Compute mu^k terms iteratively

[cargodog]

This resolves #18, but leaves some room for improvement w.r.t. prover efficiency. Currently the prover tediously computes the mu_l exponent for each index l in his proof. This could be optimized in future work to use a more efficient exponentiation algorithm (e.g. square and add), compute each mu_l in a single iterative computation, or both.

TODO:

• Modify proof and verification to compute mu_k exponentially (e.g. mu^k) instead of via keyed hash (e.g. blake2b(mu, k))
• Modify verification iterator chains to allow efficient iterative computation of mu^k coefficients
• Add macro or utility function to more efficiently compute mu^lfor each of the prover's inputs
• In verifier, combine factors_U and factors_M_k computation to share iteration over mu_k, instead of each iterating independently

Incidentally, this PR also resolves #23

[cargodog]

Add macro or utility function to more efficiently compute mu^lfor each of the prover's inputs

I realize the best way to solve this, actually involves enough work to be a feature of its own (or at least depend on new traits in curve25519-dalek). As such, I am crossing this out and deferring it to #27

[cargodog]

In verifier, combine factors_U and factors_M_k computation to share iteration over mu_k, instead of each iterating independently

This too stems from the larger issue of inefficiently performing redundant computations in several iterators. Addressing this will be much easier (and less future work) once #19 is resolved.