Jeff Burdges
I think `XofReader` works anyways, but then under the hood you're taking the same field as input in two places, only a minor wart in the higher level interface.
It's mostly done in https://github.com/w3f/arkworks-algebra/tree/xof_reader but we should still clean up the map_to_curve mess ala https://github.com/arkworks-rs/algebra/issues/629
Are these features even required? If rustc produces multiple .o files within the crate, then linkers should remove the dead code, so these features only save build time. At least...
You'd typically count curve operations plus FFTs. You could've curve+field forks or wrapper types, which achieved this. If you only want curve operations, then you could check out https://github.com/paritytech/arkworks-extensions If...
Above, we targeted the expensive operations above, without changing the fields, but.. It's likely easier to just count field operations, either cargo patch in your fork of ark-ff, or else...
Is the issue the delegation to [`SWCurveConfig::msm`](https://github.com/arkworks-rs/algebra/blob/master/ec/src/models/short_weierstrass/mod.rs#L97) and similar? It's likely some of that interface should be improved anyways, but they enable things like FPGAs or native calls from WASM,...
What is an ECDSA ZK Proof? Are you talking about DKGs that need ZKPs? ECDSA itself is pretty crappy, so afaik nobody would ever use it with Ristretto/ed25519. I think...
You mean they're doing non-native curve arithmetic on Ristretto to prove ECDSA secp256k1 signatures? That's also be odd since you could use its mirror curve instead, but maybe ECDSA on...
IRTF H2C draft says Edwards curves, including BLS12-377, should use Elligator, not WB, so the isogeny you want for the SW form of BSL12-377 is from the Edwards form.
In v0.4, the reduction happens in `PrimeField::into_bigint` at https://github.com/arkworks-rs/algebra/blob/master/ec/src/scalar_mul/variable_base/mod.rs#L22 `PrimeField::BigInt` behaves this way, which maybe important somewhere.