Fixed-base scalar mul via LSB set encoding

[mratsim]

The GLV-SAC paper introduces an alternative scalar multiplication for a fixed base. For example signing is always done using the generator point as a fixed base

• Efficient and Secure Algorithms for GLV-Based Scalar Multiplication and their Implementation on GLV-GLS Curves (Extended Version) Armando Faz-Hernández, Patrick Longa, Ana H. Sánchez, 2013 https://eprint.iacr.org/2013/158.pdf

This representation seems to be twice faster than simple 4-way endormorphism decomposition (without additional windowing optimization).

Note: while it uses 8 times more memory, that memory is allocated directly in the binary, not RAM.