Avoid separate exp calls

src/field/cosets.rs

@@ -14,8 +14,8 @@ pub(crate) fn get_unique_coset_shifts<F: Field>(
     // Let g be a generator of the entire multiplicative group. Let n be the order of the subgroup.
     // The subgroup can be written as <g^(|F*| / n)>. We can use g^0, ..., g^(num_shifts - 1) as our
     // shifts, since g^i <g^(|F*| / n)> are distinct cosets provided i < |F*| / n, which we checked.
-    (0..num_shifts)
+    F::MULTIPLICATIVE_GROUP_GENERATOR.powers()
-        .map(|i| F::MULTIPLICATIVE_GROUP_GENERATOR.exp_usize(i))
+        .take(num_shifts)
         .collect()
 }
 

src/field/field.rs

@@ -143,6 +143,10 @@ pub trait Field: 'static
         self.exp(Self::from_canonical_usize(power))
     }
 
+    fn powers(&self) -> Powers<Self> {
+        Powers { base: *self, current: Self::ONE }
+    }
+
     fn rand_from_rng<R: Rng>(rng: &mut R) -> Self {
         Self::from_canonical_u64(rng.gen_range(0, Self::ORDER))
     }
@@ -151,3 +155,19 @@ pub trait Field: 'static
         Self::rand_from_rng(&mut OsRng)
     }
 }
+
+/// An iterator over the powers of a certain base element `b`: `b^0, b^1, b^2, ...`.
+pub struct Powers<F: Field> {
+    base: F,
+    current: F,
+}
+
+impl<F: Field> Iterator for Powers<F> {
+    type Item = F;
+
+    fn next(&mut self) -> Option<F> {
+        let result = self.current;
+        self.current *= self.base;
+        Some(result)
+    }
+}