Improve Miller loop performance for SW6

[Pratyush]

Currently the Miller loop for SW6 uses affine coordinates, which makes the loop much slower than necessary. Moving to projective coordinates should speed up the loop significantly.

One can use the MNT6 miller loop code as a reference point to get this working. Indeed, a prior version of the SW6 ML code was basically a port of the MNT6 code, but it had incorrect constants, and so the pairing result was incorrect. This (incorrect) version was ~4x faster than the current (correct) version.

[yelhousni]

Here is a ML in projective coordinates for SW6 curve: https://github.com/EYBlockchain/zk-swap-libff/blob/ey/libff/algebra/curves/sw6/sw6_pairing.cpp and for SW6_BIS (field size of 761 bits): https://github.com/EYBlockchain/zk-swap-libff/blob/ey/libff/algebra/curves/sw6_bis/sw6_bis_pairing.cpp

[Pratyush]

Awesome! Do you mind I port over the implementation to Rust? Is it under the MIT license?

[yelhousni]

Yes, it is MIT you can port it to Rust. I am working btw on porting SW6_BIS to Rust and do a PR here if you want.

[Pratyush]

Yes, that would be great!

[yelhousni]

Normally, affine coordinates should yield a faster pairing over SW6 if the inverse is implemented using the norm map as suggested in [1, 2, 3]. But I think it's not the case here, thus the ~4x factor you remarked.