Currently one can weight double/add (square/multiply) when selecting the best chain from the results. Is it possible to weight shifts (doubles or squares in a row) as well?
The use-case would be speeding up the pairing computation on polynomial-based curves (e.g. BLS, BN...), precisely the exponentiation by the curve seed (constant) in the final exponentiation. For example (see here for BLS12-377), we use Karabina cyclotomic squares for the 46-sized shift with a single decompression (inverse). This is faster for big shifts compared to the (uncompressed) Granger-Scott cyclotomic square. For BN254 (see here), we use addchain but the size of shifts are not big enough for Karabina's use.
Currently one can weight double/add (square/multiply) when selecting the best chain from the results. Is it possible to weight shifts (doubles or squares in a row) as well? The use-case would be speeding up the pairing computation on polynomial-based curves (e.g. BLS, BN...), precisely the exponentiation by the curve seed (constant) in the final exponentiation. For example (see here for BLS12-377), we use Karabina cyclotomic squares for the 46-sized shift with a single decompression (inverse). This is faster for big shifts compared to the (uncompressed) Granger-Scott cyclotomic square. For BN254 (see here), we use
addchainbut the size of shifts are not big enough for Karabina's use.