ff 0.13 (#269)

* Partial move to ff 0.13

It turns out the newly released k256 0.12 isn't on ff 0.13, preventing further
work at this time.

* Update all crates to work on ff 0.13

The provided curves still need to be expanded to fit the new API.

* Finish adding dalek-ff-group ff 0.13 constants

* Correct FieldElement::product definition

Also stops exporting macros.

* Test most new parts of ff 0.13

* Additionally test ff-group-tests with BLS12-381 and the pasta curves

We only tested curves from RustCrypto. Now we test a curve offered by zk-crypto,
the group behind ff/group, and the pasta curves, which is by Zcash (though
Zcash developers are also behind zk-crypto).

* Finish Ed448

Fully specifies all constants, passes all tests in ff-group-tests, and finishes moving to ff-0.13.

* Add RustCrypto/elliptic-curves to allowed git repos

Needed due to k256/p256 incorrectly defining product.

* Finish writing ff 0.13 tests

* Add additional comments to dalek

* Further comments

* Update ethereum-serai to ff 0.13

coins/monero/src/ringct/bulletproofs/plus.rs

@@ -31,7 +31,7 @@ fn hash_plus<C: IntoIterator<Item = DalekPoint>>(commitments: C) -> (Scalar, Vec
 // d[j*N+i] = z**(2*(j+1)) * 2**i
 fn d(z: Scalar, M: usize, MN: usize) -> (ScalarVector, ScalarVector) {
   let zpow = ScalarVector::even_powers(z, 2 * M);
-  let mut d = vec![Scalar::zero(); MN];
+  let mut d = vec![Scalar::ZERO; MN];
   for j in 0 .. M {
     for i in 0 .. N {
       d[(j * N) + i] = zpow[j] * TWO_N[i];
@@ -239,7 +239,7 @@ impl PlusStruct {
     // Invert B, instead of the Scalar, as the latter is only 2x as expensive yet enables reduction
     // to a single addition under vartime for the first BP verified in the batch, which is expected
     // to be much more significant
-    proof.push((Scalar::one(), -B));
+    proof.push((Scalar::ONE, -B));
     proof.push((-e, A1));
     proof.push((minus_esq, A));
     proof.push((Scalar(self.d1), G));