Hardcode expected VK hash inside fold circuit to simplify JS and Solidity verification

[cedoor]

Summary

Currently the fold circuit in CRISP computes a combined key_hash from the 4 inner VK hashes and returns it as a public output alongside pk_commitment. The JS and Solidity sides then need additional logic to verify this hash matches the expected value.

Since the VK hash is deterministic and only changes when the inner circuits or fold code change, we can hardcode the expected value as a constant inside the circuit and assert it matches the computed one. This moves the check entirely into the circuit, eliminating the need for external verification logic.

A similar update can be done in the new C2 circuit implemented in #1400, where we have N inner proofs + final wrapper similar to how CRISP is organized.

Changes

• Add a global EXPECTED_VK_HASH: Field constant in examples/CRISP/circuits/bin/fold/src/main.nr
• Assert key_hash == EXPECTED_VK_HASH inside the circuit
• Change the return type from pub (Field, Field) to pub Field (only pk_commitment)
• Remove key_hash verification logic from JS proof generation and Solidity verifier contract

Trade-offs

• Pro: Simplifies JS & Solidity — no need to carry or check the VK hash externally
• Con: The hardcoded hash must be updated every time an inner circuit or the fold circuit changes
• Mitigation: Add a script that recomputes the VK hash and checks if it matches the one in the circuit (can be done in scripts/compile_circuits.sh)