Port to bn256

[HarryR]

Start with a fork which implements as much as possible in isolation, with code to verify basic correctness and assumptions. Then look into pain points, problems and how to make Orbital support both bn256 and secp256k1.

Then need to create a test transaction which can be used to verify implementation of mobius smart contract when it's ported to bn256.

Import code from:

• https://github.com/ethereum/go-ethereum/blob/master/crypto/bn256/bn256_test.go (BSD licensed)

[HarryR]

The following pieces of code can be used as references for using the Go crypto/bn256 module:

• https://github.com/cloudflare/bn256/blob/master/example_test.go
• https://github.com/mad-day/twoway/blob/4fb8611d9307300aa56a99c32855b6ec0ae2ab02/pairbased.go
• https://github.com/jlandrews/bgls/blob/f215d6f66a4a4885513ec9b923d59e2e8dc2581d/bgls.go
• https://github.com/samkumar/hibe/blob/c1cd171b6178f69ec51445329b702dcbbfe977f1/core.go
• https://github.com/vuvuzela/crypto/blob/98c950a7a215d119206acb5a3f1c326f4d82debe/ibe/ibe.go
• https://github.com/mad-day/tbcrypt/blob/004d65c32c6880b78ada0cb34a46527fce592a81/tbcrypt.go

EIP background:

• DRAFT: Precompiled contracts for pairing function check ethereum/EIPs#197
• Precompiled contracts for addition and scalar multiplication on the elliptic curve alt_bn128 ethereum/EIPs#196

The builtins are something like:

add

bn128add(x1, y1, x2, y2) = (x', y')

input data[]:
two points encoded as (x, y), where x and y are 32-byte left-padded integers,
if input is shorter than expected, it's assumed to be right-padded with zero bytes

output:
resulting point (x', y'), where x and y encoded as 32-byte left-padded integers

mul

bn128mul(x, y, s) = (x', y')

input data[]:
point encoded as (x, y) and scalar s, where x, y and s are 32-byte left-padded integers,
if input is shorter than expected, it's assumed to be right-padded with zero bytes

output:
resulting point (x', y'), where x and y encoded as 32-byte left-padded integers