perf: optimize hint computation with corresponding output field

std/algebra/emulated/sw_emulated/hints.go

@@ -14,7 +14,60 @@ func init() {
 }
 
 func GetHints() []solver.Hint {
-	return []solver.Hint{decomposeScalarG1}
+	return []solver.Hint{decomposeScalarG1, decomposeScalarG1Signs, decomposeScalarG1Subscalars}
+}
+
+func decomposeScalarG1Subscalars(mod *big.Int, inputs []*big.Int, outputs []*big.Int) error {
+	return emulated.UnwrapHint(inputs, outputs, func(field *big.Int, inputs, outputs []*big.Int) error {
+		if len(inputs) != 2 {
+			return fmt.Errorf("expecting three inputs")
+		}
+		if len(outputs) != 2 {
+			return fmt.Errorf("expecting six outputs")
+		}
+		glvBasis := new(ecc.Lattice)
+		ecc.PrecomputeLattice(field, inputs[1], glvBasis)
+		sp := ecc.SplitScalar(inputs[0], glvBasis)
+		outputs[0].Set(&(sp[0]))
+		outputs[1].Set(&(sp[1]))
+		// we need the absolute values for the in-circuit computations,
+		// otherwise the negative values will be reduced modulo the SNARK scalar
+		// field and not the emulated field.
+		// 		output0 = |s0| mod r
+		// 		output1 = |s1| mod r
+		if outputs[0].Sign() == -1 {
+			outputs[0].Neg(outputs[0])
+		}
+		if outputs[1].Sign() == -1 {
+			outputs[1].Neg(outputs[1])
+		}
+
+		return nil
+	})
+}
+
+func decomposeScalarG1Signs(mod *big.Int, inputs []*big.Int, outputs []*big.Int) error {
+	return emulated.UnwrapHintWithNativeOutput(inputs, outputs, func(field *big.Int, inputs, outputs []*big.Int) error {
+		if len(inputs) != 2 {
+			return fmt.Errorf("expecting three inputs")
+		}
+		if len(outputs) != 2 {
+			return fmt.Errorf("expecting six outputs")
+		}
+		glvBasis := new(ecc.Lattice)
+		ecc.PrecomputeLattice(field, inputs[1], glvBasis)
+		sp := ecc.SplitScalar(inputs[0], glvBasis)
+		outputs[0].SetUint64(0)
+		if sp[0].Sign() == -1 {
+			outputs[0].SetUint64(1)
+		}
+		outputs[1].SetUint64(0)
+		if sp[1].Sign() == -1 {
+			outputs[1].SetUint64(1)
+		}
+
+		return nil
+	})
 }
 
 func decomposeScalarG1(mod *big.Int, inputs []*big.Int, outputs []*big.Int) error {