From 2fa9a10fdc0afb17a29d70462f3ef5ae972bea70 Mon Sep 17 00:00:00 2001 From: Rumata888 Date: Thu, 18 Jul 2024 16:59:26 +0000 Subject: [PATCH] Fix for informational issue (ZKS.12) Moduli With 249 Bits Or Less Are Not Supported --- .../src/barretenberg/stdlib/primitives/bigfield/bigfield.hpp | 3 +++ 1 file changed, 3 insertions(+) diff --git a/barretenberg/cpp/src/barretenberg/stdlib/primitives/bigfield/bigfield.hpp b/barretenberg/cpp/src/barretenberg/stdlib/primitives/bigfield/bigfield.hpp index 7bcecea626b3..bab6dbcfd7b8 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/primitives/bigfield/bigfield.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/primitives/bigfield/bigfield.hpp @@ -218,6 +218,9 @@ template class bigfield { static constexpr uint512_t modulus_u512 = uint512_t(modulus); static constexpr uint64_t NUM_LIMB_BITS = NUM_LIMB_BITS_IN_FIELD_SIMULATION; static constexpr uint64_t NUM_LAST_LIMB_BITS = modulus_u512.get_msb() + 1 - (NUM_LIMB_BITS * 3); + // The quotient reduction checks currently only support >=250 bit moduli and moduli >256 have never been tested + // (Check zkSecurity audit report issue #12 for explanation) + static_assert(modulus_u512.get_msb() + 1 >= 250 && modulus_u512.get_msb() + 1 <= 256); static constexpr uint1024_t DEFAULT_MAXIMUM_REMAINDER = (uint1024_t(1) << (NUM_LIMB_BITS * 3 + NUM_LAST_LIMB_BITS)) - uint1024_t(1); static constexpr uint256_t DEFAULT_MAXIMUM_LIMB = (uint256_t(1) << NUM_LIMB_BITS) - uint256_t(1);