joe

I added more comments to the SubproductDomain algorithms

I also wasted way too many hours trying to figure this out, and I also think there should be some changes on arkworks side to facilitate all of this. One...

See section 4.1 of this thesis: https://core.ac.uk/download/pdf/10898289.pdf and this paper: https://eprint.iacr.org/2015/1060.pdf for details on complete formulae for weierstrass curves. It's probably worth implementing both complete and incomplete arithmetic.

I eventually added some workaround, but I think it could use some additional work. Maybe the `GeneralEvaluationDomain` can be constructed in one place instead of the several places it is...

No notes needed, you got it pretty accurate. There is even a spec and some examples in progress at: https://specs.anoma.net/master/architecture/j-group/vampir/vampir.html There may be some bridging needed between Halo 2 terminology/concepts,...

`sapling-spend-prove time: [914.88 ms 924.71 ms 933.64 ms]`, so that's what, about 14% faster? If there is a performance regression in `bitvec 1`, I assume it can also be fixed...

Super minor comment, I've been using the term "weight" or "staking weight" which seems to be commonplace, but the actual term used in the Tendermint code+docs is "voting power", which...

For threshold decryption, I believe the bottlenecks are currently the following: 1. Every validator needs to do 1 ciphertext validity check per tx (1 pairing equation check/tx) 2. Every validator...

Thanks for this PR, we haven't forgotten about it! We are going to try to publish it alongside the main Anoma docs, which needs a bit more work.

Main blockers at the moment: - Hash to curve still not implemented - Key-committing AEAD implementation needed - Operations that can be parallelize should be using rayon or similar