Tighten up overflow check in dot product

It turns out the original check was wrong estimating overflow conditions
private-attribution · Nov 8, 2024 · a0c6a78 · a0c6a78
1 parent de59194
commit a0c6a78
Showing 1 changed file with 4 additions and 5 deletions.
diff --git a/ipa-core/src/protocol/ipa_prf/malicious_security/lagrange.rs b/ipa-core/src/protocol/ipa_prf/malicious_security/lagrange.rs
@@ -163,12 +163,11 @@ where
 /// Computes the dot product of two arrays of the same size.
 /// It is isolated from Lagrange because there could be potential SIMD optimizations used
 fn dot_product<F: PrimeField, const N: usize>(a: &[F; N], b: &[F; N]) -> F {
-    // Staying in integers allows rustc to optimize this code properly
-    // with any reasonable N, we won't run into overflow with dot product.
-    // (N can be as large as 2^32 and still no chance of overflow for 61 bit prime fields)
+    // Staying in integers allows rustc to optimize this code properly, but puts a restriction
+    // on how large the prime field can be
     debug_assert!(
-        F::PRIME.into() < (1 << 64),
-        "The prime {} is too large for this dot product implementation",
+        2 * F::BITS + N.next_power_of_two().ilog2() <= 128,
+        "The prime field {} is too large for this dot product implementation",
         F::PRIME.into()
     );