feat: small header verification

[ratankaliani]

Overview

• Verifies a small header (block 11000) with 4 signatuers from Celestia's mocha-3 testnet

Changes

• Add logic to step (i.e. chain together sub-circuits to verify a header)
• Verify EDDSA signatures with curta

Verifying Header

• To verify a header we do the following:

1. Marshal each of the validators into bytes & compute the validators hash
2. Check the computed validators hash == expected validators hash
3. Confirm the of the validators who have signed > 2/3 of the total voting power
4. Verify each of the validator signatures matches the corresponding pubkey & signed message
5. Verify that the header hash is in each message at a specific location (location is dependent on if round == 0 in the header)
6. Compute the root of each merkle inclusion proof for {dataRoot, validatorHash, nextValidatorsHash}
7. Verify that each root == header hash

Current Restrictions

1. No variable length signed messages supported by EDDSA (Celestia signed messages can very in length by ~20-30 bytes)
2. 10x the SHA256's necessary in hash_validator_leaf
3. Can't handle a variable number of validators/signatures (solved with dummy signatures that verify)

Misc

1. Do we need to check that each validator signature is unique?
2. verify_hash_in_message should output a BoolTarget

Bugs

• Mainly had issues with endian-ness and bit order, need to update plonky2x to simplify logic