Shinsaku Ashizawa

Hi @str4d Thank you for the review. I modified the PR according to review as following. > This is only added for use in a test, and should be crate-private...

I would like to know does this issue replace zcashd libraries with [sapling-crypto](https://github.com/zcash-hackworks/sapling-crypto)?

I think we can optimize curve scalar by naf with almost zero cost. We convert field element to 256 length of bit array. https://github.com/zcash/pasta_curves/blob/main/src/curves.rs#L483 If we convert it to bit...

I think Karatsuba can be used for field arithmetic. We are using convolution product for limbs arithmetic. The following is example of 4 length limbs. - Naive(M: 16, A: 9)...

We would improve wNAF, if we implement quadruple for curve and 4 multiplication for field. In 4 multiplication, we can replace it with 2 right bit shift and skip one...

precomputing inv * mod may also reduce 4 times mul in montgomery reduction

one of curious is one time modular reduction. bitcoin implementation doesn't perform modular reduction and manages number of arithmetic with magnitude. https://github.com/RustCrypto/elliptic-curves/blob/master/k256/src/arithmetic/field/field_impl.rs#L20

I think x_3 and x_3 are coordinates of added point. [component_add_point](https://github.com/dusk-network/plonk/blob/master/src/composer.rs#L657) constrains `a` and `b` JubjubAffine points addition `a + b = c`. a: (x_1, y_1) b: (x_2, y_2) c...

It returns errors in two cases. 1. polynomial coefficients are all zero 2. polynomial degree is higher than public parameters length https://github.com/dusk-network/plonk/blob/master/src/commitment_scheme/kzg10/key.rs#L160 In my opinion. Regarding case 1, the commitment...

Hi @han0110 Thank you for the review. I fixed the changes according to your review. I would appreciate it if you could confirm. Thank you!