zkWHIR 3.0 : Code Switch Protocol (part 1)

[ocdbytes]

Summary

Implements the code-switching IOR from Section 9.4 as a standalone sub-protocol in src/protocols/code_switch.rs.
Code switching reduces a proximity claim about oracle f w.r.t. source code C to a proximity claim about oracle g w.r.t. target code C', enabling the polylogarithmic-verifier protocol (Theorem 4) where the tested code shrinks each round.

What's implemented

• Config: Derives target code C' from source (ℓ' = ℓ, m' from rate), optional ZK mask code C_zk, OOD sample computation from Lemma 9.9. ZK query budgets passed via Option.
• Prover (prove): Commits target oracle g, optionally commits mask oracle s = Enc_{C_zk}((r, pad), r''), sends OOD answers, opens source oracle. Reuses irs_commit::commit and irs_commit::open with zero duplicated logic.
• Verifier (verify): Mirrors prover transcript, computes batched target μ', builds constraint weights for output sl'. Mask weights have pre-shifted RLC coefficients via MaskClaimInfo.
• Shared batching_challenge helper ensures prover/verifier transcript sync.
• Shared num_ood_samples extracted to irs_commit — used by both irs_commit::Config::new and code switch.
• Tests: Proptest over field types, sizes, rates, and ZK/non-ZK mode. Tests here just check the code switch transcript match. (Tests will be added in future PRs).

What's NOT in this PR (next PRs)

• Integration into whir's round structure as an alternative to sumcheck-only folding
• Implement zk sumcheck according to the construction 6.3 to include masks
• Refactoring irs_commit to separate commitment from OOD (deferred to whir integration)
• Parameter selection
• Mask resolution per iteration (this makes the basecase verification simple and whole flow clean and contained)

[codspeed-hq]

Merging this PR will not alter performance

✅ 10 untouched benchmarks
⏩ 22 skipped benchmarks¹

---

_{Comparing ocdbytes:aj/code-switch-protocol (343973a) with main (0aeaa7f)}

Footnotes

1. 22 benchmarks were skipped, so the baseline results were used instead. If they were deleted from the codebase, click here and archive them to remove them from the performance reports. ↩

[recmo]

Most import is we need need a proptest based on arbitrary config testing all invariants.