feat: add share encryption [skip-line-limit]

crates/ciphernode-builder/Cargo.toml

@@ -22,5 +22,6 @@ e3-keyshare.workspace = true
 e3-multithread.workspace = true
 e3-request.workspace = true
 e3-sortition.workspace = true
+e3-trbfv.workspace = true
 e3-utils.workspace = true
 tracing.workspace = true

crates/ciphernode-builder/src/ciphernode_builder.rs

@@ -438,12 +438,14 @@ impl CiphernodeBuilder {
 
         if let Some(KeyshareKind::Threshold) = self.keyshare {
             let multithread = self.ensure_multithread();
+            let share_encryption_params = e3_trbfv::helpers::get_share_encryption_params();
             info!("Setting up ThresholdKeyshareExtension");
             e3_builder = e3_builder.with(ThresholdKeyshareExtension::create(
                 &bus,
                 &self.cipher,
                 &multithread,
                 &addr,
+                share_encryption_params,
             ))
         }
 

crates/events/Cargo.toml

@@ -18,6 +18,7 @@ bs58 = { workspace = true }
 chrono = { workspace = true }
 derivative = { workspace = true }
 futures-util = { workspace = true }
+hex = { workspace = true }
 once_cell = { workspace = true }
 rand = { workspace = true }
 serde = { workspace = true }

crates/events/src/enclave_event/encryption_key_collection_failed.rs

@@ -0,0 +1,24 @@
+// SPDX-License-Identifier: LGPL-3.0-only
+//
+// This file is provided WITHOUT ANY WARRANTY;
+// without even the implied warranty of MERCHANTABILITY
+// or FITNESS FOR A PARTICULAR PURPOSE.
+
+use crate::E3id;
+use actix::Message;
+use serde::{Deserialize, Serialize};
+use std::fmt::{self, Display};
+
+#[derive(Message, Clone, Debug, PartialEq, Eq, Hash, Serialize, Deserialize)]
+#[rtype(result = "()")]
+pub struct EncryptionKeyCollectionFailed {
+    pub e3_id: E3id,
+    pub reason: String,
+    pub missing_parties: Vec<u64>,
+}
+
+impl Display for EncryptionKeyCollectionFailed {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        write!(f, "{:?}", self)
+    }
+}

crates/events/src/enclave_event/encryption_key_created.rs

@@ -0,0 +1,37 @@
+// SPDX-License-Identifier: LGPL-3.0-only
+//
+// This file is provided WITHOUT ANY WARRANTY;
+// without even the implied warranty of MERCHANTABILITY
+// or FITNESS FOR A PARTICULAR PURPOSE.
+
+use crate::E3id;
+use actix::Message;
+use derivative::Derivative;
+use e3_utils::utility_types::ArcBytes;
+use serde::{Deserialize, Serialize};
+use std::{
+    fmt::{self, Display},
+    sync::Arc,
+};
+
+#[derive(Derivative, Clone, PartialEq, Eq, Hash, Serialize, Deserialize)]
+#[derivative(Debug)]
+pub struct EncryptionKey {
+    pub party_id: u64,
+    #[derivative(Debug(format_with = "e3_utils::formatters::hexf"))]
+    pub pk_bfv: ArcBytes,
+}
+
+#[derive(Message, Clone, Debug, PartialEq, Eq, Hash, Serialize, Deserialize)]
+#[rtype(result = "()")]
+pub struct EncryptionKeyCreated {
+    pub e3_id: E3id,
+    pub key: Arc<EncryptionKey>,
+    pub external: bool,
+}
+
+impl Display for EncryptionKeyCreated {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        write!(f, "{:?}", self)
+    }
+}

crates/events/src/enclave_event/mod.rs

@@ -19,6 +19,8 @@ mod die;
 mod e3_request_complete;
 mod e3_requested;
 mod enclave_error;
+mod encryption_key_collection_failed;
+mod encryption_key_created;
 mod keyshare_created;
 mod operator_activation_changed;
 mod plaintext_aggregated;
@@ -27,6 +29,7 @@ mod publickey_aggregated;
 mod publish_document;
 mod shutdown;
 mod test_event;
+mod threshold_share_collection_failed;
 mod threshold_share_created;
 mod ticket_balance_updated;
 mod ticket_generated;
@@ -47,6 +50,8 @@ pub use die::*;
 pub use e3_request_complete::*;
 pub use e3_requested::*;
 pub use enclave_error::*;
+pub use encryption_key_collection_failed::*;
+pub use encryption_key_created::*;
 pub use keyshare_created::*;
 pub use operator_activation_changed::*;
 pub use plaintext_aggregated::*;
@@ -56,6 +61,7 @@ pub use publish_document::*;
 pub use shutdown::*;
 use strum::IntoStaticStr;
 pub use test_event::*;
+pub use threshold_share_collection_failed::*;
 pub use threshold_share_created::*;
 pub use ticket_balance_updated::*;
 pub use ticket_generated::*;
@@ -112,6 +118,9 @@ pub enum EnclaveEventData {
     Shutdown(Shutdown),
     DocumentReceived(DocumentReceived),
     ThresholdShareCreated(ThresholdShareCreated),
+    EncryptionKeyCreated(EncryptionKeyCreated),
+    EncryptionKeyCollectionFailed(EncryptionKeyCollectionFailed),
+    ThresholdShareCollectionFailed(ThresholdShareCollectionFailed),
     /// This is a test event to use in testing
     TestEvent(TestEvent),
 }
@@ -291,6 +300,7 @@ impl<S: SeqState> EnclaveEvent<S> {
             EnclaveEventData::CommitteeFinalized(ref data) => Some(data.e3_id.clone()),
             EnclaveEventData::TicketGenerated(ref data) => Some(data.e3_id.clone()),
             EnclaveEventData::TicketSubmitted(ref data) => Some(data.e3_id.clone()),
+            EnclaveEventData::EncryptionKeyCreated(ref data) => Some(data.e3_id.clone()),
             _ => None,
         }
     }
@@ -322,7 +332,10 @@ impl_into_event_data!(
     Shutdown,
     TestEvent,
     DocumentReceived,
-    ThresholdShareCreated
+    ThresholdShareCreated,
+    EncryptionKeyCreated,
+    EncryptionKeyCollectionFailed,
+    ThresholdShareCollectionFailed
 );
 
 impl TryFrom<&EnclaveEvent<Sequenced>> for EnclaveError {

crates/events/src/enclave_event/publish_document/mod.rs

@@ -11,7 +11,7 @@ use std::fmt::{self, Display};
 use actix::Message;
 use chrono::{serde::ts_seconds, DateTime, Duration, Utc};
 use e3_utils::ArcBytes;
-use filter::Filter;
+pub use filter::Filter;
 use serde::{Deserialize, Serialize};
 use tracing::warn;
 

crates/events/src/enclave_event/threshold_share_collection_failed.rs

@@ -0,0 +1,24 @@
+// SPDX-License-Identifier: LGPL-3.0-only
+//
+// This file is provided WITHOUT ANY WARRANTY;
+// without even the implied warranty of MERCHANTABILITY
+// or FITNESS FOR A PARTICULAR PURPOSE.
+
+use crate::E3id;
+use actix::Message;
+use serde::{Deserialize, Serialize};
+use std::fmt::{self, Display};
+
+#[derive(Message, Clone, Debug, PartialEq, Eq, Hash, Serialize, Deserialize)]
+#[rtype(result = "()")]
+pub struct ThresholdShareCollectionFailed {
+    pub e3_id: E3id,
+    pub reason: String,
+    pub missing_parties: Vec<u64>,
+}
+
+impl Display for ThresholdShareCollectionFailed {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        write!(f, "{:?}", self)
+    }
+}

crates/events/src/enclave_event/threshold_share_created.rs

@@ -7,37 +7,62 @@
 use crate::E3id;
 use actix::Message;
 use derivative::Derivative;
-use e3_trbfv::shares::{PvwEncrypted, SharedSecret};
+use e3_trbfv::shares::BfvEncryptedShares;
 use e3_utils::utility_types::ArcBytes;
 use serde::{Deserialize, Serialize};
 use std::{
     fmt::{self, Display},
     sync::Arc,
 };
 
-/// Type Representing Pvw encrypted bytes
-pub type PvwBytes = Vec<u8>;
-
-/// PVW encrypted shares list for a party in the DKG
+/// BFV-encrypted shares list for a party in the DKG.
+///
+/// Each party broadcasts their encrypted shares to all other parties.
+/// Each recipient can only decrypt the share meant for them using their
+/// BFV secret key.
 #[derive(Derivative, Clone, PartialEq, Eq, Hash, Serialize, Deserialize)]
 #[derivative(Debug)]
 pub struct ThresholdShare {
-    /// The publishers party_id
+    /// The publisher's party_id
     pub party_id: u64,
-    /// The publishers public key share
+    /// The publisher's TrBFV public key share
     #[derivative(Debug(format_with = "e3_utils::formatters::hexf"))]
     pub pk_share: ArcBytes,
-    /// PVW encrypted sk_sss list with index determining party_id
-    pub sk_sss: PvwEncrypted<SharedSecret>,
-    /// PVW encrypted esi_sss list with index determining party_id
-    pub esi_sss: Vec<PvwEncrypted<SharedSecret>>,
+    /// BFV-encrypted sk_sss - each recipient can decrypt their share
+    pub sk_sss: BfvEncryptedShares,
+    /// BFV-encrypted esi_sss - one per secret key (sk), each recipient can decrypt their share
+    pub esi_sss: Vec<BfvEncryptedShares>,
+}
+
+impl ThresholdShare {
+    /// Extract only the shares meant for a specific party.
+    pub fn extract_for_party(&self, recipient_party_id: usize) -> Option<Self> {
+        let sk_sss = self.sk_sss.extract_for_party(recipient_party_id)?;
+        let esi_sss: Option<Vec<_>> = self
+            .esi_sss
+            .iter()
+            .map(|shares| shares.extract_for_party(recipient_party_id))
+            .collect();
+
+        esi_sss.map(|esi_sss| Self {
+            party_id: self.party_id,
+            pk_share: self.pk_share.clone(),
+            sk_sss,
+            esi_sss,
+        })
+    }
+
+    pub fn num_parties(&self) -> usize {
+        self.sk_sss.len()
+    }
 }
 
 #[derive(Message, Clone, Debug, PartialEq, Eq, Hash, Serialize, Deserialize)]
 #[rtype(result = "()")]
 pub struct ThresholdShareCreated {
     pub e3_id: E3id,
     pub share: Arc<ThresholdShare>,
+    pub target_party_id: u64,
     pub external: bool,
 }
 

crates/keyshare/Cargo.toml

@@ -20,6 +20,7 @@ e3-multithread = { workspace = true }
 e3-request = { workspace = true }
 e3-trbfv = { workspace = true }
 e3-utils = { workspace = true }
+fhe = { workspace = true }
 fhe-traits = { workspace = true }
 rand = { workspace = true }
 rand_chacha = { workspace = true }