fix: config circuit [skip-line-limit]

[0xjei]

This PR fixes the config circuit wrong esm and r1_bounds computations due to being not aligned with latest changes for the new parameter set (lambda = 60) and other fixes. Note that this does not change anything in terms of parameter generation or configs (just that the circuit was doing the wrong checks).

Summary by CodeRabbit

• Bug Fixes

  • Corrected verification parameter bounds formulas for threshold cryptographic configuration.
  • Adjusted parameter search configuration values for optimized threshold parameter selection.

• Documentation

  • Clarified share decryption bounds formula documentation for improved readability.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
crisp	Ready	Preview, Comment	Apr 27, 2026 11:41am
enclave-docs	Ready	Preview, Comment	Apr 27, 2026 11:41am

[coderabbitai]

📝 Walkthrough

Walkthrough

Updated threshold/BFV parameter-bound verification formulas in the configuration circuit, adjusted global search constants for parameter space exploration, and clarified documentation for the r_1j upper-bound calculation formula.

Changes

Cohort / File(s)	Summary
Threshold BFV Configuration Formulas circuits/bin/config/src/main.nr	Modified three parameter-bound verification formulas: verify_pk_generation_bounds changes numerator structure, verify_e_sm_bound reduces scaling factor from 2^80 to 2^60, and verify_share_decryption_bounds replaces the bounds computation formula.
Threshold Search Parameters circuits/lib/src/configs/secure/threshold.nr	Updated global constants: PARAMS_SEARCH_N reduced from 100 to 7, and PARAMS_SEARCH_Z increased from 100 to 1024.
Threshold Share Decryption Documentation crates/zk-helpers/src/circuits/threshold/share_decryption/computation.rs	Clarified inline documentation for the r_1j upper-bound formula with improved parenthesization.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~22 minutes

Possibly related PRs

• refactor: pk_generation circuit optimization #1353: Modifies the same r_1j upper-bound calculation formula in threshold share-decryption code.
• feat: add parity matrix to config circuit [skip-line-limit] #1342: Updates the same config circuit file with threshold/e_sm bound logic changes.
• fix: update q_mod_t references to centered [skip-line-limit] #1340: Overlaps with parameter-bound verification formula edits in circuits/bin/config/src/main.nr.

Suggested reviewers

• cedoor
• zahrajavar

Poem

🐰 Hop through the bounds with care and grace,
Formulas dancing in their rightful place,
From two-to-eighty down to sixty we go,
Parameters tuned with a cryptographic flow,
Thresholds verified with mathematical might!

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'fix: config circuit' clearly relates to the main change—correcting verification formulas and parameter search constants in the threshold BFV configuration circuit.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/configs-circuit

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

circuits/bin/config/src/main.nr (2)

343-344: ⚠️ Potential issue | 🟡 Minor

Stale docstring references "80-bit statistical security."

The summary on line 344 still mentions an 80-bit statistical security bound for e_sm, but the implementation in verify_e_sm_bound now uses 2^60 (lambda = 60). Please update the docstring to reflect the new security parameter.

📝 Proposed doc fix

-/// - Smudging noise e_sm (large bound for 80-bit statistical security)
+/// - Smudging noise e_sm (large bound for 60-bit statistical security)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@circuits/bin/config/src/main.nr` around lines 343 - 344, The docstring still
claims "80-bit statistical security" for the smudging noise bound e_sm but the
code in verify_e_sm_bound/variable e_sm uses lambda = 60 (2^60); update the
docstring to reflect the new security parameter (60-bit statistical security /
2^60 bound on e_sm) and any accompanying descriptive text so it matches the
implementation (reference verify_e_sm_bound and e_sm).

---

375-403: ⚠️ Potential issue | 🟡 Minor

Update docstring to match lambda = 60.

The docstring for verify_e_sm_bound is now inconsistent with the implementation:

• Line 379: lambda = 80 — should be lambda = 60.
• Line 381: The 2^80 factor provides 80 bits of statistical security — should reflect 2^60 and 60-bit statistical security.

Since this is the public-facing rationale for a security-critical bound, please ensure the docstring documents the current security level (and ideally why the parameter was reduced, if applicable, so reviewers don't reintroduce 2^80 by mistake).

📝 Proposed doc fix

 /// Verifies e_sm_bound (smudging noise bound).
 ///
 /// The smudging noise bound is critical for threshold decryption security.
 /// It's computed as: e_sm_bound = 2^lambda * N_CIPHERTEXTS * (b_fresh + Q_MOD_T)
-/// where b_fresh = N * e_norm + b_enc + N * b_e * sk_norm and lambda = 80.
+/// where b_fresh = N * e_norm + b_enc + N * b_e * sk_norm and lambda = 60.
 ///
-/// The 2^80 factor provides 80 bits of statistical security, ensuring that
+/// The 2^60 factor provides 60 bits of statistical security, ensuring that
 /// decryption shares don't leak secret key information.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@circuits/bin/config/src/main.nr` around lines 375 - 403, The docstring for
verify_e_sm_bound incorrectly states lambda = 80 and references 2^80 / 80-bit
security while the code uses 2^60; update the docstring to say lambda = 60 and
that the factor is 2^60 (60-bit statistical security), and optionally add a
brief note explaining why lambda was reduced (or point reviewers to the change)
to prevent accidental reversion to 2^80; ensure this change is made in the
function comment immediately above fn verify_e_sm_bound().

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In `@circuits/bin/config/src/main.nr`:
- Around line 343-344: The docstring still claims "80-bit statistical security"
for the smudging noise bound e_sm but the code in verify_e_sm_bound/variable
e_sm uses lambda = 60 (2^60); update the docstring to reflect the new security
parameter (60-bit statistical security / 2^60 bound on e_sm) and any
accompanying descriptive text so it matches the implementation (reference
verify_e_sm_bound and e_sm).
- Around line 375-403: The docstring for verify_e_sm_bound incorrectly states
lambda = 80 and references 2^80 / 80-bit security while the code uses 2^60;
update the docstring to say lambda = 60 and that the factor is 2^60 (60-bit
statistical security), and optionally add a brief note explaining why lambda was
reduced (or point reviewers to the change) to prevent accidental reversion to
2^80; ensure this change is made in the function comment immediately above fn
verify_e_sm_bound().

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 3076d126-c233-4c98-a1b4-e2b79f973221

📥 Commits

Reviewing files that changed from the base of the PR and between e651f30 and eca330d.

📒 Files selected for processing (3)

• circuits/bin/config/src/main.nr
• circuits/lib/src/configs/secure/threshold.nr
• crates/zk-helpers/src/circuits/threshold/share_decryption/computation.rs

[cedoor]

lgtm