add support for batch verification of multi signatures

[omershlo]

for MSP can be found in section 3.1 : batch verification

[jspenger]

I would like to give this one a try. Should the batch verification be only for distinct messages? or should we also implement batch verification for repeated messages? The difference is mentioned at the end of section 3.1. The distinct case would be: e(σ, g_2) ?= e(H_0(m_1), apk_1) ··· e(H_0(m_b), apk_b); whereas for repeated messages the aggregated public keys of the repeated messages would be raised to a random exponent pi: e( σ, g_2) ?= e(H_0(m_1), apk_1^p1) ··· e(H_0(m_b), apk_b^ρb).

[omershlo]

Awesome @jonasspenger ! This is a good question. I would say that both cases are interesting and if we have to choose I would first check which case is more common in deployed products.