[crypto] Rescue hash function

[irakliyk]

Implementing high-performance version of Rescue hash function would be the first step towards recursive STARKs. Target performance should be 100K+ hashes (64B -> 32B) per second.

To achieve such level of performance, we would need to implement Rescue in a small (~64-bit) field. Description of Rescue hash function can be found here:

• Rescue-Prime: a Standard Specification (SoK)

Potential parameters (for ~128-bit security level) could be:

• Filed size: ~64-bits
• State width: 12 elements
• S-box degree: 3, 5, or 7 (depends on the chose field)
• Number of rounds: 7

We could also expose this implementation as two different variants: one with 4 field element output (~128 bit collision resistance) and 3 field element output (96-bit collision resistance). Although, it may be better to have a separate implementation for 96-bit version as that could be instantiated with a state width of 9 elements, and thus should be noticeably faster than the one using 12 elements.