starstream_nova: Implement Nebula-like scheme #42
Description
Right now it's more like Groth's approach, in that we hash a multiset via summing up the hashes of the elements.
This is also secure AFAICT, and quite simple, but it's two hash operations per UTXO operation, one to add an element (hash) to the RS, and one for the WS.
The Nebula scheme is however probably overly complicated and can be done in a simpler way. In essence what it aims to achieve is amortizing the hash operation and only hashing once for multiple elements. Nebula does this by essentially committing to the elements to be added, deriving a challenge via Fiat-Shamir, then using that to construct Reed-Solomon fingerprints.