feat: update secure parameter set [skip-line-limit]

[0xjei]

This PR updates the secure parameter set (3 mod now) + the benchmark repo & release artifacts.

Summary by CodeRabbit

• Chores
  • Updated cryptographic parameters for the secure_8192 configuration preset, including moduli, plaintext modulus, and variance adjustments.
  • Updated DKG (Distributed Key Generation) configuration constants for encryption and computation bit-widths and bounds.
  • Refreshed benchmark performance reports with updated circuit metrics and execution timings.
  • Updated enclave contract deployment parameters for parameter set initialization.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
crisp	Ready	Preview, Comment	Apr 15, 2026 2:48pm
enclave-docs	Ready	Preview, Comment	Apr 15, 2026 2:48pm

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR updates cryptographic configuration parameters and circuit benchmarks across the FHE system: modifies secure DKG constants (modulus, bit-widths, encryption bounds), updates secure_8192 FHE parameters (reducing parties from 100 to 7, adjusting moduli and plaintext modulus), and refreshes benchmark metrics.

Changes

Cohort / File(s)	Summary
DKG Configuration Updates circuits/lib/src/configs/secure/dkg.nr	Updated modulus-related globals (QIS, PLAINTEXT_MODULUS, Q_MOD_T, Q_MOD_T_CENTERED, PARITY_MATRIX); increased encryption/computation bit-width parameters (PK_BIT_PK, SHARE_COMPUTATION_*, SHARE_ENCRYPTION_*, SHARE_DECRYPTION_BIT_MSG); replaced encryption bound/parameter arrays (SHARE_ENCRYPTION_K0IS, *_BOUNDS, SHARE_ENCRYPTION_MSG_BOUND) with new values.
FHE Parameter Constants crates/fhe-params/src/constants.rs	Updated secure_8192 preset: reduced NUM_PARTIES from 100 to 7; replaced PLAINTEXT_MODULUS, MODULI arrays, and ERROR1_VARIANCE; adjusted search_defaults parameters (SEARCH_N, SEARCH_K, SEARCH_Z); lowered DEFAULT_SECURE_LAMBDA from 80 to 60.
Deployment Parameters packages/enclave-contracts/scripts/deployEnclave.ts	Updated BFV preset secure8192 parameters: changed plaintextModulus to 131072n, replaced moduli array with new 0x04-prefixed values, and updated error1Variance constant.
Benchmark Results circuits/benchmarks/results_secure/report.md	Refreshed benchmark metadata (generation timestamp, Git branch, commit) and replaced all DKG and Threshold circuit performance metrics and size/circuit-metric tables with new numeric results; updated timing and ACIR opcode counts throughout.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• #1306: Directly relates to the same secure DKG configuration globals that this PR modifies (PLAINTEXT_MODULUS, Q_MOD_T, PARITY_MATRIX, and SHARE_ENCRYPTION_* constants).
• #1284: Both PRs make overlapping edits to the same circuit configuration files (circuits/lib/src/configs/secure/dkg.nr) and update circuit benchmarking artifacts.
• #1504: Both PRs modify the same secure DKG config bit-width constants (e.g., SHARE_DECRYPTION_BIT_MSG).

Suggested reviewers

• hmzakhalid
• cedoor

Poem

🐰 Constants hop and bounds do dance,
New moduli take their cryptic stance—
From a hundred parties down to seven,
Parameters tweaked, FHE heaven! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'feat: update secure parameter set' accurately summarizes the main change—updating secure parameter set constants across multiple files (dkg.nr, constants.rs, deployEnclave.ts) and benchmarks.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch up/params

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

packages/enclave-contracts/scripts/deployEnclave.ts (1)

35-37: Consider adding a drift check for this duplicated secure tuple.

These values now have to stay aligned with crates/fhe-params/src/constants.rs and the circuit config changes in another language. A small parity test or generated artifact would make future parameter bumps much safer than relying on manual copy updates here.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/enclave-contracts/scripts/deployEnclave.ts` around lines 35 - 37,
The duplicated constants plaintextModulus, moduli and error1Variance must be
kept in sync with crates/fhe-params/src/constants.rs; add a small parity check
or generate these values from the authoritative source during CI/build by
implementing a script (e.g., a Node script or Rust helper) that
reads/crates/fhe-params/src/constants.rs (or its compiled artifact) and verifies
the values in packages/enclave-contracts/scripts/deployEnclave.ts match, failing
the build if they diverge; wire this check into the test/CI pipeline so future
parameter bumps are validated automatically.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@packages/enclave-contracts/scripts/deployEnclave.ts`:
- Around line 35-37: The duplicated constants plaintextModulus, moduli and
error1Variance must be kept in sync with crates/fhe-params/src/constants.rs; add
a small parity check or generate these values from the authoritative source
during CI/build by implementing a script (e.g., a Node script or Rust helper)
that reads/crates/fhe-params/src/constants.rs (or its compiled artifact) and
verifies the values in packages/enclave-contracts/scripts/deployEnclave.ts
match, failing the build if they diverge; wire this check into the test/CI
pipeline so future parameter bumps are validated automatically.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: ae580e97-39b1-4582-8cfb-03799626a7c8

📥 Commits

Reviewing files that changed from the base of the PR and between 6359bfd and 21a38e1.

⛔ Files ignored due to path filters (3)

• Cargo.lock is excluded by !**/*.lock
• examples/CRISP/Cargo.lock is excluded by !**/*.lock
• templates/default/Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (5)

• circuits/benchmarks/results_secure/report.md
• circuits/lib/src/configs/secure/dkg.nr
• circuits/lib/src/configs/secure/threshold.nr
• crates/fhe-params/src/constants.rs
• packages/enclave-contracts/scripts/deployEnclave.ts

[ctrlc03]

utACK