Fix for informational issue (ZKS.12) Moduli With 249 Bits Or Less Are…

… Not Supported
AztecProtocol · Oct 30, 2024 · 2fa9a10 · 2fa9a10
1 parent b6aef11
commit 2fa9a10
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/barretenberg/cpp/src/barretenberg/stdlib/primitives/bigfield/bigfield.hpp b/barretenberg/cpp/src/barretenberg/stdlib/primitives/bigfield/bigfield.hpp
@@ -218,6 +218,9 @@ template <typename Builder, typename T> class bigfield {
     static constexpr uint512_t modulus_u512 = uint512_t(modulus);
     static constexpr uint64_t NUM_LIMB_BITS = NUM_LIMB_BITS_IN_FIELD_SIMULATION;
     static constexpr uint64_t NUM_LAST_LIMB_BITS = modulus_u512.get_msb() + 1 - (NUM_LIMB_BITS * 3);
+    // The quotient reduction checks currently only support >=250 bit moduli and moduli >256 have never been tested
+    // (Check zkSecurity audit report issue #12 for explanation)
+    static_assert(modulus_u512.get_msb() + 1 >= 250 && modulus_u512.get_msb() + 1 <= 256);
     static constexpr uint1024_t DEFAULT_MAXIMUM_REMAINDER =
         (uint1024_t(1) << (NUM_LIMB_BITS * 3 + NUM_LAST_LIMB_BITS)) - uint1024_t(1);
     static constexpr uint256_t DEFAULT_MAXIMUM_LIMB = (uint256_t(1) << NUM_LIMB_BITS) - uint256_t(1);