Add support for parallelization in the tensor-commitment

[AlexandreBelling]

A small experiment for SIS

Also include a small-experiment, which lives in an isolated test file. The experiment underlines an idea to speed-up the SIS hashes down to 300ns per field element. It is however incomplete in the sense that it does not implement everything. Only the parts that are relevant "performance-wise" have been implemented.

The experiment is deeply tied to the choices of parameters that we use for SIS. (Recall d = 2 and \beta = 8). We do several thing. Instead, of representing "slots" in the hashing key with 2 field elements (internally represented as 4 uint64 each), we represent them using 6 uint64 limbs as follows.

0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff

represented as

0x00000fffffffffff
0x00000fffffffffff
0x00000fffffffffff
0x00000fffffffffff
0x00000fffffffffff
0x00000fffffffffff

Thus, each uint64 in the key are prefixed with 20 bits. Multiplying these key elements, by small number reduces this margin to 17 bits. Thus, we can perform all our field operations using uint64 arithmetic. This is much faster than field arithmetic even though there are "more" addition" to do. This approach benefits from not having to do reductions.

Another notable improvement stems from how we split large field elements into small chunks. The approach benefits from how gnark stores field elements internally (i.e. the fact that they are stored as [4]uint64) to minimize the number of CPU operations required to obtain a limb. This is however done at the cost of increasing the number of limbs from 88 to 85.

Parallelization for the tensor commitment

• Update the Append method of the tensor commitment to possibly take several polynomials at once. This is done at the cost of adding a breaking change. The tensor commitment no longer takes a SIS hasher as a parameter but takes a constructor that returns "fresh" hashers. This was necessary for thread-safety.