addressed comments

src/curve/curve_adds.rs

@@ -41,6 +41,7 @@ impl<C: Curve> Add<ProjectivePoint<C>> for ProjectivePoint<C> {
             }
         }
 
+        // From https://www.hyperelliptic.org/EFD/g1p/data/shortw/projective/addition/add-1998-cmo-2
         let z1z2 = z1 * z2;
         let u = y2z1 - y1z2;
         let uu = u.square();
@@ -92,6 +93,7 @@ impl<C: Curve> Add<AffinePoint<C>> for ProjectivePoint<C> {
             }
         }
 
+        // From https://www.hyperelliptic.org/EFD/g1p/data/shortw/projective/addition/madd-1998-cmo
         let u = y2z1 - y1;
         let uu = u.square();
         let v = x2z1 - x1;
@@ -138,6 +140,7 @@ impl<C: Curve> Add<AffinePoint<C>> for AffinePoint<C> {
             }
         }
 
+        // From https://www.hyperelliptic.org/EFD/g1p/data/shortw/projective/addition/mmadd-1998-cmo
         let u = y2 - y1;
         let uu = u.square();
         let v = x2 - x1;

src/curve/curve_types.rs

@@ -197,6 +197,7 @@ impl<C: Curve> ProjectivePoint<C> {
         result
     }
 
+    // From https://www.hyperelliptic.org/EFD/g1p/data/shortw/projective/doubling/dbl-2007-bl
     pub fn double(&self) -> Self {
         let Self { x, y, z } = *self;
         if z == C::BaseField::ZERO {

src/curve/secp256k1.rs

@@ -22,6 +22,7 @@ impl Curve for Secp256K1 {
     };
 }
 
+// 55066263022277343669578718895168534326250603453777594175500187360389116729240
 const SECP256K1_GENERATOR_X: Secp256K1Base = Secp256K1Base([
     0x59F2815B16F81798,
     0x029BFCDB2DCE28D9,
@@ -29,7 +30,7 @@ const SECP256K1_GENERATOR_X: Secp256K1Base = Secp256K1Base([
     0x79BE667EF9DCBBAC,
 ]);
 
-/// 241266749859715473739788878240585681733927191168601896383759122102112907357779751001206799952863815012735208165030
+/// 32670510020758816978083085130507043184471273380659243275938904335757337482424
 const SECP256K1_GENERATOR_Y: Secp256K1Base = Secp256K1Base([
     0x9C47D08FFB10D4B8,
     0xFD17B448A6855419,

src/field/secp256k1_base.rs

@@ -88,7 +88,7 @@ impl Field for Secp256K1Base {
     // Sage: `g = GF(p).multiplicative_generator()`
     const MULTIPLICATIVE_GROUP_GENERATOR: Self = Self([5, 0, 0, 0]);
 
-    // Sage: `g_2 = power_mod(g, (p - 1) // 2), p)`
+    // Sage: `g_2 = g^((p - 1) / 2)`
     const POWER_OF_TWO_GENERATOR: Self = Self::NEG_ONE;
 
     const BITS: usize = 256;

src/gadgets/curve.rs

@@ -1,10 +1,11 @@
 use crate::curve::curve_types::{AffinePoint, Curve};
 use crate::field::extension_field::Extendable;
-use crate::field::field_types::{Field, RichField};
+use crate::field::field_types::RichField;
 use crate::gadgets::nonnative::NonNativeTarget;
 use crate::plonk::circuit_builder::CircuitBuilder;
 
-/// A Target representing an affine point on the curve `C`.
+/// A Target representing an affine point on the curve `C`. We use incomplete arithmetic for efficiency,
+/// so we assume these points are not zero.
 #[derive(Clone, Debug)]
 pub struct AffinePointTarget<C: Curve> {
     pub x: NonNativeTarget<C::BaseField>,

src/gadgets/nonnative.rs

@@ -1,6 +1,6 @@
 use std::marker::PhantomData;
 
-use num::{BigUint, One};
+use num::{BigUint, One, Zero};
 
 use crate::field::field_types::RichField;
 use crate::field::{extension_field::Extendable, field_types::Field};
@@ -79,12 +79,10 @@ impl<F: RichField + Extendable<D>, const D: usize> CircuitBuilder<F, D> {
     }
 
     pub fn neg_nonnative<FF: Field>(&mut self, x: &NonNativeTarget<FF>) -> NonNativeTarget<FF> {
-        // TODO: zero - x would be more efficient but doesn't seem to work?
-        let neg_one = FF::order() - BigUint::one();
-        let neg_one_target = self.constant_biguint(&neg_one);
-        let neg_one_ff = self.biguint_to_nonnative(&neg_one_target);
+        let zero_target = self.constant_biguint(&BigUint::zero());
+        let zero_ff = self.biguint_to_nonnative(&zero_target);
 
-        self.mul_nonnative(&neg_one_ff, x)
+        self.sub_nonnative(&zero_ff, x)
     }
 
     pub fn inv_nonnative<FF: Field>(&mut self, x: &NonNativeTarget<FF>) -> NonNativeTarget<FF> {