From 86573fc65c83f905a817a90e43399d84f5aff7ac Mon Sep 17 00:00:00 2001
From: Nicholas Ward <npward@berkeley.edu>
Date: Tue, 9 Nov 2021 17:51:04 -0800
Subject: [PATCH] resolve

---
 src/curve/secp256k1.rs | 15 ++++++++++-
 src/gadgets/curve.rs   | 61 +++++++++++++++++++++++++++++-------------
 src/gadgets/mod.rs     |  2 +-
 3 files changed, 58 insertions(+), 20 deletions(-)

diff --git a/src/curve/secp256k1.rs b/src/curve/secp256k1.rs
index 2fa476e1..7102b5c9 100644
--- a/src/curve/secp256k1.rs
+++ b/src/curve/secp256k1.rs
@@ -41,11 +41,24 @@ const SECP256K1_GENERATOR_Y: Secp256K1Base = Secp256K1Base([
 mod tests {
     use num::BigUint;
 
-    use crate::curve::curve_types::{Curve, ProjectivePoint};
+    use crate::curve::curve_types::{AffinePoint, Curve, ProjectivePoint};
     use crate::curve::secp256k1::Secp256K1;
     use crate::field::field_types::Field;
     use crate::field::secp256k1_scalar::Secp256K1Scalar;
 
+    #[test]
+    fn test_generator() {
+        let g = Secp256K1::GENERATOR_AFFINE;
+        assert!(g.is_valid());
+
+        let neg_g = AffinePoint::<Secp256K1> {
+            x: g.x,
+            y: -g.y,
+            zero: g.zero,
+        };
+        assert!(neg_g.is_valid());
+    }
+
     /*#[test]
     fn test_double_affine() {
         for i in 0..100 {
diff --git a/src/gadgets/curve.rs b/src/gadgets/curve.rs
index 83f73a3f..2c617b20 100644
--- a/src/gadgets/curve.rs
+++ b/src/gadgets/curve.rs
@@ -52,22 +52,27 @@ impl<F: RichField + Extendable<D>, const D: usize> CircuitBuilder<F, D> {
         self.connect_nonnative(&y_squared, &rhs);
     }
 
-    pub fn curve_neg<C: Curve>(&mut self, p: AffinePointTarget<C>) {
-        let neg_y = self.neg_nonnative(p.y);
-        AffinePointTarget {
-            x: p.x,
-            y: neg_y,
-        }
+    pub fn curve_neg<C: Curve>(&mut self, p: AffinePointTarget<C>) -> AffinePointTarget<C> {
+        let neg_y = self.neg_nonnative(&p.y);
+        AffinePointTarget { x: p.x, y: neg_y }
     }
 }
 
 mod tests {
     use anyhow::Result;
 
-
+    use crate::curve::curve_types::{AffinePoint, Curve};
+    use crate::curve::secp256k1::Secp256K1;
+    use crate::field::crandall_field::CrandallField;
+    use crate::field::field_types::Field;
+    use crate::field::secp256k1_base::Secp256K1Base;
+    use crate::iop::witness::PartialWitness;
+    use crate::plonk::circuit_builder::CircuitBuilder;
+    use crate::plonk::circuit_data::CircuitConfig;
+    use crate::plonk::verifier::verify;
 
     #[test]
-    fn test_curve_gadget_is_valid() -> Result<()> {
+    fn test_curve_point_is_valid() -> Result<()> {
         type F = CrandallField;
         const D: usize = 4;
 
@@ -76,21 +81,41 @@ mod tests {
         let pw = PartialWitness::new();
         let mut builder = CircuitBuilder::<F, D>::new(config);
 
-        let 
+        let g = Secp256K1::GENERATOR_AFFINE;
+        let g_target = builder.constant_affine_point(g);
 
-        let lst: Vec<F> = (0..size * 2).map(|n| F::from_canonical_usize(n)).collect();
-        let a: Vec<Vec<Target>> = lst[..]
-            .chunks(2)
-            .map(|pair| vec![builder.constant(pair[0]), builder.constant(pair[1])])
-            .collect();
-        let mut b = a.clone();
-        b.shuffle(&mut thread_rng());
-
-        builder.assert_permutation(a, b);
+        builder.curve_assert_valid(g_target);
 
         let data = builder.build();
         let proof = data.prove(pw).unwrap();
 
         verify(proof, &data.verifier_only, &data.common)
     }
+
+    #[test]
+    #[should_panic]
+    fn test_curve_point_is_not_valid() {
+        type F = CrandallField;
+        const D: usize = 4;
+
+        let config = CircuitConfig::large_config();
+
+        let pw = PartialWitness::new();
+        let mut builder = CircuitBuilder::<F, D>::new(config);
+
+        let g = Secp256K1::GENERATOR_AFFINE;
+        let not_g = AffinePoint::<Secp256K1> {
+            x: g.x,
+            y: g.y + Secp256K1Base::ONE,
+            zero: g.zero,
+        };
+        let g_target = builder.constant_affine_point(not_g);
+
+        builder.curve_assert_valid(g_target);
+
+        let data = builder.build();
+        let proof = data.prove(pw).unwrap();
+
+        verify(proof, &data.verifier_only, &data.common).unwrap();
+    }
 }
diff --git a/src/gadgets/mod.rs b/src/gadgets/mod.rs
index 2518e1ab..09acb9de 100644
--- a/src/gadgets/mod.rs
+++ b/src/gadgets/mod.rs
@@ -2,6 +2,7 @@ pub mod arithmetic;
 pub mod arithmetic_extension;
 pub mod arithmetic_u32;
 pub mod biguint;
+pub mod curve;
 pub mod hash;
 pub mod insert;
 pub mod interpolation;
@@ -11,7 +12,6 @@ pub mod permutation;
 pub mod polynomial;
 pub mod random_access;
 pub mod range_check;
-pub mod curve;
 pub mod select;
 pub mod sorting;
 pub mod split_base;