which looks up bc_decomposition <-> bc_hashing
     // The result of
-    // H(GENERATOR_INDEX__CONTRACT_LEAF, artifact_hash, private_functions_root, public_bytecode_commitment)
+    // H(DOM_SEP__CONTRACT_CLASS_ID, artifact_hash, private_functions_root, public_bytecode_commitment)
     pol commit class_id;
 
     // TODO: We need these temporarily while we dont allow for aliases in the lookup tuple.
-    pol commit gen_index_contract_leaf;
-    sel * (gen_index_contract_leaf - constants.GENERATOR_INDEX__CONTRACT_LEAF) = 0;
+    pol commit gen_index_contract_class_id;
+    sel * (gen_index_contract_class_id - constants.DOM_SEP__CONTRACT_CLASS_ID) = 0;
     pol commit const_two;
     sel * (const_two - 2) = 0;
 
     // Since the inputs to poseidon2 have to be chunks of 3, we need two lookups if we want to do this in a single row
     #[CLASS_ID_POSEIDON2_0]
-    sel { gen_index_contract_leaf, artifact_hash, private_functions_root, class_id, const_two }
+    sel { gen_index_contract_class_id, artifact_hash, private_functions_root, class_id, const_two }
     in poseidon2_hash.start { poseidon2_hash.input_0, poseidon2_hash.input_1, poseidon2_hash.input_2, poseidon2_hash.output, poseidon2_hash.num_perm_rounds_rem };
 
     #[CLASS_ID_POSEIDON2_1]

barretenberg/cpp/pil/vm2/bytecode/update_check.pil

@@ -69,7 +69,7 @@ namespace update_check;
 
     // TODO: Remove this as a column when we can lookup with constants
     pol commit public_leaf_index_domain_separator;
-    sel * (constants.GENERATOR_INDEX__PUBLIC_LEAF_INDEX - public_leaf_index_domain_separator) = 0;
+    sel * (constants.DOM_SEP__PUBLIC_LEAF_INDEX - public_leaf_index_domain_separator) = 0;
 
     // TODO: Remove this as a column when we can lookup with constants
     pol commit deployer_protocol_contract_address;

barretenberg/cpp/pil/vm2/calldata_hashing.pil

@@ -87,7 +87,7 @@ namespace calldata_hashing;
 
     // At the start of a new calldata hash, the initial field has to be the separator, and we skip the lookup:
     #[START_IS_SEPARATOR]
-    start * (input[0] - constants.GENERATOR_INDEX__PUBLIC_CALLDATA) = 0;
+    start * (input[0] - constants.DOM_SEP__PUBLIC_CALLDATA) = 0;
 
     // The index increments by 3 each row (unless we are at latch):
     #[INDEX_INCREMENTS]

barretenberg/cpp/pil/vm2/constants_gen.pil

@@ -164,15 +164,15 @@ namespace constants;
     pol UPDATES_DELAYED_PUBLIC_MUTABLE_METADATA_BIT_SIZE = 144;
     pol GRUMPKIN_ONE_X = 1;
     pol GRUMPKIN_ONE_Y = 17631683881184975370165255887551781615748388533673675138860;
-    pol GENERATOR_INDEX__NOTE_HASH_NONCE = 2;
-    pol GENERATOR_INDEX__UNIQUE_NOTE_HASH = 3;
-    pol GENERATOR_INDEX__SILOED_NOTE_HASH = 4;
-    pol GENERATOR_INDEX__OUTER_NULLIFIER = 7;
-    pol GENERATOR_INDEX__CONTRACT_ADDRESS_V1 = 15;
-    pol GENERATOR_INDEX__CONTRACT_LEAF = 16;
-    pol GENERATOR_INDEX__PUBLIC_LEAF_INDEX = 23;
-    pol GENERATOR_INDEX__PARTIAL_ADDRESS = 27;
-    pol GENERATOR_INDEX__PUBLIC_CALLDATA = 43;
-    pol GENERATOR_INDEX__PUBLIC_KEYS_HASH = 52;
-    pol GENERATOR_INDEX__PUBLIC_BYTECODE = 60;
+    pol DOM_SEP__NOTE_HASH_NONCE = 2;
+    pol DOM_SEP__UNIQUE_NOTE_HASH = 3;
+    pol DOM_SEP__SILOED_NOTE_HASH = 4;
+    pol DOM_SEP__OUTER_NULLIFIER = 7;
+    pol DOM_SEP__PUBLIC_LEAF_INDEX = 23;
+    pol DOM_SEP__PUBLIC_BYTECODE = 60;
+    pol DOM_SEP__CONTRACT_CLASS_ID = 16;
+    pol DOM_SEP__PUBLIC_KEYS_HASH = 52;
+    pol DOM_SEP__PARTIAL_ADDRESS = 27;
+    pol DOM_SEP__CONTRACT_ADDRESS_V1 = 15;
+    pol DOM_SEP__PUBLIC_CALLDATA = 43;
 

barretenberg/cpp/pil/vm2/trees/note_hash_tree_check.pil

@@ -79,7 +79,7 @@ namespace note_hash_tree_check;
 
     // TODO: We need this temporarily while we do not allow for aliases in the lookup tuple
     pol commit siloing_separator;
-    sel * (constants.GENERATOR_INDEX__SILOED_NOTE_HASH - siloing_separator) = 0;
+    sel * (constants.DOM_SEP__SILOED_NOTE_HASH - siloing_separator) = 0;
 
     #[SILO_POSEIDON2]
     should_silo { sel, siloing_separator, address, note_hash, siloed_note_hash }
@@ -115,15 +115,15 @@ namespace note_hash_tree_check;
 
     // TODO: We need this temporarily while we do not allow for aliases in the lookup tuple
     pol commit nonce_separator;
-    sel * (constants.GENERATOR_INDEX__NOTE_HASH_NONCE - nonce_separator) = 0;
+    sel * (constants.DOM_SEP__NOTE_HASH_NONCE - nonce_separator) = 0;
 
     #[NONCE_COMPUTATION_POSEIDON2]
     should_unique { sel, nonce_separator, first_nullifier, note_hash_index, nonce }
     in poseidon2_hash.end { poseidon2_hash.start, poseidon2_hash.input_0, poseidon2_hash.input_1, poseidon2_hash.input_2, poseidon2_hash.output };
 
     // TODO: We need this temporarily while we do not allow for aliases in the lookup tuple
     pol commit unique_note_hash_separator;
-    sel * (constants.GENERATOR_INDEX__UNIQUE_NOTE_HASH - unique_note_hash_separator) = 0;
+    sel * (constants.DOM_SEP__UNIQUE_NOTE_HASH - unique_note_hash_separator) = 0;
 
     #[UNIQUE_NOTE_HASH_POSEIDON2]
     should_unique { sel, unique_note_hash_separator, nonce, siloed_note_hash, unique_note_hash }

barretenberg/cpp/pil/vm2/trees/nullifier_check.pil

@@ -106,7 +106,7 @@ namespace nullifier_check;
 
     // TODO: We need this temporarily while we do not allow for aliases in the lookup tuple
     pol commit siloing_separator;
-    sel * (constants.GENERATOR_INDEX__OUTER_NULLIFIER - siloing_separator) = 0;
+    sel * (constants.DOM_SEP__OUTER_NULLIFIER - siloing_separator) = 0;
 
     #[SILO_POSEIDON2]
     should_silo { sel, siloing_separator, address, nullifier, siloed_nullifier }

barretenberg/cpp/pil/vm2/trees/public_data_check.pil

@@ -149,7 +149,7 @@ namespace public_data_check;
 
     // TODO: We need this temporarily while we do not allow for aliases in the lookup tuple
     pol commit siloing_separator;
-    sel * (constants.GENERATOR_INDEX__PUBLIC_LEAF_INDEX - siloing_separator) = 0;
+    sel * (constants.DOM_SEP__PUBLIC_LEAF_INDEX - siloing_separator) = 0;
 
     #[SILO_POSEIDON2]
     sel { sel, siloing_separator, address, slot, leaf_slot }

barretenberg/cpp/pil/vm2/trees/written_public_data_slots_tree_check.pil

@@ -82,7 +82,7 @@ namespace written_public_data_slots_tree_check;
 
     // TODO: We need this temporarily while we do not allow for aliases in the lookup tuple
     pol commit siloing_separator;
-    sel * (constants.GENERATOR_INDEX__PUBLIC_LEAF_INDEX - siloing_separator) = 0;
+    sel * (constants.DOM_SEP__PUBLIC_LEAF_INDEX - siloing_separator) = 0;
 
     #[SILO_POSEIDON2]
     sel { sel, siloing_separator, address, slot, leaf_slot }