Research Validation — Leak Audit (second pass)

Document ID: gaiaftcl.research.leak_audit.v2

Purpose: Name every place L4–L6 success could be read as “we broke crypto” or “we earned BTC” when a higher layer was not checked.

Companion: QC21_QUANTUM_VM_VALIDATION_REVIEW.md, SHOR_ECDLP_RESEARCH_PAPER.md

Implemented (pass 2–3): gaiaftcl.qc_vm.validation.v3, L7 on-chain reward, L8 learning witness, STRICT_REWARD=1 / STRICT_LEARNING=1.

---

1. What “leak” means here

A leak is not a bug in SHA256 or Lean. It is a claim leak: export JSON, CI exit code, or paper prose allows a reader (or a future agent) to infer:

Leak type Example
Reward leak witnessOK: true on QC-020 without chain_accepted
Break leak ECDLP matrix passes on G / −G only → “secp256k1 broken”
Factorization leak Shor certifier tier 2/3 bundled with tier 1 → “factored 43-bit RSA”
Learning leak Ledger/reward green while V160 telemetry shows no shape persistence or Grover-bound iterations
Simulation leak Transfer receipt / fake txid / Kraken balance ignored (operator rules; out of scope for this file but same shape)
Registry leak Lean file labeled QC-006 while catalog is Deutsch–Jozsa (fixed in v2 registry)

Mitigation pattern: split mathLayerOK (algebra / ledger / substrate invoke) from rewardLayerOK (mainnet outcome), and document mathClaim / rewardClaim per registry row.

---

2. Findings (pass 2)

L-001 — QC-020 ledger vs mainnet (CRITICAL — you found this)

Layer Proves Does not prove
L4–L6 ledger Frozen rungs: digest < target for captured header/target Current network difficulty win
Gate 3 dual-gate Miner heartbeat (if payout TOML) submitblock accepted
L7 (zero-leak) QC020OnChainRewardEvidence.onChainRewardOK substrate chain_accepted + getblock/mempool block + confirmed sats at qc021_payout.toml

Fix in code: QC020OnChainRewardVerifier, M8QC020OnChainRewardEval, rewardClaim: pow_onchain_reward on QC-020.

---

L-002 — QC-001 Shor certifier tier 2/3 (HIGH)

ShorWitnessCertifier tier 2/3 rows use periods CRT-constructed from known (p,q). They validate witness arithmetic at scale; they are not “the cell factored N.”

Leak: tier23WitnessCertificationsAllOK() folded into single QC-001 witnessOK.

Fix: QC-001 mathLayerOK requires tier1 + ladder; tier23WitnessOK reported separately in swiftGateDetail. Paper already says this; matrix must match.

---

L-003 — QC-001-ECDLP structured seals (HIGH)

Neg-G / generator / constant-G rows prove lattice + d·G = Q on chosen pubkeys (including neg-G seal). They do not prove recovery of random 256-bit Q.

Leak: allWitnessOK on full matrix without claimScope per ECDLP instance.

Fix: ECDLP evaluation rows carry claimScope: structured_seal; paper §6 states “not in matrix: random pubkeys.”

---

L-007 — Wallet bit_size ≠ ECDLP oracle width (HIGH)

V215 bit_size{16, 32, 64, 128, 256} labels wallet composition cadence (seed width, scheme label). gaiaftcl shor break-classical always runs full secp256k1 via P256K from public_key_hex; wallet.bitSize is witness metadata only.

Leak: Prose that “operator bit-size selection binds the QC-001 ECDLP reduction surface” or “ECDLP at 16/32/64/128-bit shrunk curves.”

Fix: Wiki substrate-honest-disclosure.md + Research-Meaning forbid the composition; code path uses ShorECDLPChallenge.fromPublicQ / ShorECDLPSecp256k1.verifyFromQ with no bitSize branch.

---

L-008 — GroverN4 L6 seal ≠ L8 projectionNActive (HIGH)

GroverN4.lean / qc002GroverParity.searchSpaceN=4 is the L6 catalog kernel seal at the smallest decidable instance. Live miner runs Grover iteration law ⌈π√N/4⌉ at projectionNActive from qc020Learning (e.g. 9981 in frozen export).

Leak: Prose or export strings that “QC-002 = N=4 miner,” grover_bound=, or forbidden research phrases: *demo-only*, *nanny*, *guardrail pack*, *capped at*, *probe cap* (as limit).

Fix: Research-Meaning QC-002 two-surface table; BTCMiningCircuitNarrative step 03; QC002GroverParityWitness.claimScope=l6_catalog_seal_only; L8 detail uses grover_optimal=; JSON field groverOptimalLawOK; policy separates L6 seal from L8 projectionNActive.

---

L-004 — Decidable witness ≠ cryptanalysis (MEDIUM)

QC-002–005, 006–021 (finite instances) prove exact rational / decide mirrors of substrate oracles. L6 GroverN4 seal does not prove SHA256 preimage at mainnet scale.

Leak: Tier name production on QC-020 only; others renamed decidableWitness / substrateParity.

Status: Addressed in registry v2; prose must not say “21 algorithms break X.”

---

L-005 — substrateParity auto-pass (MEDIUM)

QC-006/007/008/010/021 once had witnessOK: true without Lean. Now have Lean gates; parity tier reserved for VM-only checks.

Residual leak: VM measure() can return CALORIE on decidable witnesses without external node — honest if labeled substrate invoke, not network.

---

L-006 — BTCPreimageLarge Lean CURE vs Swift CALORIE (MEDIUM)

Codegen Lean from qc020_difficulty_ledger can drift. Export skips non-CALORIE large Lean but Swift ledger still passes.

Leak: “Lean and Swift agree” when only Swift ran.

Fix: Export reports leanArtifactsDeferred; dataset allLeanGatesCalorie excludes codegen-large from required set.

---

L-007 — Demonstration wallet stdout (MEDIUM)

break-classical --wallet-id may emit TOML key after witnesses. That is locator, not ECDLP break evidence.

Fix: CLI help + paper §8.1; audit script checks dG_eq_Q on witness JSON, not stdout key.

---

L-008 — Learning / collapse not in validation export (HIGH — pass 3)

Grover-shaped advancement and non-destructive collapse are real in code (M8MeasurementState, V160/V170/V172) but were not exported in the QC matrix — readers could infer “early rewards” from ledger math alone.

Fix: QC020LearningWitness (telemetry, state_hash evolution, projection cells, Grover bound, V170/V172 counts) and QC002GroverParityWitness (N=4 sealed bound, same ⌈π√N/4⌉ law). Rows carry learningLayerOK; allLearningClaimsOK in validation.v3.

---

L-009 — Combined allWitnessOK in one JSON (LOW)

M8QC21ValidationEval exit 0 meant “all math gates green,” including QC-020 ledger.

Fix: v3 report: qaLayerClosed (claim hygiene) vs leakAuditPass (adds L7 reward).

---

3. Validation schema v2 (honest bundles)

Field Meaning
mathLayerOK Per-row algebra / ledger / substrate gate
rewardLayerOK null (N/A) or bool (QC-020 L7)
mathClaim / rewardClaim Registry claim ids (e.g. pow_ledger_rung, pow_chain_accepted)
allMathLayerOK All rows math OK
rewardLayerOK L7 on-chain (QC-020)
learningLayerOK L8 telemetry / Grover parity (QC-020, QC-002)
allRewardClaimsOK Every row with a reward claim has rewardLayerOK == true
allLearningClaimsOK Every row with learningLayerOK set must be true
qaLayerClosed L6+L8 + layer2 not_evaluated + forbidden pairs + honest L7 fields (no false reward OK)
leakAuditPass qaLayerClosed && allRewardClaimsOK (adds L7 on-chain)

CI default: M8QC21ValidationEval exits 0 on qaLayerClosed (claim leaks sealed; L7 may be pending).

Strict research export: STRICT_REWARD=1 requires leakAuditPass / allRewardClaimsOK.

---

4. Operator commands (closed loop)

# Math / ledger matrix (may pass without ever mining)
swift run M8QC21ValidationEval

# QC-020 on-chain proof only (exit 0 = mined reward visible on mainnet)
swift run M8QC020OnChainRewardEval

# Full honesty bundle
STRICT_REWARD=1 cells/xcode/scripts/export_quantum_vm_research.sh

# ECDLP + VM (math); add STRICT_REWARD for L7
swift run GaiaFTCLCLI shor break-classical --neg-generator-seal --full-research-out 2>/dev/null | tail -1

Economic confirmation (not automated in matrix):

bitcoin-cli getbalance
bitcoin-cli listunspent

---

5. Third-pass checklist (for reviewers)

Pass 4 — hunt remaining leaks

ID Hunt Tool Status
L-010 witnessOK in old JSON / papers read as “won BTC” leak_audit_pass.sh + v3 witnessOK=math only [x]
L-011 Dual-gate heartbeat passes without submitblock M8BTCPreimageLargeDualGate grep [x]
L-012 Kraken / transfer receipts vs getbalance operator rules; not in Swift matrix [x] N/A matrix
L-013 iterations_to_calorie vs mainnet difficulty conflated in prose paper §12 Grover separation [x]

Pass 5 — Layer-2 composition (while OO space is written)

ID Leak Mitigation
L-014 allMathLayerOK on 21 rows read as “composite solved X” layer2LeakHint + qaLayerClosed [x]
L-015 ECDLP + Grover + PoW witnesses bundled in one JSON export forbiddenPairs + wouldViolateForbiddenCompose [x]
L-016 Child learningLayerOK inherited by composite L9 compositionLayerOK not evaluated [x]
L-017 Support lemmas (VQC2, QUBO3) mistaken for catalog QC-* supportLeanArtifacts + export grep [x]
L-018 QFT→Shor stack claimed without QCCoupling*.lean plannedCouplings (no auto-pass) [x]
L-019 Composite reward without QC-020 L7 on composite payout L7 only on atomic QC-020 row [x]
L-020 Collapse discards V170 carry between composed legs L8 qc020Learning telemetry [x]

L9 (reserved): compositionLayerOK + Lean coupling seal — not evaluated until Layer-2 OO lands. Parent domain blocked until qaLayerClosed is true (enforced by leak_audit_pass.sh and M8QC21ValidationEval).

Pass 6 — QC-020 dual-path (OQ/PQ vs live window)

ID Leak Mitigation
L-022 bothPathsOK read as “won BTC” bothPathsOKNote disclaims chain_accepted / onChainRewardOK
L-023 HIST ledger pass read as live miner reward Separate claimScope: pow_ledger_oq_pq vs pow_live_miner_l7_l8; clockDecoupled flags
L-024 Global substrateComputeBackend: vqbit_metal applied to PoW QC-020 row substrateBackend: vqbit_cpu_projection + substrateComputeBackendNote
L-025 Bootstrap/classical paths mistaken for production substrate substrateBypassAudit in qc020_dual_path.v1; preflight blocks classical-placeholder

Tool: cells/xcode/scripts/audit_qc020_dual_path_leaks.py (also run from leak_audit_pass.sh and peer_review_research_dataset.sh).

computeQALayerClosed now requires QC020DualPathQualification.claimLeakClosed when validation.qc020DualPath is present.

---

*Synchronize when changing validation.v3, Layer-2 OO, or witness schemas. See QC_LAYER2_CIRCUIT_OO_SPACE.md, QC020_DUAL_PATH_QUALIFICATION.md.*

Federation cosignature: pending operator signing host (v26). Witness (sha256 of rendered body): c7490ac8717ca1102e0a493c9207ced548a2e85373f5553a4d422cbaab310d74. This page serves with a substrate-honest pending-signature notice until the operator's Franklin signer cosigns it.