merge

src/gadgets/curve.rs

@@ -59,6 +59,38 @@ impl<F: RichField + Extendable<D>, const D: usize> CircuitBuilder<F, D> {
             y: neg_y,
         }
     }
+
+    pub fn curve_double<C: Curve>(&mut self, p: &AffinePointTarget<C>) -> AffinePointTarget<C> {
+        let AffinePointTarget { x, y } = p;
+        let double_y = self.add_nonnative(y, y);
+        let inv_double_y = self.inv_nonnative(&double_y);
+        let x_squared = self.mul_nonnative(x, x);
+        let double_x_squared = self.add_nonnative(&x_squared, &x_squared);
+        let triple_x_squared = self.add_nonnative(&double_x_squared, &x_squared);
+
+        let a = self.constant_nonnative(C::A);
+        let triple_xx_a = self.add_nonnative(&triple_x_squared, &a);
+        let lambda = self.mul_nonnative(&triple_xx_a, &inv_double_y);
+        let lambda_squared = self.mul_nonnative(&lambda, &lambda);
+        let x_double = self.add_nonnative(x, x);
+
+        let x3 = self.sub_nonnative(&lambda_squared, &x_double);
+
+        let x_diff = self.sub_nonnative(x, &x3);
+        let lambda_x_diff = self.mul_nonnative(&lambda, &x_diff);
+
+        let y3 = self.sub_nonnative(&lambda_x_diff, y);
+
+        AffinePointTarget { x: x3, y: y3 }
+    }
+
+    pub fn curve_add<C: Curve>(
+        &mut self,
+        a: &AffinePointTarget<C>,
+        b: &AffinePointTarget<C>,
+    ) -> AffinePointTarget<C> {
+        todo!()
+    }
 }
 
 mod tests {

src/gadgets/nonnative.rs

@@ -5,6 +5,9 @@ use num::{BigUint, One};
 use crate::field::field_types::RichField;
 use crate::field::{extension_field::Extendable, field_types::Field};
 use crate::gadgets::biguint::BigUintTarget;
+use crate::iop::generator::{GeneratedValues, SimpleGenerator};
+use crate::iop::target::Target;
+use crate::iop::witness::{PartitionWitness, Witness};
 use crate::plonk::circuit_builder::CircuitBuilder;
 
 pub struct NonNativeTarget<FF: Field> {
@@ -46,6 +49,7 @@ impl<F: RichField + Extendable<D>, const D: usize> CircuitBuilder<F, D> {
     ) -> NonNativeTarget<FF> {
         let result = self.add_biguint(&a.value, &b.value);
 
+        // TODO: reduce add result with only one conditional subtraction
         self.reduce(&result)
     }
 
@@ -84,8 +88,32 @@ impl<F: RichField + Extendable<D>, const D: usize> CircuitBuilder<F, D> {
         self.mul_nonnative(&neg_one_ff, x)
     }
 
-    /// Returns `x % |FF|` as a `NonNativeTarget`.
-    fn reduce<FF: Field>(&mut self, x: &BigUintTarget) -> NonNativeTarget<FF> {
+    pub fn inv_nonnative<FF: Field>(
+        &mut self,
+        x: &ForeignFieldTarget<FF>,
+    ) -> ForeignFieldTarget<FF> {
+        let num_limbs = x.value.num_limbs();
+        let inv_biguint = self.add_virtual_biguint_target(num_limbs);
+        let inv = ForeignFieldTarget::<FF> {
+            value: inv_biguint,
+            _phantom: PhantomData,
+        };
+
+        self.add_simple_generator(NonNativeInverseGenerator::<F, D, FF> {
+            x: x.clone(),
+            inv: inv.clone(),
+            _phantom: PhantomData,
+        });
+
+        let product = self.mul_nonnative(&x, &inv);
+        let one = self.constant_nonnative(FF::ONE);
+        self.connect_nonnative_reduced(&product, &one);
+
+        inv
+    }
+
+    /// Returns `x % |FF|` as a `ForeignFieldTarget`.
+    fn reduce<FF: Field>(&mut self, x: &BigUintTarget) -> ForeignFieldTarget<FF> {
         let modulus = FF::order();
         let order_target = self.constant_biguint(&modulus);
         let value = self.rem_biguint(x, &order_target);
@@ -106,6 +134,28 @@ impl<F: RichField + Extendable<D>, const D: usize> CircuitBuilder<F, D> {
     }
 }
 
+#[derive(Debug)]
+struct NonNativeInverseGenerator<F: RichField + Extendable<D>, const D: usize, FF: Field> {
+    x: ForeignFieldTarget<FF>,
+    inv: ForeignFieldTarget<FF>,
+    _phantom: PhantomData<F>,
+}
+
+impl<F: RichField + Extendable<D>, const D: usize, FF: Field> SimpleGenerator<F>
+    for NonNativeInverseGenerator<F, D, FF>
+{
+    fn dependencies(&self) -> Vec<Target> {
+        self.x.value.limbs.iter().map(|&l| l.0).collect()
+    }
+
+    fn run_once(&self, witness: &PartitionWitness<F>, out_buffer: &mut GeneratedValues<F>) {
+        let x = witness.get_nonnative_target(self.x.clone());
+        let inv = x.inverse();
+
+        out_buffer.set_nonnative_target(self.inv.clone(), inv);
+    }
+}
+
 #[cfg(test)]
 mod tests {
     use anyhow::Result;

src/iop/generator.rs

@@ -8,6 +8,7 @@ use crate::field::extension_field::{Extendable, FieldExtension};
 use crate::field::field_types::{Field, RichField};
 use crate::gadgets::arithmetic_u32::U32Target;
 use crate::gadgets::biguint::BigUintTarget;
+use crate::gadgets::nonnative::ForeignFieldTarget;
 use crate::hash::hash_types::{HashOut, HashOutTarget};
 use crate::iop::target::Target;
 use crate::iop::wire::Wire;
@@ -168,6 +169,10 @@ impl<F: Field> GeneratedValues<F> {
         }
     }
 
+    pub fn set_nonnative_target<FF: Field>(&mut self, target: ForeignFieldTarget<FF>, value: FF) {
+        self.set_biguint_target(target.value, value.to_biguint())
+    }
+
     pub fn set_hash_target(&mut self, ht: HashOutTarget, value: HashOut<F>) {
         ht.elements
             .iter()

src/iop/witness.rs

@@ -6,6 +6,7 @@ use crate::field::extension_field::target::ExtensionTarget;
 use crate::field::extension_field::{Extendable, FieldExtension};
 use crate::field::field_types::Field;
 use crate::gadgets::biguint::BigUintTarget;
+use crate::gadgets::nonnative::ForeignFieldTarget;
 use crate::hash::hash_types::HashOutTarget;
 use crate::hash::hash_types::{HashOut, MerkleCapTarget};
 use crate::hash::merkle_tree::MerkleCap;
@@ -68,6 +69,11 @@ pub trait Witness<F: Field> {
         result
     }
 
+    fn get_nonnative_target<FF: Field>(&self, target: ForeignFieldTarget<FF>) -> FF {
+        let val = self.get_biguint_target(target.value);
+        FF::from_biguint(val)
+    }
+
     fn get_hash_target(&self, ht: HashOutTarget) -> HashOut<F> {
         HashOut {
             elements: self.get_targets(&ht.elements).try_into().unwrap(),