gen/ec: scalar multiplication

[mmcloughlin]

Need to generate code for scalar multiplication.

[mmcloughlin]

Implementations:

• crypto/elliptic p256 generic uses 4-bit fixed windows
• crypto/elliptic p256 asm uses booth encoding w=5
• github.com/cloudflare/circl/ecc/p384 ScalarMult uses a signed-digit recoding (math.SignedDigit)
• github.com/cloudflare/circl/ecc/p384 SimultaneousMult uses window-w Non-Adjacent Form (math.OmegaNAF)
• github.com/cloudflare/circl/sign/ed25519 doubleMult also uses math.OmegaNAF
• github.com/cloudflare/circl/dh/x25519 uses Montgomery and Joye ladders
• github.com/cloudflare/circl/dh/x448 same techniques as x25519

References:

• Alg.6 in "Exponent Recoding and Regular Exponentiation Algorithms" by Joye-Tunstall. http://doi.org/10.1007/978-3-642-02384-2_21
• Alg.6 in "Selecting Elliptic Curves for Cryptography: An Efficiency and Security Analysis" by Bos et al. http://doi.org/10.1007/s13389-015-0097-y
• Alg.9 "Efficient arithmetic on Koblitz curves" by Solinas. http://doi.org/10.1023/A:1008306223194

[mmcloughlin]

Variable-base scalar multiplication, Algorithm 1. Requirements:

• [ ] Step 1: Scalar Validation
• [ ] Step 2: Point Validation?
• [x] Step 4: Precomputation of Odd Multiples
• [x] Step 5-6: Conversion to Odd
• [x] Step 7: Fixed Window Recoding
• [x] Step 8,15: Constant Time Table Lookup
• [x] Step 19: Complete Addition for Final Add cloudflare/circl#66
• [x] Step 20: Conditional Negation #68