Merge pull request #563 from mir-protocol/keccak_round_flags_constraints

Keccak round flags constraints

evm/src/keccak/round_flags.rs

@@ -21,7 +21,11 @@ pub(crate) fn eval_round_flags<F: Field, P: PackedField<Scalar = F>>(
         yield_constr.constraint_first_row(vars.local_values[reg_step(i)]);
     }
 
-    // TODO: Transition.
+    for i in 0..NUM_ROUNDS {
+        let current_round_flag = vars.local_values[reg_step(i)];
+        let next_round_flag = vars.next_values[reg_step((i + 1) % NUM_ROUNDS)];
+        yield_constr.constraint_transition(next_round_flag - current_round_flag);
+    }
 }
 
 pub(crate) fn eval_round_flags_recursively<F: RichField + Extendable<D>, const D: usize>(
@@ -37,4 +41,11 @@ pub(crate) fn eval_round_flags_recursively<F: RichField + Extendable<D>, const D
     for i in 1..NUM_ROUNDS {
         yield_constr.constraint_first_row(builder, vars.local_values[reg_step(i)]);
     }
+
+    for i in 0..NUM_ROUNDS {
+        let current_round_flag = vars.local_values[reg_step(i)];
+        let next_round_flag = vars.next_values[reg_step((i + 1) % NUM_ROUNDS)];
+        let diff = builder.sub_extension(next_round_flag, current_round_flag);
+        yield_constr.constraint_transition(builder, diff);
+    }
 }