DHKEM over secp256k1

[kwantam]

Hello and thanks for a really nice crate!

I recently wrote a quick specification for DHKEM-over-secp256k1, for which IANA has allocated the codepoint 0x0016.

It would be fantastic if this crate were updated with support! I'd be very happy to make a PR (including test vectors from the spec) if that would be helpful. Please let me know if you'd be opposed to accepting such a PR, otherwise I will prepare and submit it as soon as I've got the time.

[rozbb]

Hi Riad! Yes I would be happy to take the PR. The way we're doing it currently is we're keeping the draft specs in separate branches, eg unstable-pq-xyber, and backporting changes. When they're finalized, it'll be an easy merge

[rozbb]

fwiw it looks like this should have code that's nearly identical to the existing p256 impl, assuming you use the pure Rust impl. In that case, I think it'd be cleanest to turn the p256 impl into a macro

[tarcieri]

If you'd like to use both the p256 and k256 crates, you can use generics rather than macros.

We can potentially add some upstream hints/marker traits to these crates to help out if need be.