check for non-canonical field element representations

[xrchz]

Considering the conversation here ethereum/consensus-specs#3057 and ongoing discussion, just want to record that the C library may need to detect and fail on non-canonical inputs (i.e., greater than the modulus).

[sauliusgrigaitis]

Key question - is there a valid case that MODULUS <= value <= MAX_DATA_TYPE_VALUE at the application level. Seems not. So the crypto library should just throw an informative error that it got a value that doesn't fit into MODULUS. This would also help to debug the application.

[sauliusgrigaitis]

I would vote for adding an informative error at the crypto library just because at the application level most of the devs are not that familiar with cryptography. By application level, I mean client level.

[xrchz]

Does this need to happen for the arguments of any other API functions than verify_kzg_proof?
Or is it all the functions that take a blob or blobs too?

[xrchz]

Following the latest specs (after ethereum/consensus-specs@23d3aee) I think the way to do it is put the check in bytes_to_bls_field (and have an unchecked version hash_to_bls_field for compute_challenges)

[xrchz]

Closed by #20