feat: add KB8 curve and multiset hash on koalabear

[yelhousni]

Description

This PR adds support for the KB8 curve (pronounced /k/ [b] nueve, although the extension is 8) over the KoalaBear field and introduces a native multiset hash built on top of it. The target use case is circuit-friendly multiset hashing for computations defined over the KoalaBear field, in particular zkVM memory arguments that will later be verified inside SNARK circuits.

Concretely, this PR:

• adds the new ecc.KB8 curve and the ecc/kb8 package
• reuses field/koalabear for the base field and adds shared E8 support in field/koalabear/extensions
• adds the kb8 curve arithmetic, scalar field, generator config, and tests
• adds ecc/kb8/multiset-hash, implementing the deterministic y-increment multiset hash on kb8
• adds recursive cube-root support over the KoalaBear extension tower used by the Cardano solver
• updates the generator/templates needed to support kb8 while keeping the rest of the repository green

The multiset hash maps uint16 messages by searching y = 256*m + k for k < 256, solving the resulting depressed cubic over the extension field, and accumulating mapped points on kb8. The final implementation uses recursive Cardano with binary Lucas sequences at every extension level.

Type of change

• New feature (non-breaking change which adds functionality)
• Bug fix (non-breaking change which fixes an issue)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

How has this been tested?

The following checks pass locally:

• go test ./field/koalabear/extensions ./ecc/kb8/...

Additional validation performed during development:

• exhaustive Map(uint16) validation over all 65536 inputs

How has this been benchmarked?

Benchmarks were run locally on a MacBook Pro class machine (darwin/arm64, Apple M5, 32GB RAM) with:

go test ./ecc/kb8/multiset-hash -bench . -run '^$'

Current results:

• BenchmarkMap-10: 28008 ns/op
• BenchmarkAccumulatorInsert-10: 7330262 ns/op
• BenchmarkHash256-10: 7159831 ns/op

Checklist:

• I have performed a self-review of my code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have added tests that prove my fix is effective or that my feature works
• I did not modify files generated from templates
• golangci-lint does not output errors locally
• New and existing unit tests pass locally with my changes
• Any dependent changes have been merged and published in downstream modules

---

Note

High Risk
Adds a new elliptic-curve family (KB8) plus extensive generated finite-field arithmetic (including asm paths) and hashing primitives; correctness issues here would impact cryptographic/security-sensitive operations and any consumers relying on curve/field behavior.

Overview
Adds support for the new ecc.KB8 curve ID, wiring it into ID parsing/printing and exposing its scalar/base field moduli.

Introduces a new ecc/kb8 subtree: fp is a thin alias over the existing KoalaBear base field, while fr adds a full generated scalar-field implementation (Montgomery arithmetic, inversion/Legendre/sqrt/cbrt, vector ops, and architecture-specific asm/purego backends) with comprehensive tests, including a regression for Cbrt(0).

^{Reviewed by Cursor Bugbot for commit 569c9ef. Bugbot is set up for automated code reviews on this repo. Configure here.}

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit 41a9850. Configure here.}

[gbotrel]

Review pass from 2026-05-07.

Findings:

• Blocking: staticcheck CI is correctly failing because the generated code is stale. The Actions log reports that go generate leaves the repository dirty, with a diff in ecc/kb8/fr/element.go (the generated exponentiation helpers differ from the committed file). Please run the generator and commit the resulting generated file before this PR is used as the dependency for gnark #1757.

Verification run locally:

• go test ./field/koalabear/extensions ./ecc/kb8/...