From b1bbe30dac23187434e1ea6b0bc456c77b015ab4 Mon Sep 17 00:00:00 2001
From: Nicholas Ward <npward@berkeley.edu>
Date: Tue, 23 Nov 2021 18:16:38 -0800
Subject: [PATCH] Fixed tests -- thanks William!

---
 src/gadgets/curve.rs     | 54 ++++++++--------------------------------
 src/gadgets/nonnative.rs |  7 ++----
 2 files changed, 13 insertions(+), 48 deletions(-)

diff --git a/src/gadgets/curve.rs b/src/gadgets/curve.rs
index 37d99997..fe2e186a 100644
--- a/src/gadgets/curve.rs
+++ b/src/gadgets/curve.rs
@@ -1,4 +1,4 @@
-use crate::curve::curve_types::{AffinePoint, Curve};
+use crate::curve::curve_types::{AffinePoint, Curve, CurveScalar};
 use crate::field::extension_field::Extendable;
 use crate::field::field_types::{Field, RichField};
 use crate::gadgets::nonnative::NonNativeTarget;
@@ -157,41 +157,6 @@ impl<F: RichField + Extendable<D>, const D: usize> CircuitBuilder<F, D> {
         MulPrecomputationTarget { powers }
     }
 
-    /*fn to_digits<C: Curve>(&mut self, x: &NonNativeTarget<C::ScalarField>) -> Vec<NonNativeTarget<C::ScalarField>> {
-        debug_assert!(
-            64 % WINDOW_BITS == 0,
-            "For simplicity, only power-of-two window sizes are handled for now"
-        );
-
-        let base = self.constant_nonnative(C::ScalarField::from_canonical_u64(BASE as u64));
-
-        let num_digits = digits_per_scalar::<C>();
-        let mut digits = Vec::with_capacity(num_digits);
-
-        let (rest, limb) = self.div_rem_nonnative(&x, &base);
-        for _ in 0..num_digits {
-            digits.push(limb);
-
-            let (rest, limb) = self.div_rem_nonnative(&rest, &base);
-        }
-
-        digits
-    }
-
-    pub fn mul_with_precomputation<C: Curve>(
-        &mut self,
-        p: &AffinePointTarget<C>,
-        n: &NonNativeTarget<C::ScalarField>,
-        precomputation: MulPrecomputationTarget<C>,
-    ) -> AffinePointTarget<C> {
-        // Yao's method; see https://koclab.cs.ucsb.edu/teaching/ecc/eccPapers/Doche-ch09.pdf
-        let precomputed_powers = precomputation.powers;
-
-        let digits = self.to_digits(n);
-
-
-    }*/
-
     pub fn curve_scalar_mul<C: Curve>(
         &mut self,
         p: &AffinePointTarget<C>,
@@ -203,9 +168,12 @@ impl<F: RichField + Extendable<D>, const D: usize> CircuitBuilder<F, D> {
         let bits_as_base: Vec<NonNativeTarget<C::BaseField>> =
             bits.iter().map(|b| self.bool_to_nonnative(b)).collect();
 
-        // Result starts at p, which is later subtracted, because we don't support arithmetic with the zero point.
+        let rando = (CurveScalar(C::ScalarField::rand()) * C::GENERATOR_PROJECTIVE).to_affine();
+        let randot = self.constant_affine_point(rando);
+        // Result starts at `rando`, which is later subtracted, because we don't support arithmetic with the zero point.
         let mut result = self.add_virtual_affine_point_target();
-        self.connect_affine_point(p, &result);
+        self.connect_affine_point(&randot, &result);
+
         let mut two_i_times_p = self.add_virtual_affine_point_target();
         self.connect_affine_point(p, &two_i_times_p);
 
@@ -232,9 +200,9 @@ impl<F: RichField + Extendable<D>, const D: usize> CircuitBuilder<F, D> {
             two_i_times_p = self.curve_double(&two_i_times_p);
         }
 
-        // Subtract off result's intial value of p.
-        let neg_p = self.curve_neg(&p);
-        result = self.curve_add(&result, &neg_p);
+        // Subtract off result's intial value of `rando`.
+        let neg_r = self.curve_neg(&randot);
+        result = self.curve_add(&result, &neg_r);
 
         result
     }
@@ -394,9 +362,9 @@ mod tests {
         let g_target = builder.constant_affine_point(g);
         let five_target = builder.constant_nonnative(five);
         let five_g_actual = builder.curve_scalar_mul(&g_target, &five_target);
-        /*builder.curve_assert_valid(&five_g_actual);
+        builder.curve_assert_valid(&five_g_actual);
 
-        builder.connect_affine_point(&five_g_expected, &five_g_actual);*/
+        builder.connect_affine_point(&five_g_expected, &five_g_actual);
 
         let data = builder.build();
         let proof = data.prove(pw).unwrap();
diff --git a/src/gadgets/nonnative.rs b/src/gadgets/nonnative.rs
index b04b5c1f..9ee50f3a 100644
--- a/src/gadgets/nonnative.rs
+++ b/src/gadgets/nonnative.rs
@@ -10,6 +10,7 @@ use crate::iop::generator::{GeneratedValues, SimpleGenerator};
 use crate::iop::target::{BoolTarget, Target};
 use crate::iop::witness::{PartitionWitness, Witness};
 use crate::plonk::circuit_builder::CircuitBuilder;
+use crate::util::ceil_div_usize;
 
 #[derive(Clone, Debug)]
 pub struct NonNativeTarget<FF: Field> {
@@ -19,11 +20,7 @@ pub struct NonNativeTarget<FF: Field> {
 
 impl<F: RichField + Extendable<D>, const D: usize> CircuitBuilder<F, D> {
     fn num_nonnative_limbs<FF: Field>() -> usize {
-        let ff_size = FF::order();
-        let f_size = F::order();
-        let num_limbs = ((ff_size + f_size.clone() - BigUint::one()) / f_size).to_u32_digits()[0];
-
-        num_limbs as usize
+        ceil_div_usize(FF::BITS, 32)
     }
 
     pub fn biguint_to_nonnative<FF: Field>(&mut self, x: &BigUintTarget) -> NonNativeTarget<FF> {