feat(security): harden puzzle layer params (n=128, m=192)

[igor53627]

Summary

Increases Layer 4 puzzle parameters for stronger security:

• Secret dimension: n=48 → n=128
• Samples: m=72 → m=192
• Threshold: 300 → 800
• Search space: 3^48 (~2^76) → 3^128 (~2^203 brute-force)

Changes

• Updated contracts/TLOSWithPuzzleV5.sol and contracts/WeakLWEPuzzleV7.sol with new params
• Updated all example contracts (TLOSDeadManSwitch, TLOSRecovery, TLOSSealedAuction, TLOSTreasureHunt)
• Updated tests with int8[128] arrays and gas threshold assertions
• Updated documentation (AGENTS.md, README.md, docs/layers/layer4-puzzle/)
• Added build artifacts to .gitignore

Gas Impact

Puzzle verification: ~8.6M gas (14% of 60M block limit)

Testing

All 157 tests passing.

Closes #70

---

Note

Strengthens the planted LWE puzzle and aligns the codebase and docs with the new parameters and gas figures.

• Bumps Layer 4 puzzle to n=128, m=192, q=2039, threshold=800 with 3^128 brute-force floor; updates TLOSWithPuzzleV5 verification to load b as 192×u16 and adds a critical note that noise must be secret
• Changes public APIs to use int8[128] (revealWithPuzzle, checkWithPuzzle, _verifyPuzzle) and propagates across examples (TLOSDeadManSwitch, TLOSRecovery, TLOSSealedAuction, TLOSTreasureHunt)
• Updates WeakLWEPuzzleV7 to hardened params for gas testing only (deterministic noise warning) and adjusts block-based coefficient generation
• Refreshes docs (README.md, AGENTS.md, docs/layers/layer4-puzzle/) with σ=25 LWE, new puzzle params, and Tenderly gas: checkWithPuzzle() totals and puzzle verification ≈ 8.62M (14% of 60M)
• Adds ignore entries in .gitignore and regenerates build cache/artifacts (including IHoneypot metadata)

^{Written by Cursor Bugbot for commit 87082b9. Configure here.}

Summary by CodeRabbit

• Documentation

  • Updated security parameters and puzzle specifications across README, architecture guides, and configuration documentation.

• Refactor

  • Increased cryptographic puzzle complexity and adjusted security thresholds, resulting in higher computational requirements for verification and reduced overall security margin.

• Tests

  • Updated test cases and gas benchmarks to reflect new puzzle parameters and security estimates.

• Chores

  • Updated cache and build artifact metadata.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[changeset-bot]

⚠️ No Changeset found

Latest commit: 87082b9

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Walkthrough

This PR increases puzzle layer security by updating LWE parameters from n=48, m=72 to n=128, m=192, and threshold from 300 to 800. Function signatures accommodating puzzle solutions expand from int8[48] to int8[128]. Tests, documentation, and build artifacts are updated to reflect the larger dimensions and corresponding brute-force search space of 3^128.

Changes

Cohort / File(s)	Summary
Core Puzzle Contracts contracts/TLOSWithPuzzleV5.sol, contracts/WeakLWEPuzzleV7.sol	Updated LWE parameters (N_WEAK: 48→128, M_WEAK: 72→192, PUZZLE_THRESHOLD_SQ: 300→800); public function signatures widened to accept int8[128] solutions; loop logic generalized to use dynamic block counts instead of fixed 3 blocks.
Example Contracts examples/TLOSDeadManSwitch.sol, examples/TLOSRecovery.sol, examples/TLOSSealedAuction.sol, examples/TLOSTreasureHunt.sol	Constants and function signatures updated (N_WEAK, M_WEAK, PUZZLE_THRESHOLD_SQ); puzzle solution parameters expanded from int8[48] to int8[128]; internal block iteration logic generalized from fixed 3 to computed blocks; getPlantedSecret() return types expanded.
Documentation AGENTS.md, README.md, docs/layers/layer4-puzzle/README.md	Security parameters and descriptions updated: σ changed 8→25, brute-force floor changed from 2^76 to 3^128, puzzle complexity descriptions rewritten; gas cost figures and parameter tables recalculated to reflect new dimensions.
Trivial Comment Update examples/TLOSStopLoss.sol	Updated documentation comment referencing security floor from "2^76" to "3^128 brute-force search space"; no functional changes.
Test Suite test/PuzzleVariants.t.sol, test/TLOSDeadManSwitch.t.sol, test/TLOSRecovery.t.sol, test/TLOSSealedAuction.t.sol, test/TLOSTreasureHunt.t.sol, test/TLOSWithPuzzleV5.t.sol, test/TLOSWithPuzzleV5Harness.sol, test/WeakLWEPuzzleV7.t.sol	Test data structures, arrays, and helper functions updated to use int8[128] instead of int8[48]; loop bounds adjusted; gas assertions updated; test helper names/constants aligned with new dimensions (n=128, m=192).
Build Artifacts & Cache cache/solidity-files-cache.json, out/*.json, out/build-info/*.json	Solidity build cache and ABI artifacts regenerated; file entries updated to reflect contract versions (V4→V5, V6→V7); removed obsolete build-info entries; public function signatures in ABIs updated to reflect int8[128] parameter/return types.
Gitignore .gitignore	Added patterns: target/, out/, cache/, paper/*.aux, broadcast/ (some are duplicates of existing entries).

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~40 minutes

Possibly related PRs

• PR #11: Both PRs modify LWE/weak-puzzle parameterization (n, m, threshold constants) and update corresponding function signatures across puzzle contracts and tests at the code level.
• PR #64: Both PRs directly modify puzzle contract signatures (TLOSWithPuzzleV5, WeakLWEPuzzleV7) and verification/reveal function parameters (int8[48] → int8[128]).
• PR #40: Both PRs update example contracts (TLOSDeadManSwitch, TLOSSealedAuction, TLOSRecovery, TLOSTreasureHunt) with expanded puzzle solution signatures and verification logic.

Poem

🐰 The puzzle grows, from forty-eight to one-twenty-eight,
A lattice made much harder, more secure and great!
Three-to-the-one-twenty-eight, a brute-force floor so tall,
Our blocks now dance dynamically—no magic number's call! ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Out of Scope Changes check	❓ Inconclusive	Most changes align with puzzle parameter updates. However, .gitignore additions include duplicate entries (target/, out/, cache/, paper/*.aux already existed), and cache/solidity-files-cache.json appears to be a generated artifact that changed unexpectedly.	Verify that cache/solidity-files-cache.json changes are intentional build artifacts and clarify whether duplicate .gitignore entries should be removed or are necessary for documentation purposes.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title 'feat(security): harden puzzle layer params (n=128, m=192)' directly and specifically summarizes the main change: increasing puzzle security parameters from (n=48, m=72) to (n=128, m=192).
Linked Issues check	✅ Passed	The PR partially addresses issue #70 but with parameters exceeding the proposal: n=128, m=192 vs. proposed n=64, m=96. While the goal of hardening against BKW/lattice attacks is met with significantly increased security (3^128 vs. 3^64), the implementation diverges from the linked issue's specific recommendation.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 87082b97b9

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Update benchmark script for new puzzle array size

Because checkWithPuzzle now takes int8[128], running the documented forge script scripts/BenchmarkTLOS.s.sol (which is still hardcoded to int8[48], N_WEAK=48, M_WEAK=72) will fail to compile: the script passes a 48‑element plantedSecret into checkWithPuzzle/commit. This regression breaks the benchmark workflow unless the script’s puzzle parameters and array sizes are updated to 128/192 to match the new contract interface.

Useful? React with 👍 / 👎.

[coderabbitai]

Actionable comments posted: 5

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

README.md (1)

294-297: Inconsistent noise parameter in example.

The lattice-estimator CLI example uses "stddev":8.0 but the documentation elsewhere states σ=25 for the LWE layer. Consider updating this example to reflect the current production parameters.

Suggested fix

 lattice-estimator-cli 384 65521 \
     --s-dist '{"distribution":"uniform_mod"}' \
-    --e-dist '{"distribution":"discrete_gaussian","stddev":8.0}' \
+    --e-dist '{"distribution":"discrete_gaussian","stddev":25.0}' \
     --m 2560

examples/TLOSSealedAuction.sol (1)

169-175: Stale comment: puzzle solution array size should be 128, not 64.

The documentation comment references int8[64] but should be int8[128] to match the updated function signatures.

📝 Suggested fix

-    ///      int8[64] memory puzzleSolution = solvePlantedLWE(bidSeed); // Off-chain solver
+    ///      int8[128] memory puzzleSolution = solvePlantedLWE(bidSeed); // Off-chain solver

🤖 Fix all issues with AI agents

In @.gitignore:
- Around line 9-13: The .gitignore contains duplicate entries; remove the
repeated lines for "target/", "out/", "cache/", and "paper/*.aux" and retain
only the new "broadcast/" entry so the file no longer lists duplicates (ensure
the remaining .gitignore contains one entry per pattern and includes
"broadcast/").

In `@out/TLOSStopLoss.sol/TLOSStopLoss.json`:
- Line 1: Build artifacts under out/ (e.g.,
out/TLOSStopLoss.sol/TLOSStopLoss.json and out/Base.sol/CommonBase.json) are
still tracked despite .gitignore; remove them from git tracking and prevent
future commits by running git rm --cached <file> (or git rm -r --cached out/) to
untrack all artifacts, ensure the out/ pattern exists in .gitignore, commit the
removal with a clear message, and push the commit so subsequent builds are
ignored.

In `@out/TLOSStopLoss.t.sol/MockOracle.json`:
- Line 1: The out/ build artifact files (e.g., MockOracle.json) are still
tracked by git even though out/ is in .gitignore; stop tracking them by running
git rm --cached out/ -r to unstage and remove the tracked files from the index,
then commit the change (git commit -m "Remove generated out/ artifacts from
repo") so future builds like MockOracle.json are ignored; do not delete the
files locally so the artifacts remain for local use.

🧹 Nitpick comments (3)

test/WeakLWEPuzzleV7.t.sol (1)

8-15: Test correctly updated for expanded puzzle dimensions.

The gas test now uses int8[128] for the planted secret and the log message accurately reflects the new parameters (n=128, m=192). This provides useful gas benchmarking for the hardened puzzle.

Consider adding a gas threshold assertion to catch unexpected regressions, similar to other tests mentioned in the PR (which assert gas stays within expected bounds).

💡 Optional: Add gas threshold assertion

 function testGasV7() public {
     bytes32 x = keccak256("gas");
     int8[128] memory s = puzzle.getPlantedSecret(x);
     uint256 g = gasleft();
     (bool v,) = puzzle.verifyPuzzle(x, s);
-    console.log("V7 Gas (n=128, m=192):", g - gasleft());
+    uint256 gasUsed = g - gasleft();
+    console.log("V7 Gas (n=128, m=192):", gasUsed);
+    // Assert gas stays within expected bounds (~8.6M per PR documentation)
+    assertLt(gasUsed, 10_000_000, "Puzzle verification gas exceeded threshold");
     assertTrue(v);
 }

test/PuzzleVariants.t.sol (1)

69-76: Security level calculation is correct but could be clearer.

The brute-force calculation (128 * 1585) / 1000 ≈ 203 bits is mathematically sound. Consider adding a comment that 1585/1000 ≈ log₂(3) for clarity, though not required.

📝 Optional: Clarify the log₂(3) approximation

     function test_V7_SecurityLevel() public pure {
         // V7: 3^n brute-force search space = n * log2(3) ≈ n * 1.585 bits
         // For n=128: 128 * 1.585 ≈ 203 bits brute-force
         // Note: Lattice security TBD via estimator
         uint256 n = 128;
-        uint256 bruteForce_bits = (n * 1585) / 1000; // ~203 bits
+        uint256 bruteForce_bits = (n * 1585) / 1000; // log2(3) ≈ 1.585, so ~203 bits
         assert(bruteForce_bits >= 128);
     }

docs/layers/layer4-puzzle/README.md (1)

44-66: Code snippet is illustrative but differs from actual implementation.

The code snippet shows pseudocode (residual², mod q) rather than actual Solidity. This is acceptable for documentation purposes, but consider adding a note that this is simplified pseudocode, or updating to match the actual implementation more closely.

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 458ea84 and 87082b9.

📒 Files selected for processing (41)

• .gitignore
• AGENTS.md
• README.md
• cache/solidity-files-cache.json
• contracts/TLOSWithPuzzleV5.sol
• contracts/WeakLWEPuzzleV7.sol
• docs/layers/layer4-puzzle/README.md
• examples/TLOSDeadManSwitch.sol
• examples/TLOSRecovery.sol
• examples/TLOSSealedAuction.sol
• examples/TLOSStopLoss.sol
• examples/TLOSTreasureHunt.sol
• out/IHoneypot.sol/IHoneypot.json
• out/TLOSDeadManSwitch.sol/TLOSDeadManSwitch.json
• out/TLOSDeadManSwitch.t.sol/TLOSDeadManSwitchTest.json
• out/TLOSRecovery.sol/TLOSRecovery.json
• out/TLOSRecovery.t.sol/TLOSRecoveryTest.json
• out/TLOSSealedAuction.sol/TLOSSealedAuction.json
• out/TLOSSealedAuction.t.sol/TLOSSealedAuctionTest.json
• out/TLOSStopLoss.sol/IOracle.json
• out/TLOSStopLoss.sol/ITLOSCircuit.json
• out/TLOSStopLoss.sol/TLOSStopLoss.json
• out/TLOSStopLoss.t.sol/MockOracle.json
• out/TLOSStopLoss.t.sol/MockTLOSCircuit.json
• out/TLOSStopLoss.t.sol/TLOSStopLossTest.json
• out/TLOSTreasureHunt.sol/TLOSTreasureHunt.json
• out/TLOSTreasureHunt.t.sol/TLOSTreasureHuntTest.json
• out/WeakLWEPuzzleV7.sol/WeakLWEPuzzleV7.json
• out/WeakLWEPuzzleV7.t.sol/V7GasTest.json
• out/build-info/5f146a5d33a41b8e.json
• out/build-info/9163372221981f5a.json
• out/build-info/b32938c0fe325972.json
• out/build-info/d5624d0f4ad6ffe6.json
• test/PuzzleVariants.t.sol
• test/TLOSDeadManSwitch.t.sol
• test/TLOSRecovery.t.sol
• test/TLOSSealedAuction.t.sol
• test/TLOSTreasureHunt.t.sol
• test/TLOSWithPuzzleV5.t.sol
• test/TLOSWithPuzzleV5Harness.sol
• test/WeakLWEPuzzleV7.t.sol

💤 Files with no reviewable changes (4)

• out/build-info/9163372221981f5a.json
• out/build-info/5f146a5d33a41b8e.json
• out/build-info/d5624d0f4ad6ffe6.json
• out/build-info/b32938c0fe325972.json

🧰 Additional context used

📓 Path-based instructions (9)

**/*.sol

📄 CodeRabbit inference engine (AGENTS.md)

**/*.sol: Use Forge for building and testing Solidity contracts with commands: forge build for compilation and forge test for running tests
Solidity contracts must use seed-derived a vectors with 11 bytes per gate for storage optimization

Files:

• test/WeakLWEPuzzleV7.t.sol
• test/TLOSWithPuzzleV5Harness.sol
• test/TLOSSealedAuction.t.sol
• test/PuzzleVariants.t.sol
• contracts/WeakLWEPuzzleV7.sol
• test/TLOSDeadManSwitch.t.sol
• examples/TLOSTreasureHunt.sol
• test/TLOSTreasureHunt.t.sol
• examples/TLOSRecovery.sol
• examples/TLOSSealedAuction.sol
• test/TLOSRecovery.t.sol
• examples/TLOSDeadManSwitch.sol
• contracts/TLOSWithPuzzleV5.sol
• examples/TLOSStopLoss.sol
• test/TLOSWithPuzzleV5.t.sol

{**/*.sol,src/lwe.rs}

📄 CodeRabbit inference engine (AGENTS.md)

Production LWE layer must use parameters: n=384 dimension, σ=8 Gaussian noise, q=65521 modulus, achieving ~2^112 PQ security

Files:

• test/WeakLWEPuzzleV7.t.sol
• test/TLOSWithPuzzleV5Harness.sol
• test/TLOSSealedAuction.t.sol
• test/PuzzleVariants.t.sol
• contracts/WeakLWEPuzzleV7.sol
• test/TLOSDeadManSwitch.t.sol
• examples/TLOSTreasureHunt.sol
• test/TLOSTreasureHunt.t.sol
• examples/TLOSRecovery.sol
• examples/TLOSSealedAuction.sol
• test/TLOSRecovery.t.sol
• examples/TLOSDeadManSwitch.sol
• contracts/TLOSWithPuzzleV5.sol
• examples/TLOSStopLoss.sol
• test/TLOSWithPuzzleV5.t.sol

**/{WeakLWEPuzzleV7,*Puzzle*}.sol

📄 CodeRabbit inference engine (AGENTS.md)

Production Layer 4 puzzle (WeakLWEPuzzleV7) must use: n=48 secret dimension, m=72 samples, q=2039 modulus, error range {-2,-1,0,1,2}, threshold=300, ensuring 3^48 ≈ 2^76 search space

Files:

• test/WeakLWEPuzzleV7.t.sol
• test/TLOSWithPuzzleV5Harness.sol
• test/PuzzleVariants.t.sol
• contracts/WeakLWEPuzzleV7.sol
• contracts/TLOSWithPuzzleV5.sol
• test/TLOSWithPuzzleV5.t.sol

{**/*.sol,src/wire_binding.rs}

📄 CodeRabbit inference engine (AGENTS.md)

Layer 3 wire binding must implement full-rank 64x64 linear hash over Z_q for inter-gate algebraic consistency; do NOT claim collision resistance as the linear system is trivially solvable

Files:

• test/WeakLWEPuzzleV7.t.sol
• test/TLOSWithPuzzleV5Harness.sol
• test/TLOSSealedAuction.t.sol
• test/PuzzleVariants.t.sol
• contracts/WeakLWEPuzzleV7.sol
• test/TLOSDeadManSwitch.t.sol
• examples/TLOSTreasureHunt.sol
• test/TLOSTreasureHunt.t.sol
• examples/TLOSRecovery.sol
• examples/TLOSSealedAuction.sol
• test/TLOSRecovery.t.sol
• examples/TLOSDeadManSwitch.sol
• contracts/TLOSWithPuzzleV5.sol
• examples/TLOSStopLoss.sol
• test/TLOSWithPuzzleV5.t.sol

test/*.t.sol

📄 CodeRabbit inference engine (AGENTS.md)

Test contracts must include comprehensive layer-specific tests: production contract tests in TLOSWithPuzzleV5.t.sol (61 tests), isolated layer testing via TLOSWithPuzzleV5Harness.sol, and puzzle variant tests in PuzzleVariants.t.sol (12 tests covering V5/V6/V7)

Files:

• test/WeakLWEPuzzleV7.t.sol
• test/TLOSSealedAuction.t.sol
• test/PuzzleVariants.t.sol
• test/TLOSDeadManSwitch.t.sol
• test/TLOSTreasureHunt.t.sol
• test/TLOSRecovery.t.sol
• test/TLOSWithPuzzleV5.t.sol

contracts/WeakLWEPuzzle*.sol

📄 CodeRabbit inference engine (AGENTS.md)

Testing puzzle variants must include WeakLWEPuzzleV5 (n=32, 2^51 security), WeakLWEPuzzleV6 (n=24, 2^38 security), and WeakLWEPuzzleV7 (n=48, 2^76 security) for parameter validation

Files:

• contracts/WeakLWEPuzzleV7.sol

contracts/*.sol

📄 CodeRabbit inference engine (AGENTS.md)

contracts/*.sol: The Ethereum block gas limit is 60,000,000 gas (60M) as of 2024; TLOS gas usage ranges from 3.7M-17.2M (6-28% of block limit) with batch size of 128 gates and 5 binding updates for 640 gates
Hash-PoW layer must provide commit-time randomness bound with configurable difficulty and default enabled state for Layer 5 security

Files:

• contracts/WeakLWEPuzzleV7.sol
• contracts/TLOSWithPuzzleV5.sol

examples/**/*.sol

📄 CodeRabbit inference engine (AGENTS.md)

Demo/example contracts in examples/ directory are for educational purposes only and must not be used in production

Files:

• examples/TLOSTreasureHunt.sol
• examples/TLOSRecovery.sol
• examples/TLOSSealedAuction.sol
• examples/TLOSDeadManSwitch.sol
• examples/TLOSStopLoss.sol

docs/layers/**

📄 CodeRabbit inference engine (AGENTS.md)

Documentation must be organized per-layer in docs/layers/ directory for technical reference of each security layer

Files:

• docs/layers/layer4-puzzle/README.md

🧠 Learnings (17)

📓 Common learnings

Learnt from: igor53627
Repo: igor53627/tlos PR: 0
File: :0-0
Timestamp: 2026-01-15T08:50:51.160Z
Learning: Production Layer 4 puzzle (WeakLWEPuzzleV7) must use: n=64 secret dimension, m=96 samples, q=2039 modulus, error range {-2,-1,0,1,2}, threshold=400, ensuring 3^64 ≈ 2^101 search space, 2.30M gas (Tenderly, production-style).

Learnt from: igor53627
Repo: igor53627/tlos PR: 0
File: :0-0
Timestamp: 2026-01-15T08:50:51.160Z
Learning: Applies to contracts/*.sol : TLOS gas usage with n=384 ranges from 4,734,943-18,184,574 gas (7-30% of 60M block limit) for 64-640 gates based on Tenderly benchmarks; includes 2.30M puzzle verification.

Learnt from: igor53627
Repo: igor53627/tlos PR: 0
File: :0-0
Timestamp: 2026-01-15T08:50:51.160Z
Learning: Five-layer security model must be implemented in order: (1) Topology layer - structural mixing, (2) LWE layer - control function hiding, (3) Wire binding layer - algebraic binding, (4) Planted LWE puzzle - 2^101 search space, (5) Hash-PoW - commit-time randomness (default enabled).

Learnt from: CR
Repo: igor53627/tlos PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-01-13T11:05:17.527Z
Learning: Applies to test/*.t.sol : Test contracts must include comprehensive layer-specific tests: production contract tests in TLOSWithPuzzleV5.t.sol (61 tests), isolated layer testing via TLOSWithPuzzleV5Harness.sol, and puzzle variant tests in PuzzleVariants.t.sol (12 tests covering V5/V6/V7)

Learnt from: igor53627
Repo: igor53627/tlos PR: 0
File: :0-0
Timestamp: 2026-01-15T08:50:51.160Z
Learning: Production LWE layer must use parameters: n=384 dimension, σ=25 Gaussian noise, q=65521 modulus, achieving ~2^112 PQ security.

📚 Learning: 2026-01-15T08:50:51.160Z

Learnt from: igor53627
Repo: igor53627/tlos PR: 0
File: :0-0
Timestamp: 2026-01-15T08:50:51.160Z
Learning: Production Layer 4 puzzle (WeakLWEPuzzleV7) must use: n=64 secret dimension, m=96 samples, q=2039 modulus, error range {-2,-1,0,1,2}, threshold=400, ensuring 3^64 ≈ 2^101 search space, 2.30M gas (Tenderly, production-style).

Applied to files:

• test/WeakLWEPuzzleV7.t.sol
• test/TLOSWithPuzzleV5Harness.sol
• test/TLOSSealedAuction.t.sol
• README.md
• test/PuzzleVariants.t.sol
• out/WeakLWEPuzzleV7.sol/WeakLWEPuzzleV7.json
• contracts/WeakLWEPuzzleV7.sol
• test/TLOSDeadManSwitch.t.sol
• examples/TLOSTreasureHunt.sol
• AGENTS.md
• test/TLOSTreasureHunt.t.sol
• examples/TLOSRecovery.sol
• examples/TLOSSealedAuction.sol
• test/TLOSRecovery.t.sol
• examples/TLOSDeadManSwitch.sol
• out/TLOSTreasureHunt.sol/TLOSTreasureHunt.json
• contracts/TLOSWithPuzzleV5.sol
• examples/TLOSStopLoss.sol
• docs/layers/layer4-puzzle/README.md
• test/TLOSWithPuzzleV5.t.sol

📚 Learning: 2026-01-13T11:05:17.527Z

Learnt from: CR
Repo: igor53627/tlos PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-01-13T11:05:17.527Z
Learning: Applies to test/*.t.sol : Test contracts must include comprehensive layer-specific tests: production contract tests in TLOSWithPuzzleV5.t.sol (61 tests), isolated layer testing via TLOSWithPuzzleV5Harness.sol, and puzzle variant tests in PuzzleVariants.t.sol (12 tests covering V5/V6/V7)

Applied to files:

• test/WeakLWEPuzzleV7.t.sol
• test/TLOSWithPuzzleV5Harness.sol
• test/TLOSSealedAuction.t.sol
• out/TLOSStopLoss.t.sol/MockOracle.json
• README.md
• test/PuzzleVariants.t.sol
• out/WeakLWEPuzzleV7.sol/WeakLWEPuzzleV7.json
• contracts/WeakLWEPuzzleV7.sol
• test/TLOSDeadManSwitch.t.sol
• examples/TLOSTreasureHunt.sol
• out/TLOSRecovery.sol/TLOSRecovery.json
• AGENTS.md
• test/TLOSTreasureHunt.t.sol
• examples/TLOSRecovery.sol
• examples/TLOSSealedAuction.sol
• test/TLOSRecovery.t.sol
• examples/TLOSDeadManSwitch.sol
• out/TLOSTreasureHunt.sol/TLOSTreasureHunt.json
• contracts/TLOSWithPuzzleV5.sol
• cache/solidity-files-cache.json
• docs/layers/layer4-puzzle/README.md
• test/TLOSWithPuzzleV5.t.sol

📚 Learning: 2026-01-15T08:50:51.160Z

Learnt from: igor53627
Repo: igor53627/tlos PR: 0
File: :0-0
Timestamp: 2026-01-15T08:50:51.160Z
Learning: Applies to contracts/*.sol : TLOS gas usage with n=384 ranges from 4,734,943-18,184,574 gas (7-30% of 60M block limit) for 64-640 gates based on Tenderly benchmarks; includes 2.30M puzzle verification.

Applied to files:

• test/WeakLWEPuzzleV7.t.sol
• test/TLOSSealedAuction.t.sol
• README.md
• test/PuzzleVariants.t.sol
• contracts/WeakLWEPuzzleV7.sol
• test/TLOSDeadManSwitch.t.sol
• examples/TLOSTreasureHunt.sol
• AGENTS.md
• test/TLOSTreasureHunt.t.sol
• examples/TLOSRecovery.sol
• examples/TLOSSealedAuction.sol
• test/TLOSRecovery.t.sol
• out/TLOSStopLoss.sol/IOracle.json
• examples/TLOSDeadManSwitch.sol
• contracts/TLOSWithPuzzleV5.sol
• cache/solidity-files-cache.json
• docs/layers/layer4-puzzle/README.md
• test/TLOSWithPuzzleV5.t.sol

📚 Learning: 2026-01-15T08:50:51.160Z

Learnt from: igor53627
Repo: igor53627/tlos PR: 0
File: :0-0
Timestamp: 2026-01-15T08:50:51.160Z
Learning: Five-layer security model must be implemented in order: (1) Topology layer - structural mixing, (2) LWE layer - control function hiding, (3) Wire binding layer - algebraic binding, (4) Planted LWE puzzle - 2^101 search space, (5) Hash-PoW - commit-time randomness (default enabled).

Applied to files:

• README.md
• out/WeakLWEPuzzleV7.sol/WeakLWEPuzzleV7.json
• contracts/WeakLWEPuzzleV7.sol
• examples/TLOSTreasureHunt.sol
• AGENTS.md
• examples/TLOSSealedAuction.sol
• examples/TLOSDeadManSwitch.sol
• contracts/TLOSWithPuzzleV5.sol
• examples/TLOSStopLoss.sol
• docs/layers/layer4-puzzle/README.md
• test/TLOSWithPuzzleV5.t.sol

📚 Learning: 2026-01-15T08:50:51.160Z

Learnt from: igor53627
Repo: igor53627/tlos PR: 0
File: :0-0
Timestamp: 2026-01-15T08:50:51.160Z
Learning: Production LWE layer must use parameters: n=384 dimension, σ=25 Gaussian noise, q=65521 modulus, achieving ~2^112 PQ security.

Applied to files:

• README.md
• AGENTS.md
• contracts/TLOSWithPuzzleV5.sol
• docs/layers/layer4-puzzle/README.md

📚 Learning: 2026-01-13T11:05:17.527Z

Learnt from: CR
Repo: igor53627/tlos PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-01-13T11:05:17.527Z
Learning: Applies to {**/*.sol,src/wire_binding.rs} : Layer 3 wire binding must implement full-rank 64x64 linear hash over Z_q for inter-gate algebraic consistency; do NOT claim collision resistance as the linear system is trivially solvable

Applied to files:

• README.md
• AGENTS.md
• contracts/TLOSWithPuzzleV5.sol
• examples/TLOSStopLoss.sol

📚 Learning: 2026-01-13T11:05:17.527Z

Learnt from: CR
Repo: igor53627/tlos PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-01-13T11:05:17.527Z
Learning: Applies to contracts/*.sol : The Ethereum block gas limit is 60,000,000 gas (60M) as of 2024; TLOS gas usage ranges from 3.7M-17.2M (6-28% of block limit) with batch size of 128 gates and 5 binding updates for 640 gates

Applied to files:

• README.md
• AGENTS.md
• out/TLOSStopLoss.sol/IOracle.json
• docs/layers/layer4-puzzle/README.md

📚 Learning: 2026-01-13T11:05:17.527Z

Learnt from: CR
Repo: igor53627/tlos PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-01-13T11:05:17.527Z
Learning: Applies to contracts/*.sol : Hash-PoW layer must provide commit-time randomness bound with configurable difficulty and default enabled state for Layer 5 security

Applied to files:

• README.md
• contracts/WeakLWEPuzzleV7.sol
• examples/TLOSTreasureHunt.sol
• AGENTS.md
• examples/TLOSSealedAuction.sol
• examples/TLOSDeadManSwitch.sol
• contracts/TLOSWithPuzzleV5.sol
• out/IHoneypot.sol/IHoneypot.json

📚 Learning: 2026-01-13T11:05:17.527Z

Learnt from: CR
Repo: igor53627/tlos PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-01-13T11:05:17.527Z
Learning: Applies to src/*.rs : Rust implementation must have modular structure: circuit.rs for topology layer mixing, lwe.rs for LWE encryption, wire_binding.rs for algebraic binding, and generator.rs for deployment data generation

Applied to files:

• README.md
• AGENTS.md

📚 Learning: 2026-01-13T11:05:17.527Z

Learnt from: CR
Repo: igor53627/tlos PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-01-13T11:05:17.527Z
Learning: Applies to docs/layers/** : Documentation must be organized per-layer in docs/layers/ directory for technical reference of each security layer

Applied to files:

• README.md

📚 Learning: 2026-01-13T11:05:17.527Z

Learnt from: CR
Repo: igor53627/tlos PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-01-13T11:05:17.527Z
Learning: Applies to scripts/Benchmark*.s.sol : Benchmark scripts must use Tenderly RPC by sourcing `~/.zsh_secrets` and running: `forge script scripts/BenchmarkTLOS.s.sol --rpc-url "$TENDERLY_RPC" --broadcast --unlocked -vvv`

Applied to files:

• README.md

📚 Learning: 2026-01-13T11:05:17.527Z

Learnt from: CR
Repo: igor53627/tlos PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-01-13T11:05:17.527Z
Learning: Applies to examples/**/*.sol : Demo/example contracts in examples/ directory are for educational purposes only and must not be used in production

Applied to files:

• cache/solidity-files-cache.json

📚 Learning: 2026-01-13T11:05:17.527Z

Learnt from: CR
Repo: igor53627/tlos PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-01-13T11:05:17.527Z
Learning: Applies to **/*.sol : Use Forge for building and testing Solidity contracts with commands: `forge build` for compilation and `forge test` for running tests

Applied to files:

• cache/solidity-files-cache.json

📚 Learning: 2026-01-13T11:05:17.527Z

Learnt from: CR
Repo: igor53627/tlos PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-01-13T11:05:17.527Z
Learning: Applies to paper/*.tex : Build papers by running pdflatex twice for references and bibtex for citations; check for undefined citations with: `pdflatex <file>.tex 2>&1 | grep -i "undefined|Citation"`; if citations show as "[?]" verify refs.bib contains entry and re-run bibtex then pdflatex twice

Applied to files:

• .gitignore

📚 Learning: 2026-01-13T11:05:17.527Z

Learnt from: CR
Repo: igor53627/tlos PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-01-13T11:05:17.527Z
Learning: Applies to paper/** : DO NOT create markdown (.md) files for papers; use LaTeX only (tlos.tex for short papers, tlos-paper.tex for full papers)

Applied to files:

• .gitignore

📚 Learning: 2026-01-13T11:05:17.527Z

Learnt from: CR
Repo: igor53627/tlos PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-01-13T11:05:17.527Z
Learning: Applies to **/*.sol : Solidity contracts must use seed-derived a vectors with 11 bytes per gate for storage optimization

Applied to files:

• test/TLOSWithPuzzleV5.t.sol

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Cursor Bugbot

🔇 Additional comments (58)

out/IHoneypot.sol/IHoneypot.json (1)

1-1: No action needed—out/ is already properly configured in .gitignore and this file is not being modified in the current changeset.

The file appears in the review as part of existing repository history, not as a newly staged artifact. Since build artifacts are correctly excluded from version control via .gitignore, there is no risk of accidental re-commitment.

examples/TLOSStopLoss.sol (1)

81-81: Documentation update aligns with PR objectives.

The comment correctly reflects the increased puzzle parameters (3^128 brute-force search space) and honestly notes that lattice security analysis is pending. This is appropriate for a demo contract.

out/TLOSStopLoss.sol/IOracle.json (1)

1-1: Auto-generated artifact — no functional concerns.

This is a compilation artifact for the IOracle interface. The embedded documentation correctly reflects the updated puzzle parameters. Same gitignore concern applies as noted for other out/ artifacts.

out/WeakLWEPuzzleV7.sol/WeakLWEPuzzleV7.json (1)

1-1: ABI correctly reflects expanded puzzle dimensions (n=128).

The artifact shows int8[128] arrays for getPlantedSecret and verifyPuzzle, matching the PR's parameter changes. The embedded devdoc accurately documents "n=128, m=192, q=2039, threshold=800".

Note: The original issue #70 proposed n=64, but this PR implements n=128. Ensure this more aggressive hardening was intentionally chosen over the original proposal, considering the increased gas cost (~8.6M vs ~2.3M estimated for n=64).

AGENTS.md (2)

75-81: Layer 4 Puzzle Parameters table looks correct for the PR changes.

The table accurately reflects the hardened puzzle parameters:

• n=128, m=192, q=2039, threshold=800
• 3^128 brute-force search space with lattice security TBD
• 8.62M verification gas (14% of 60M block limit)

This table is consistent with the PR objectives and the build artifact ABIs reviewed earlier.

---

9-12: Internal documentation inconsistencies need resolution.

The five-layer security model description and repository structure sections are inconsistent with the Layer 4 Puzzle Parameters table:

Section	Parameter	Conflict
Line 11	"3^64 ≈ 2^101" and "2.30M gas"	Line 80-81 says "3^128" and "8.62M gas"
Line 35	"n=64, 2^101 security"	Line 75 says "n = 128"
Line 34	"puzzle n=64"	Line 75-80 shows n=128, m=192

These should all reflect the new parameters (n=128, m=192, threshold=800, 3^128 search space, ~8.6M gas).

📝 Suggested fixes for consistency

 Five-layer security model:
 1. **Topology layer** - structural mixing (heuristic)
 2. **LWE layer** - control function hiding via standard LWE with Gaussian noise (σ=25, n=384, ~2^112 PQ)
 3. **Wire binding layer** - full-rank linear hash for inter-gate consistency (algebraic binding, inspired by [MDS25])
-4. **Planted LWE puzzle** - forces minimum 3^64 ≈ 2^101 brute-force search space (2.30M gas (Tenderly))
+4. **Planted LWE puzzle** - forces minimum 3^128 ≈ 2^203 brute-force search space (8.62M gas (Tenderly))
 5. **Hash-PoW** - commit-time randomness bound (configurable difficulty; default enabled)

 - `contracts/` - Solidity contracts
-  - `TLOSWithPuzzleV5.sol` - Production: 5-layer TLOS (n=384, puzzle n=64)
-  - `WeakLWEPuzzleV7.sol` - Gas Testing: Hardened puzzle (n=64, 2^101 security, deterministic noise)
+  - `TLOSWithPuzzleV5.sol` - Production: 5-layer TLOS (n=384, puzzle n=128)
+  - `WeakLWEPuzzleV7.sol` - Gas Testing: Hardened puzzle (n=128, 2^203 brute-force, deterministic noise)

⛔ Skipped due to learnings

Learnt from: igor53627
Repo: igor53627/tlos PR: 0
File: :0-0
Timestamp: 2026-01-15T08:50:51.160Z
Learning: Production Layer 4 puzzle (WeakLWEPuzzleV7) must use: n=64 secret dimension, m=96 samples, q=2039 modulus, error range {-2,-1,0,1,2}, threshold=400, ensuring 3^64 ≈ 2^101 search space, 2.30M gas (Tenderly, production-style).

Learnt from: igor53627
Repo: igor53627/tlos PR: 0
File: :0-0
Timestamp: 2026-01-15T08:50:51.160Z
Learning: Five-layer security model must be implemented in order: (1) Topology layer - structural mixing, (2) LWE layer - control function hiding, (3) Wire binding layer - algebraic binding, (4) Planted LWE puzzle - 2^101 search space, (5) Hash-PoW - commit-time randomness (default enabled).

Learnt from: CR
Repo: igor53627/tlos PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-01-13T11:05:17.527Z
Learning: Applies to test/*.t.sol : Test contracts must include comprehensive layer-specific tests: production contract tests in TLOSWithPuzzleV5.t.sol (61 tests), isolated layer testing via TLOSWithPuzzleV5Harness.sol, and puzzle variant tests in PuzzleVariants.t.sol (12 tests covering V5/V6/V7)

Learnt from: igor53627
Repo: igor53627/tlos PR: 0
File: :0-0
Timestamp: 2026-01-15T08:50:51.160Z
Learning: Production LWE layer must use parameters: n=384 dimension, σ=25 Gaussian noise, q=65521 modulus, achieving ~2^112 PQ security.

Learnt from: igor53627
Repo: igor53627/tlos PR: 0
File: :0-0
Timestamp: 2026-01-15T08:50:51.160Z
Learning: Applies to contracts/*.sol : TLOS gas usage with n=384 ranges from 4,734,943-18,184,574 gas (7-30% of 60M block limit) for 64-640 gates based on Tenderly benchmarks; includes 2.30M puzzle verification.

Learnt from: CR
Repo: igor53627/tlos PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-01-13T11:05:17.527Z
Learning: Applies to contracts/*.sol : Hash-PoW layer must provide commit-time randomness bound with configurable difficulty and default enabled state for Layer 5 security

Learnt from: CR
Repo: igor53627/tlos PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-01-13T11:05:17.527Z
Learning: Applies to docs/layers/** : Documentation must be organized per-layer in docs/layers/ directory for technical reference of each security layer

Learnt from: CR
Repo: igor53627/tlos PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-01-13T11:05:17.527Z
Learning: Applies to {**/*.sol,src/wire_binding.rs} : Layer 3 wire binding must implement full-rank 64x64 linear hash over Z_q for inter-gate algebraic consistency; do NOT claim collision resistance as the linear system is trivially solvable

contracts/WeakLWEPuzzleV7.sol (3)

4-15: Parameter hardening looks correct, but coding guidelines need updating.

The new parameters (n=128, m=192, threshold=800) align with the PR objectives for Issue #70. The threshold comment correctly notes E[||e||²] ≈ 192 * 2 = 384, and the 800 threshold provides ~2x headroom for valid solutions.

However, the repository's coding guidelines still specify:

Production Layer 4 puzzle must use: n=48, m=72, threshold=300

Consider updating the coding guidelines to reflect these hardened parameters after this PR merges.

---

36-48: Dynamic block count calculation is correct.

The formula (N_WEAK + 15) / 16 correctly computes 8 blocks for n=128, ensuring all 128 secret elements are processed. The inner loop boundary check if (idx >= N_WEAK) break properly handles the exact 128 elements.

---

97-112: LGTM!

The getPlantedSecret function correctly mirrors the planted secret generation in verifyPuzzle, with the return type properly updated to int8[128].

README.md (2)

132-145: Documentation accurately reflects implementation.

The parameter table correctly documents n=128, m=192, threshold=800, and the 8.62M gas cost. The note about "lattice security TBD via estimator" appropriately acknowledges that while brute-force is 3^128, formal lattice analysis is pending.

---

61-78: Gas documentation is consistent with implementation.

The gas table correctly reflects the increased puzzle verification cost (~8.6M) included in the total gas figures.

out/TLOSRecovery.sol/TLOSRecovery.json (1)

1-1: Build artifact correctly reflects updated signatures.

The ABI shows the expanded int8[128] array sizes for checkRecovery, getPlantedSecret, and recover functions, consistent with the WeakLWEPuzzleV7 parameter changes.

cache/solidity-files-cache.json (1)

1-1: Build cache reflects successful compilation.

This auto-generated Forge cache file correctly tracks the updated source files and their compilation artifacts. No issues identified.

out/TLOSStopLoss.t.sol/MockTLOSCircuit.json (1)

1-1: Test mock artifact unchanged functionally.

The MockTLOSCircuit ABI remains unchanged (check, setResult, shouldReturn). The file was recompiled alongside other changes, updating only metadata/sourceMap. No issues.

contracts/TLOSWithPuzzleV5.sol (2)

235-254: Dynamic block calculation correctly handles expanded dimensions.

The block iteration logic (N_WEAK + 15) / 16 correctly computes the ceiling division, yielding 8 blocks for N_WEAK=128. This generalizes the previous fixed 3-block loop and will correctly handle any future parameter changes.

---

128-137: Commitment hash includes full 128-element puzzle solution.

The commitment in revealWithPuzzle correctly encodes the larger puzzle solution array, ensuring the binding between commit and reveal remains intact for the expanded parameter space.

examples/TLOSRecovery.sol (2)

22-25: Example contract parameters aligned with production.

The puzzle parameters in this educational example match the production contract (TLOSWithPuzzleV5.sol), ensuring consistency for developers learning from the examples. As per coding guidelines, this contract is for demonstration purposes only.

---

119-134: Planted secret generation uses correct 128-element array.

The int16[128] memory planted array and dynamic block iteration correctly handle the expanded puzzle dimensions. The on-the-fly derivation approach is appropriate for this educational example.

examples/TLOSSealedAuction.sol (2)

61-64: Puzzle parameters correctly updated for auction example.

Constants align with the production contract and other examples, maintaining consistency across the codebase.

---

408-437: Puzzle verification correctly implements expanded 128-dimension parameters.

The _verifyPuzzle function correctly handles the larger planted secret and solution arrays with dynamic block iteration.

out/TLOSTreasureHunt.sol/TLOSTreasureHunt.json (1)

1-1: Build artifact correctly reflects source code changes.

The ABI updates (getPlantedSecret returning int8[128], reveal accepting int8[128]) are consistent with the puzzle parameter expansion in the source contract. Since this is an example contract under examples/, the changes are appropriate for demonstrating the hardened puzzle parameters.

test/TLOSTreasureHunt.t.sol (3)

37-47: LGTM!

The puzzle solution array size correctly updated to int8[128] to match the contract's updated getPlantedSecret return type and reveal parameter.

---

93-108: LGTM!

The wrong solution test correctly updates both the array declaration and loop bound to 128 elements, ensuring full coverage of the expanded puzzle dimensions.

---

208-224: LGTM!

The gas measurement test with a 15M threshold provides adequate headroom above the reported ~8.6M actual usage while catching unexpected gas regressions. The assertion message correctly documents the n=128 puzzle context.

test/TLOSDeadManSwitch.t.sol (4)

99-108: LGTM!

The puzzle solution array correctly updated to int8[128] for the heir claim test.

---

155-173: LGTM!

The wrong puzzle test correctly initializes a 128-element array with non-zero values to test invalid solution rejection.

---

175-216: LGTM!

Multiple heir claim test correctly updates both solution arrays to int8[128], maintaining comprehensive coverage of the commit-reveal flow with expanded puzzle dimensions.

---

246-266: LGTM!

Gas measurement test correctly updated with the 128-element solution array and a consistent 15M gas threshold assertion matching other puzzle verification tests in the suite.

out/TLOSStopLoss.sol/ITLOSCircuit.json (1)

1-1: LGTM!

Build artifact metadata updated to reflect source compilation changes. The interface ABI remains unchanged (check(bytes32) -> bool).

test/TLOSWithPuzzleV5Harness.sol (1)

34-37: Test harness signature is correct and aligns with production implementation.

The test harness verifyPuzzlePublic uses int8[128] which correctly matches the actual WeakLWEPuzzleV7 production parameters (n=128, m=192, threshold=800) documented in AGENTS.md. The coding guidelines provided contain outdated puzzle parameters (n=48, m=72, threshold=300) that do not reflect the current implementation. No changes are required.

Likely an incorrect or invalid review comment.

test/TLOSSealedAuction.t.sol (1)

46-47: LGTM - Puzzle array sizes consistently updated.

All int8[48] arrays correctly updated to int8[128] across test cases, and the loop bound in testRevealBidWrongPuzzle (line 105) correctly iterates 128 times to match the new array size. The helper function _getPuzzleSolution return type is also properly updated.

Also applies to: 73-74, 95-96, 104-107, 117-118, 136-137, 165-166, 193-194, 233-234, 273-274, 301-302, 320-323

test/TLOSRecovery.t.sol (2)

28-28: LGTM - Puzzle arrays and iteration bounds correctly updated.

All puzzle solution arrays updated to int8[128], and loops correctly iterate 128 times. The deterministic test at lines 154-157 properly validates all 128 elements of the ternary secret.

Also applies to: 38-38, 48-51, 62-62, 69-70, 92-92, 103-103, 116-116, 133-133, 151-157

---

141-141: Gas threshold appropriately increased for larger puzzle.

The threshold increase from 2M to 10M gas aligns with the PR's documented ~8.6M gas for n=128 puzzle verification (~14% of 60M block limit).

test/PuzzleVariants.t.sol (3)

8-8: LGTM - Parameters correctly updated.

The contract documentation and constant assertions properly reflect the new production parameters: n=128, m=192, q=2039, threshold=800.

Also applies to: 18-25

---

27-36: LGTM - Test cases properly updated for 128-element arrays.

Planted secret validation, random secret rejection, all-zeros check, and non-ternary rejection tests all correctly use int8[128] arrays with appropriate helper functions.

Also applies to: 39-56

---

80-90: LGTM - Helper functions correctly updated.

Both _assertTernary128 and _randomTernary128 properly handle 128-element arrays with correct iteration bounds.

docs/layers/layer4-puzzle/README.md (3)

3-3: LGTM - Documentation accurately reflects new parameters.

The introduction and parameter table correctly document n=128, m=192, threshold=800, and the 3^128 brute-force search space. The hedging on lattice security ("TBD via estimator") is appropriately cautious.

Also applies to: 9-14

---

75-77: LGTM - Variant table correctly updated.

V7 row properly shows n=128, m=192, 3^128 brute-force, 8.62M gas, and Production status. The note about lattice security requiring estimator analysis is appropriately included.

---

81-84: LGTM - Attack economics appropriately updated.

The description correctly notes that 3^128 (~2^203 bits) brute-force is computationally infeasible and appropriately defers lattice attack claims to estimator analysis.

examples/TLOSDeadManSwitch.sol (6)

26-29: LGTM - Security model comment correctly updated.

The comment accurately describes the 3^128 brute-force search space and appropriately notes that lattice security is TBD and low-entropy codes remain dictionary-bound.

---

91-95: LGTM - Constants correctly updated.

N_WEAK=128, M_WEAK=192, and PUZZLE_THRESHOLD_SQ=800 match the production parameters defined in this PR.

---

291-296: LGTM - claim() signature correctly updated.

The puzzleSolution parameter correctly uses int8[128] calldata.

---

391-406: LGTM - getPlantedSecret() correctly generates 128-element secret.

The dynamic block calculation (N_WEAK + 15) / 16 = 8 correctly iterates to generate all 128 ternary secret elements. The inner loop properly breaks when idx >= N_WEAK.

---

421-422: LGTM - _verifyPuzzle() signature and planted array correctly updated.

The function signature uses int8[128] calldata and the internal planted array is correctly sized to int16[128]. Block iteration generates all 128 planted secret elements.

Also applies to: 436-451

---

455-490: LGTM - Verification loop correctly iterates over all samples.

The outer loop iterates M_WEAK=192 times for each sample row. The inner block loop correctly uses the dynamic blocks value to compute dot products for all 128 columns. Residual calculation and threshold check are unchanged and correct.

test/TLOSWithPuzzleV5.t.sol (8)

85-91: LGTM!

The _commitHash helper correctly updated to accept int8[128] memory solution.

---

111-122: LGTM!

The _powNonceFor helper correctly updated to accept int8[128] memory solution.

---

220-238: LGTM!

The single-bit-flip test correctly uses int8[128] memory flippedSecret and validates that even a single coordinate change exceeds the threshold.

---

777-788: LGTM!

The cross-layer test correctly iterates over N_WEAK elements to create a negated puzzle solution.

---

1027-1039: LGTM!

The _generatePlantedSecret helper correctly:

• Returns int8[128] memory secret
• Computes block count dynamically: (N_WEAK + 15) / 16 = 8 blocks for N_WEAK=128
• Includes boundary check if (idx >= N_WEAK) break to handle non-multiple-of-16 dimensions

---

1041-1076: LGTM!

The _generateBVector helper correctly:

• Accepts int8[128] memory secret
• Allocates M_WEAK * 2 = 384 bytes for 192 rows of uint16 values
• Uses dynamic block calculation for the dot product computation
• Includes proper boundary checks

---

956-967: LGTM!

The gas threshold of 12M provides reasonable headroom above the expected ~8.6M for puzzle verification with the new n=128, m=192 parameters.

---

21-25: Parameter mismatch with coding guidelines and learnings—requires clarification on intended security posture.

The implementation uses n=128, m=192, threshold=800, but this contradicts:

• Coding guidelines specifying n=48, m=72, threshold=300
• Learnings specifying n=64, m=96, threshold=400

The WeakLWEPuzzleV7 contract explicitly labels this n=128 variant as "Hardened" with 3^128 search space. Clarify whether this parameter escalation is an intentional security enhancement or an oversight, then update the coding guidelines to reflect the authoritative specification.

examples/TLOSTreasureHunt.sol (5)

54-57: LGTM!

Constants correctly updated to match the new puzzle parameters:

• N_WEAK = 128 (secret dimension)
• M_WEAK = 192 (samples)
• PUZZLE_THRESHOLD_SQ = 800 (calibrated threshold)

---

140-167: LGTM!

The reveal function correctly updated with int8[128] calldata puzzleSolution parameter. The commit hash encoding and puzzle verification calls properly handle the larger array.

---

214-229: LGTM!

The getPlantedSecret function correctly:

• Returns int8[128] memory secret
• Uses dynamic block calculation
• Includes boundary check for non-multiple-of-16 dimensions

---

248-324: LGTM!

The _verifyPuzzle function correctly implements the LWE verification for n=128, m=192:

• Ternary validation over all 128 elements
• Dynamic block calculation for planted secret and matrix multiplication
• Proper boundary checks with if (col >= N_WEAK) break
• Threshold comparison against PUZZLE_THRESHOLD_SQ = 800

---

20-23: Good documentation honesty.

The comment correctly:

• States the brute-force floor as 3^128
• Notes "Lattice security TBD via estimator" acknowledging that formal lattice security analysis is pending
• Clarifies that low-entropy secrets remain dictionary-bound without rate limits

This transparency about security claims is appropriate for an educational example.

_{✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.}

[igor53627]

@coderabbitai resolve

[coderabbitai]

✅ Actions performed

Comments resolved.