edwards: avoid inversions in Add in extended points

[jsign]

Description

This PR proposes solving a performance problem while doing Add in Edwards curves.

The TL;DR of the problem is that this operation does an equality checking, which involves a very slow inversion.

Type of change

• Performance improvement

How has this been tested?

This PR doesn’t change the logic or add new border cases, so existing tests cover correct behavior.

How has this been benchmarked?

name                    old time/op    new time/op    delta
MixedAdd/Extended-16       221ns ± 2%     220ns ± 2%      ~     (p=0.393 n=10+10)
Add/Extended-16           3.70µs ± 1%    0.20µs ± 2%   -94.52%  (p=0.000 n=10+10)

name                    old alloc/op   new alloc/op   delta
MixedAdd/Extended-16       0.00B          0.00B           ~     (all equal)
Add/Extended-16            0.00B          0.00B           ~     (all equal)

name                    old allocs/op  new allocs/op  delta
MixedAdd/Extended-16        0.00           0.00           ~     (all equal)
Add/Extended-16             0.00           0.00           ~     (all equal)

[yelhousni]

Good catch! Add should implement the strongly unified addition and not the dedicated one + the heavy inverse-based equality check. Maybe we can add AddDedicated (without the equality check) if we think there is guaranteed use of it (e.g. MSM), although it saves just a mul by constant d.

[jsign]

@yelhousni, @gbotrel, rebased.

[yelhousni]

👍