Signature blinding

[tomato42]

While blinding in ECC is not really practical for performance applications, it would be a good teaching opportunity to show how blinding can be performed in ECDSA signatures.

the new equation for s would be as follows:

s = inv_blind * inv_k * (blind * m + blind * r * priv_key) % order

where inv_blind and inv_k are multiplicative inverses modulo order of blind and k respectively

[tomato42]

If implemented, use of blinding should depend on a setting (either mode-wide one or one for just one instance of SigningKey) and it should default to disabled.