paritytech · davxy · Feb 19, 2026 · Feb 19, 2026 · Feb 19, 2026 · Feb 19, 2026
diff --git a/w3f-plonk-common/Cargo.toml b/w3f-plonk-common/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "w3f-plonk-common"
-version = "0.0.5"
+version = "0.0.6"
 edition = "2021"
 authors = ["Sergey Vasilyev <swasilyev@gmail.com>"]
 license = "MIT/Apache-2.0"

diff --git a/w3f-plonk-common/benches/SUMMARY.md b/w3f-plonk-common/benches/SUMMARY.md
@@ -10,51 +10,51 @@ Machine: AMD Ryzen Threadripper 3970X (64 logical cores), 62 GiB RAM, Arch Linux
 
 | Domain Size | Hiding    | Non-Hiding |
 |-------------|-----------|------------|
-| 512         | 884 us    | 865 us     |
-| 1024        | 1.90 ms   | 1.89 ms    |
-| 4096        | 8.79 ms   | 8.85 ms    |
-| 16384       | 44.2 ms   | 44.1 ms    |
+| 512         | 883 us    | 869 us     |
+| 1024        | 1.89 ms   | 1.89 ms    |
+| 4096        | 9.52 ms   | 9.71 ms    |
+| 16384       | 43.3 ms   | 45.3 ms    |
 
 Hiding vs non-hiding makes no measurable difference. Scales roughly linearly with domain size.
 
 ## Field Column Construction
 
 | Domain Size | private_column | public_column | shifted_4x |
 |-------------|----------------|---------------|------------|
-| 512         | 455 us         | 445 us        | 2.31 us    |
-| 1024        | 982 us         | 981 us        | 4.62 us    |
-| 4096        | 4.76 ms        | 4.68 ms       | 22.8 us    |
+| 512         | 419 us         | 418 us        | 2.14 us    |
+| 1024        | 1.02 ms        | 1.14 ms       | 4.29 us    |
+| 4096        | 4.45 ms        | 4.92 ms       | 18.7 us    |
 
-Column construction is dominated by FFT (interpolation + 4x evaluation). `shifted_4x` is a cheap rotate+copy.
+Column construction is dominated by FFT (interpolation + 4x evaluation). `shifted_4x` clones and rotates the 4x evaluations.
 
 ## Booleanity Gadget
 
 Constraint evaluation in 4x domain.
 
 | Domain Size | constraints |
 |-------------|-------------|
-| 512         | 45.1 us     |
-| 1024        | 90.9 us     |
-| 4096        | 384 us      |
+| 512         | 48.3 us     |
+| 1024        | 96.8 us     |
+| 4096        | 412 us      |
 
 Single constraint `b(1-b)`. Linear scaling.
 
 ## Inner Product Gadget
 
 | Domain Size | init    | constraints | constraints_linearized |
 |-------------|---------|-------------|------------------------|
-| 512         | 1.65 ms | 100 us      | 9.73 us                |
-| 1024        | 3.20 ms | 210 us      | 19.6 us                |
-| 4096        | 13.8 ms | 942 us      | 94.2 us                |
+| 512         | 1.36 ms | 108 us      | 10.2 us                |
+| 1024        | 2.98 ms | 223 us      | 20.9 us                |
+| 4096        | 14.2 ms | 922 us      | 81.8 us                |
 
 Init includes column construction (2 FFTs). Constraints are evaluated pointwise in 4x domain. Linearization is a single polynomial scalar multiplication.
 
 ## TE Conditional Addition Gadget
 
 | Domain Size | init     | constraints | constraints_linearized |
 |-------------|----------|-------------|------------------------|
-| 512         | 3.78 ms  | 857 us      | 75.9 us                |
-| 1024        | 8.03 ms  | 1.72 ms     | 162 us                 |
-| 4096        | 35.2 ms  | 13.9 ms     | 669 us                 |
+| 512         | 2.39 ms  | 913 us      | 81.1 us                |
+| 1024        | 5.20 ms  | 1.83 ms     | 160 us                 |
+| 4096        | 25.5 ms  | 11.3 ms     | 642 us                 |
 
-Init includes EC conditional additions (sequential scan) plus column construction. Constraint evaluation is the most expensive gadget due to the degree-4 EC addition formulas. Linearization remains cheap.
+Init includes EC conditional additions (batch-normalized) plus column construction. Constraint evaluation is the most expensive gadget due to the degree-4 EC addition formulas. Linearization remains cheap.
diff --git a/w3f-plonk-common/src/gadgets/ec/mod.rs b/w3f-plonk-common/src/gadgets/ec/mod.rs
@@ -73,17 +73,21 @@ where
         assert_eq!(bitmask.bits.len(), domain.capacity - 1);
         // assert_eq!(points.points.len(), domain.capacity - 1); //TODO
         let not_last = domain.not_last_row.clone();
-        let acc = bitmask
+        let mut projective_acc = seed.into_group();
+        let projective_points: Vec<_> = bitmask
             .bits
             .iter()
             .zip(points.points.iter())
-            .scan(seed, |acc, (&b, point)| {
+            .map(|(&b, point)| {
                 if b {
-                    *acc = (*acc + point).into_affine();
+                    projective_acc += point;
                 }
-                Some(*acc)
-            });
-        let acc: Vec<_> = ark_std::iter::once(seed).chain(acc).collect();
+                projective_acc
+            })
+            .collect();
+        let mut acc = Vec::with_capacity(projective_points.len() + 1);
+        acc.push(seed);
+        acc.extend(P::Group::normalize_batch(&projective_points));
         let init_plus_result = acc.last().unwrap();
         let result = init_plus_result.into_group() - seed.into_group();
         let result = result.into_affine();

diff --git a/w3f-ring-proof/Cargo.toml b/w3f-ring-proof/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "w3f-ring-proof"
-version = "0.0.5"
+version = "0.0.6"
 edition = "2021"
 authors = ["Sergey Vasilyev <swasilyev@gmail.com>"]
 license = "MIT/Apache-2.0"

diff --git a/w3f-ring-proof/benches/SUMMARY.md b/w3f-ring-proof/benches/SUMMARY.md
@@ -10,46 +10,46 @@ Machine: AMD Ryzen Threadripper 3970X (64 logical cores), 62 GiB RAM, Arch Linux
 
 | Domain Size | Time     |
 |-------------|----------|
-| 512         | 61.9 ms  |
-| 1024        | 86.1 ms  |
+| 512         | 49.7 ms  |
+| 1024        | 78.1 ms  |
 
 Includes KZG trusted setup (`3 * domain_size` degree) and domain/PIOP parameter construction.
 
 ## Indexing (Fixed Column Commitments)
 
 | Domain Size | Time     |
 |-------------|----------|
-| 512         | 48.0 ms  |
-| 1024        | 92.0 ms  |
+| 512         | 43.3 ms  |
+| 1024        | 73.8 ms  |
 
 Commits the ring key columns and selector polynomial using KZG. Full keyset (max capacity).
 
 ## Proving
 
 | Domain Size | Time      |
 |-------------|-----------|
-| 512         | 159 ms    |
-| 1024        | 289 ms    |
+| 512         | 158 ms    |
+| 1024        | 276 ms    |
 
 Single proof generation. Includes witness generation (conditional additions, inner product accumulation) and PLONK prover (constraint evaluation, quotient polynomial, KZG commitments and openings).
 
 ## Single Verification
 
 | Domain Size | Time     |
 |-------------|----------|
-| 512         | 3.63 ms  |
-| 1024        | 3.36 ms  |
+| 512         | 3.21 ms  |
+| 1024        | 3.08 ms  |
 
 Single proof verification. Dominated by pairing checks. Near-constant with domain size as the verifier works with evaluations, not full polynomials.
 
 ## Batch Verification (domain_size = 1024)
 
 | Batch Size | Sequential | KZG Accumulator | Speedup |
 |------------|------------|-----------------|---------|
-| 1          | 3.10 ms    | 3.10 ms         | 1.0x    |
-| 4          | 14.0 ms    | 5.29 ms         | 2.6x    |
-| 16         | 49.8 ms    | 11.3 ms         | 4.4x    |
-| 32         | 99.6 ms    | 19.8 ms         | 5.0x    |
+| 1          | 3.33 ms    | 3.08 ms         | 1.1x    |
+| 4          | 13.2 ms    | 5.64 ms         | 2.3x    |
+| 16         | 52.8 ms    | 12.0 ms         | 4.4x    |
+| 32         | 106 ms     | 19.8 ms         | 5.4x    |
 
 Sequential verification scales linearly (one pairing check per proof). KZG accumulator batches all pairing equations into a single check via MSM, giving sub-linear scaling.
 
@@ -59,4 +59,4 @@ Sequential verification scales linearly (one pairing check per proof). KZG accum
 |------------|---------|
 | Compressed | 592 bytes |
 
-Serialization time: ~771 ns.
+Serialization time: ~770 ns.