Constant-time note commitment

[ConstanceBeguier]

We would like to have a constant-time evaluation of the note commitment for both ZEC and ZSA.
ZEC_note_commitment=Extract_P(SinsemillaHashToPoint(zec_personalization, common_bits) + [rcm]R_zec)
ZSA_note_commitment=Extract_P(SinsemillaHashToPoint(zsa_personalization, common_bits || asset) + [rcm]R_zsa)

The Sinsemilla Hash function splits the message to be hashed into K-bit blocks, then iteratively processes each block along with the result of the previous block using a constant-time function.

To have a constant time note commitment, we will

1. Select (personalization, R) which is equal to (zec_personalization, R_zec) for native asset and (zsa_personalization, R_zsa) otherwise)
2. Split the common_bits into common_prefix and common_suffix such that
   • common_bits = common_prefix || common_suffix
   • common_prefix length is a multiple of K
   • common_suffix length is smaller than K
3. Evaluate common_hash = SinsemillaHashToPoint(personalization, common_prefix)
4. Evaluate zec_hash = AppendHash(common_hash, common_suffix) and zsa_hash ) AppendHash(common_hash, common_suffix || asset)
5. Select hash_point which is equal to zec_hash for native asset and zsa_hash otherwise
6. Evaluate the note commitment which is equal to ExtractP(hash_point + [rcm] R)

[what-the-diff]

PR Summary

• Split commit function into two constant-time functions
  The original commit function is now divided into two separate functions that allow for constant-time execution. This improves efficiency and security in various protocols.

• Double Constant Time Commit
  This new implementation takes a boolean input and returns either one or another commitment based on the input value, ensuring constant time execution.

• Single Constant Time Commit
  Useful for generating a single commitment with constant-time execution by calling the Double Constant Time Commit function with identical personalizations.

[ConstanceBeguier]

Deprecated in favor of #52