Skip to content

refactor(ecc): soundness fix of wiring ecc evaluations to gkr-circuit#1300

Merged
kunxian-xia merged 3 commits intofeat/gkr_iop_modulefrom
feat/wiring_ecc
Apr 15, 2026
Merged

refactor(ecc): soundness fix of wiring ecc evaluations to gkr-circuit#1300
kunxian-xia merged 3 commits intofeat/gkr_iop_modulefrom
feat/wiring_ecc

Conversation

@hero78119
Copy link
Copy Markdown
Collaborator

@hero78119 hero78119 commented Apr 10, 2026
edited
Loading

Also related to #1294
A follow-up soundness PR after rotation-flow refactor, focused on ECC->GKR bridge wiring and selector semantics.

What changed (high level)

This PR hardens ECC bridge integration with GKR by making point-binding semantics explicit and consistent across:

  • CPU prover path
  • GPU prover path
  • native verifier path
  • recursion verifier path

It also tightens selector invariants in ShardRamCircuit and layer construction.

Proving-flow diagram (current)

create_chip_proof
  |
  +--> [optional] prove ECC quark
  |         - input: ec_point_exprs / ec_slope_exprs witnesses
  |         - output: ecc_proof { rt, evals, sum }
  |
  +--> build main witness (records / layers)
  |
  +--> prove tower relation
  |         - build tower witnesses (r/w/logup)
  |         - sumcheck tower
  |         - output: rt_tower, tower_proof, out_evals
  |
  +--> [optional] prove rotation
  |         - output: rotation_proof + rotation points
  |
  +--> prove main constraints (GKR)
  |         - initialize out_evals at rt_tower
  |         - wire rotation claims -> selector groups
  |         - wire ECC bridge claims (x/y/s) -> selector groups
  |         - run GKR prove
  |         - output: gkr_iop_proof + opening evals + input_opening_point
  |
  +--> PCS opening
  |
  '--> assemble ZKVMChipProof

### Next
- refactor `prove ECC quark` after `proving tower relation` which make thing much clear

@hero78119
fix(ecc-bridge): align point binding order and explicit selector groups
31c5440 
Use r as the first bound variable for x/y bridge points and as the last for slope points across CPU/GPU/verifier and recursion verifier.

Also enforce explicit ECC bridge selectors in layer construction and keep shard RAM ECC selectors as dedicated Whole selectors.
@hero78119
fix(shard-ram): wire ECC structural selectors and satisfy clippy
7720d94 
Require exact structural selector count for ShardRam (r,w,zero,ecc_x,ecc_y,ecc_s), assign ECC selector columns explicitly for all rows, and add the missing clippy allowance on MainSumcheckProver trait signature.
@hero78119 hero78119 requested a review from kunxian-xia April 10, 2026 06:38
@kunxian-xia
Copy link
Copy Markdown
Collaborator

kunxian-xia commented Apr 15, 2026

I plan to merge this first and then review them in #1299.

@hero78119
refactor(zkvm,gkr): dedup ECC proof preparation and simplify main-eva…
10256d3 
…l wiring (#1301)

Refactor proof wiring to remove duplicated ECC preparation logic and
simplify main-eval handling.
This change centralizes shared helper logic in `scheme/utils`, unifies
ECC prover inputs across CPU/GPU, and streamlines proof assembly order.
We also removes `n_instance` from GKR main-eval wiring so main
evaluations consistently use `witin + fixed + structural_witin`.

### change highlight
- dedup: move shared helpers (`extract_ecc_quark_witness_inputs`,
`derive_ecc_bridge_claims`, `split_rotation_evals`,
`assign_group_evals`) into common utils
- api cleanup: `EccQuarkProver::prove_ec_sum_quark` now takes `(cs,
input)` and returns `Option<EccQuarkProof>` (no ECC path -> `None`)
- prover flow cleanup: ECC witness extraction/prep removed from call
sites; ECC proving triggered via unified API
- ordering update: tower-related checks/wiring happen before ECC bridge
usage; verifier side aligns with this order
- gkr simplification: remove `n_instance` from layer/main-eval
accounting and related offsets/assertions
- net effect: less duplicated code, clearer ownership of ECC bridge
data, and simpler main witness/eval wiring

###
summary of proving flow (simplified ascii)

build_main_witness
  -> generate_tower_witness
  -> prove_tower_relation
  -> prove_ecc_quark (optional, if ecc ops exist)
  -> prove_rotation (optional)
-> prove_main_constraints (inject rotation/ecc bridge evals when
present)
  -> open_pcs
  -> assemble_chip_proof
@kunxian-xia kunxian-xia merged commit 14df956 into feat/gkr_iop_module Apr 15, 2026
4 checks passed
@kunxian-xia kunxian-xia deleted the feat/wiring_ecc branch April 15, 2026 01:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kunxian-xia kunxian-xia Awaiting requested review from kunxian-xia

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@hero78119 @kunxian-xia