min and max operations for small field elements

[pmikolajczyk41]

Description

Note: This is the first PR porting ideas from my repo, as discussed with @Pratyush on Discord

Motivation

Sometimes in a circuit we have field elements with guaranteed value bounds. It turns out that many common arithmetic operations like min, max, abs_diff, comparisons or saturating subtraction can be done much more efficiently than for arbitrary values in general.

By using slack variables instead of direct bitwise comparison, we can reduce number of constraints and auxiliary variables to ~2 · BITS, where BITS is the binary logarithm of the value bound.

For a direct usage, please check our Arkworks circuits for image transformations in the VIMz project.

Technical details, correctness proof and benchmarks

Please check the README in https://github.com/pmikolajczyk41/arkworks-small-values-ops.

Why not UInt?

The first commit (reverted right away) on this PR's branch contains an adaptation of UInt::is_ge to this new technique. However, it is less efficient there: we have to do 4 bit decompositions (self, other, two slack variables), while the current version does 3. However, if we already start with FpVars with assumed/constrained bounds (as this PR suggests), we need only 2 bit decompositions (for slack variables).

Next steps

If maintainers agree, I'm happy to expand this API for other operations in the following PRs.

---

Before we can merge this PR, please make sure that all the following items have been
checked off. If any of the checklist items are not applicable, please leave them but
write a little note why.

• Targeted PR against correct branch (master)
• Linked to Github issue with discussion and accepted design OR have an explanation in the PR that describes this work.
• Wrote unit tests
• Updated relevant documentation in the code
• Added a relevant changelog entry to the Pending section in CHANGELOG.md
• Re-reviewed Files changed in the Github PR explorer