Implement group and pairing traits for bls12_381 and jubjub crates

[str4d]

Closes #163. Closes #167. Closes #169.

[codecov]

Codecov Report

Merging #245 into master will decrease coverage by 1.69%.
The diff coverage is 1.62%.

@@            Coverage Diff             @@
##           master     #245      +/-   ##
==========================================
- Coverage   66.73%   65.03%   -1.70%     
==========================================
  Files         117      117              
  Lines       16192    16623     +431     
==========================================
+ Hits        10805    10811       +6     
- Misses       5387     5812     +425     

Impacted Files	Coverage Δ
bls12_381/src/fp.rs	44.19% <0.00%> (-2.66%)	⬇️
bls12_381/src/fp12.rs	44.64% <0.00%> (-1.23%)	⬇️
bls12_381/src/fp2.rs	55.55% <0.00%> (-1.12%)	⬇️
bls12_381/src/fp6.rs	52.73% <0.00%> (-1.49%)	⬇️
bls12_381/src/g1.rs	65.15% <0.00%> (-9.94%)	⬇️
bls12_381/src/g2.rs	58.04% <0.00%> (-8.09%)	⬇️
group/src/lib.rs	50.00% <ø> (ø)
jubjub/src/lib.rs	41.95% <2.45%> (-14.26%)	⬇️
bls12_381/src/pairings.rs	55.01% <3.30%> (-21.73%)	⬇️
zcash_primitives/src/serialize.rs	64.28% <0.00%> (-1.03%)	⬇️
... and 2 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 964532e...3200ffc. Read the comment docs.

[nuttycom]

Non-blocking style comments/questions; I don't know how to verify the correctness of the actual group operations, but they look like what I'd expect.

[nuttycom]

Having seen this implementation duplicated a few times now, could it just be done via a blanket trait with constraints on Add and Identity? Or, is there a Monoid trait that combines the two? In Haskell we have this in the standard library:

Prelude> :t Data.Foldable.fold
Data.Foldable.fold :: (Foldable t, Monoid m) => t m -> m

[nuttycom]

If we can't use a blanket trait for these, we should at least make a macro for them.

[str4d]

There's already a set of common macros that are planned to be extracted out; we can do this at the same time.

[str4d]

Okay, I think that (aside from specifying the full-group generators for G1 and G2) this is ready for review. Best reviewed by-commit.

[daira]

Need to check a few things, otherwise utACK.

[daira]

@daira should check that this is the canonical point as defined that generates the whole group.

[daira]

I reviewed find_curve_generator() and it looks correct to me. This doesn't check that the point arithmetic or Montgomery conversion is done correctly, but it's enough to satisfy me.

[str4d]

Force-pushed to address some of @daira's comments. Per my responses above, I think they are all addressed now.

[daira]

utACK