Remove unnecessary checks from CompressedEdwardsY::decompress()

[daxpedda]

Currently CompressedEdwardsY::decompress() checks if the point is on the curve. This PR removes this check.

Please correct me if I'm wrong here, but I believe this check can never fail because we don't allow invalid y-coordinates (we reduce the input) and the x-coordinate is derived.

[tarcieri]

we don't allow invalid y-coordinates (we reduce the input)

That doesn't mean a prospective y-coordinate will be a valid solution to the curve equation.

However, as far as I can tell CompressedEdwardsY::decompress_unchecked does ensure a valid solution to the curve equation, and will return the CtOption equivalent of None if it isn't

[daxpedda]

we don't allow invalid y-coordinates (we reduce the input)

That doesn't mean a prospective y-coordinate will be a valid solution to the curve equation.

I see, thanks!

However, as far as I can tell CompressedEdwardsY::decompress_unchecked does ensure a valid solution to the curve equation, and will return the CtOption equivalent of None if it isn't

I went ahead and adjusted the implementation to follow RFC 8032 and left comments here and there. If we assume that the RFC algorithm only produces points on the curve, our current implementation must be fine then.

[daxpedda]

I went ahead and removed the check for torsion-freeness as well, following the RFC.