Optimize Miller loop on fixed pubkeys - expected 37% perf boost

[kchalkias]

If any of the G1, G2 arguments in the pairing are fixed(ie the public key is static or a constant parameter in the
system) we can have up to 37% faster Miller loop.
Typically BLST is doing that for the generator G, but in consensus systems where validator keys are fixed per epoch, we might be able to precompute stuff:

• useful when verifying individual sigs (precompute one part of pairing Miller loop based on individual validator keys)
• useful even on batch verification - precompute some known combinations (ie against the aggregated pubKey of most dominant validators

We could build that via some LRU on common validator combinations.
FYI @benr-ml who is working on unfolding BLS batch verification for a different purpose.

Related paper: https://eprint.iacr.org/2010/342

[benr-ml]

It won't help us too much in case of individual signatures, since we rarely verify those.
As for batch verification - let's first collect some statistics on whether we see common sets of public keys.

[jonas-lj]

I took a closer look at the BLST api, and it only allows pre computation for the right operand, aka the input element from G2, so it won't help us with fixed public keys in min_sig mode, and, as you say @kchalkias, blst already seems to do the pre computation for the G2 generator.

For future reference, the code to do this is on the https://github.com/MystenLabs/fastcrypto/tree/pairing_precomputation branch, and gives an 13% speed-up compared to an ordinary pairing.