Tie `Variable`s to `ConstraintSystem`

[cathieyun]

Currently, variables are just a holder for an index of an Assignment in a ConstraintSystem. There is nothing preventing variable misuse, such as:

• an invalid variable being created or passed into the ConstraintSystem, such as with an invalid index
• a variable created by another ConstraintSystem being passed into a different ConstraintSystem. Also, the usize field of the Variable struct is publicly visible, which is not a great design (users shouldn't be able to see that information).

One solution to this is to "tie" the Variable to a ConstraintSystem, such that the Variable returned to the user is actually a borrow of a Variable, and the index field is opaque. This would require the lifetime of the ConstraintSystem to be longer than or equal to the lifetime of the Variable. This way, you could not create an invalid variable (such as with an invalid index) (the first variable misuse example). However, this would not solve the second variable misuse example (getting a variable created by another ConstraintSystem).

[oleganza]

We can trivially make the index private (pub(crate)). As of preventing misused cross-CS, lifetimes should be solid, but might be annoying to deal with. Alternatively, we could also use a private canary value unique to a CS, and panic if someone misuses it. But that's not a compiler-enforced thing, unfortunately.

[hdevalence]

I don't think it's actually possible to make the index private, we'd need to have a custom type wrapper (since it's not possible to put pub(crate) on the enum variant directly). But I don't think it's that big of a deal.

[oleganza]

Or we can put index enum together with the assignment in a struct: https://github.com/dalek-cryptography/bulletproofs/pull/196/files#diff-b42834bf90ec0fe30c78f4709d2d8254R34