Adding wNAF multiplication functionality

[ggkitsas]

Description

Adds wNAF multiplication functionality for Group elements. It doesn't change the way scalar multiplication is currently performed but rather provides an option to use wNAF.

Two functions are added:

• wnaf_table: generates a lookup table for a given Group element and window size
• wnaf_mul: performs the scalar multiplication using a lookup table and a scalar in NAF (can be obtained by find_wnaf)

---

Before we can merge this PR, please make sure that all the following items have been
checked off. If any of the checklist items are not applicable, please leave them but
write a little note why.

• Targeted PR against correct branch (master)
• Linked to Github issue with discussion and accepted design OR have an explanation in the PR that describes this work.
• Wrote unit tests
• Updated relevant documentation in the code
• Added a relevant changelog entry to the Pending section in CHANGELOG.md
• Re-reviewed Files changed in the Github PR explorer

[ValarDragon]

Thanks for PR'ing this! LGTM, left some requests for comments & minor changes

[ValarDragon]

LGTM!

Minor note, can a changelog entry be added to ### features.
perhaps:
- #230 (ark-ec) Add wnaf_mul implementation for groups

[jon-chuang]

I will be making some PRs from celo-org merge which include a wNAF mul combined with GLV. I think what would be nice would be to have the GLV-compatible curve use wNAF mul with a default window size specified in parameters.

I think we ought to make wNAF (+GLV if applicable) the default mul method, if it is faster.

However, maintaining the underlying methods in a separate file like here is good too, to reduce the single-file bloat and for multiple impls (add_assign for proj and add_assign_mixed for affine).

Unfortunately though, for the current impl, += with affine group would be extremely slow, I think, due to *self = s_proj.into();

The right thing to do would be to convert an affine point into a projective point first, since mul_bits returns a projective point anyway. So in theory, Group is too generic. I think ProjectiveCurve works just fine.

Btw @ValarDragon , do you know where Group is used? Seems it's only used in tests

[Pratyush]

@jon-chuang how does this PR interact with your upcoming wNAF PR?

[jon-chuang]

@Pratyush it can be used as an impl in a different file, which I am for as it separates duties.

[Pratyush]

Thanks for the PR! This looks mostly good to me, barring the concern @jon-chuang raised about using Group; it's better to implement it directly for ProjectiveCurve, so that you can take advantage of things like mixed addition.

[Pratyush]

@ggkitsas I pushed some updates that should now enable working with arbitrary window sizes. Please take a look and let me know if it makes sense.

[ggkitsas]

@Pratyush LGTM, thanks!

[Pratyush]

This LGTM, so unless folks would like further changes, I'll merge this today.

[ValarDragon]

LGTM!