doc: AugSchemeMPL vs BasicSchemeMPL

[coolaj86]

Update

There's very little difference between the two. Mainly:

• Basic requires that the VerifyAggregate messages list not contain duplicates
• Aug prepends the corresponding PublicKey to messages before Sign or Verify
  (and therefore doesn't need to check for duplicates because they're guaranteed to be associated with the correct public key)

Original

The Sign, Verify, and other crypto functions are implemented from the same Core functions, but with different parameters:

https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-bls-signature-03#section-3

In some cases, the only difference is the magic byte string ("domain separation tag" or dst):

Each core operation has two variants that trade off signature and
public key size:

1. Minimal-signature-size: signatures are points in G1, public keys
   are points in G2. (Recall from Section 1.3 that E1 has a more
   compact representation than E2.)

2. Minimal-pubkey-size: public keys are points in G1, signatures are
   points in G2.

So:

• G1 identified DSTs have SV: minimal-signature-size whereas G2 identified DSTs have SV: minimal-pubkey-size

• The hashes etc use G1 for G1 and G2 for G2, etc (duh)

• AugSchemeMPL (Augumented MPS) BLS_SIG_BLS12381G2_XMD:SHA-256_SSWU_RO_AUG_

• BasicSchemeMPL (Basic or NUL MPS) BLS_SIG_BLS12381G2_XMD:SHA-256_SSWU_RO_NUL_

In TenderDash we only use Basic G2 (MPL/MPS).

We DO NOT use

• Aug MSL / MSS BLS_SIG_BLS12381G1_XMD:SHA-256_SSWU_RO_AUG_
• Basic MSL / MSS BLS_SIG_BLS12381G1_XMD:SHA-256_SSWU_RO_NUL_