Function schnorrkel::vrf::dleq_verify_batch

pub fn dleq_verify_batch(
    ps: &[VRFInOut],
    proofs: &[VRFProofBatchable],
    public_keys: &[PublicKey],
    kusama: bool,
) -> SignatureResult<()>

Batch verify DLEQ proofs where the public keys were held by different parties.

We first reconstruct the cs present in the VRFProofs but absent in the VRFProofBatchables, using shorten_dleq. We then verify the R and Hr components of the VRFProofBatchables using the two equations a normal verification uses to discover them. We do this by delinearizing both verification equations with random numbers.

TODO: Assess when the two verification equations should be combined, presumably by benchmarking both forms. At smaller batch sizes then we should clearly benefit form the combined form, but any combination doubles the scalar by scalar multiplications and hashing, so large enough batch verifications should favor two separate calls.