SIMD-302: implement alt_bn128 G2 syscalls

Author: Rexicon226

src/core/features.zon

@@ -253,4 +253,5 @@
     .{ .name = "increase_cpi_account_info_limit", .pubkey = "H6iVbVaDZgDphcPbcZwc5LoznMPWQfnJ1AM7L1xzqvt5" },
     .{ .name = "vote_state_v4", .pubkey = "Gx4XFcrVMt4HUvPzTpTSVkdDVgcDSjKhDN1RqRS6KDuZ" },
     .{ .name = "alt_bn128_little_endian", .pubkey = "bnS3pWfLrxHRJvMyLm6EaYQkP7A2Fe9DxoKv4aGA8YM" },
+    .{ .name = "enable_alt_bn128_g2_syscalls", .pubkey = "bn1hKNURMGQaQoEVxahcEAcqiX3NwRs6hgKKNSLeKxH" },
 }

src/crypto/bn254/fields.zig

@@ -122,6 +122,15 @@ pub const Fp = struct {
     }
 
     pub fn byteSwap(a: [32]u8) [32]u8 {
+        // NOTE: This compiles down into a single ymm vpshufb, which is nice
+        // however it has a high latency (10 cycles on tigerlake), so I'm not
+        // sure if this is better than just 4 mov + 4 movbe instructions, which
+        // could be trivially executed in parallel.
+        //
+        // Alternative:
+        // const x: u256 = @bitCast(a);
+        // return @bitCast(@byteSwap(x));
+
         const limbs: [4]u64 = @bitCast(a);
         const array: [4]u64 = .{
             @byteSwap(limbs[3]),
@@ -565,7 +574,7 @@ pub const Fp2 = struct {
     }
 
     /// https://eprint.iacr.org/2010/354.pdf, Alg. 8
-    fn inverse(a: Fp2) Fp2 {
+    pub fn inverse(a: Fp2) Fp2 {
         // t0 ← a0^2
         var t0 = a.c0.sq();
         // t1 ← a1^2