refactor: move pvss and pvss-cli as zk-helpers mods [skip-line-limit]

[0xjei]

closes #1248

Summary by CodeRabbit

• New Features

  • Added new ZK CLI tool for generating zero-knowledge circuit artifacts, including Prover configuration and circuit configuration files.

• Chores

  • Removed PVSS CLI tool and associated crates from the workspace.
  • Reorganized circuit modules and code generation infrastructure across the codebase.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
crisp	Ready	Preview, Comment	Feb 3, 2026 11:57am
enclave-docs	Ready	Preview, Comment	Feb 3, 2026 11:57am

[coderabbitai]

Warning

Rate limit exceeded

@0xjei has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 1 minutes and 12 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📝 Walkthrough

Walkthrough

This PR migrates PVSS-specific functionality from dedicated pvss and pvss-cli crates into the zk-helpers framework. The refactor removes those crates from the workspace, reintroduces their modules (traits, types, utilities, circuits) as generalized ZK circuit infrastructure within zk-helpers, creates a new registry system for circuit metadata, and rewires the CLI tool accordingly.

Changes

Cohort / File(s)	Summary
Workspace and Manifest Cleanup Cargo.toml, crates/Dockerfile	Removed pvss and pvss-cli crate entries from workspace members; removed corresponding e3-pvss dependency; removed COPY commands for pvss Cargo.toml files from Dockerfile build context.
PVSS Crate Removal crates/pvss/Cargo.toml, crates/pvss-cli/Cargo.toml, crates/pvss/src/lib.rs, crates/pvss/src/circuits/mod.rs, crates/pvss/src/circuits/pk_bfv/mod.rs, crates/pvss/src/sample.rs, crates/pvss/src/traits.rs, crates/pvss/src/types.rs, crates/pvss/src/utils.rs	Complete deletion of pvss and pvss-cli crates, including all module definitions, trait abstractions (Computation, Circuit, CircuitCodegen, CircuitComputation, CircuitMetadata), type definitions (DkgInputType, CiphernodesCommitteeSize, SecurityLevel, Sample, Artifacts), and utility functions.
Nargo Package Update circuits/lib/Nargo.toml	Renamed package from pvss_lib to lib.
ZK-Helpers Dependencies and Binary Target crates/zk-helpers/Cargo.toml	Added workspace dependencies (anyhow, clap, e3-fhe-params, fhe-math, rand, rayon, serde, serde_json, tempfile) and pinned versions (toml 0.8.23, itertools 0.14.0); introduced new binary target zk_cli.
ZK-Helpers CLI Tool crates/zk-helpers/src/bin/zk_cli.rs	Rewired CLI from PVSS-focused to ZK-focused tooling; updated imports from e3_pvss to e3_zk_helpers; introduced dedicated parse_preset function for BfvPreset parsing; changed artifact generation to use Sample::generate and simplified artifact output.
ZK-Helpers Registry Module crates/zk-helpers/src/registry/mod.rs, crates/zk-helpers/src/registry/registry.rs	Introduced new registry infrastructure with public DkgInputType enum, Circuit and CircuitMetadata trait abstractions for circuit metadata management; added CircuitRegistry for registration and lookup.
ZK-Helpers Circuits Infrastructure crates/zk-helpers/src/circuits/mod.rs, crates/zk-helpers/src/circuits/codegen.rs, crates/zk-helpers/src/circuits/computation.rs, crates/zk-helpers/src/circuits/errors.rs, crates/zk-helpers/src/circuits/sample.rs	Created new modular circuits subsystem with artifact codegen, computation trait abstractions (Computation, CircuitComputation, ConvertToJson, ReduceToZkpModulus), renamed error type from CodegenError to CircuitsErrors, and introduced Sample struct with generate method.
ZK-Helpers PK-BFV Circuit crates/zk-helpers/src/circuits/pk_bfv/mod.rs, crates/zk-helpers/src/circuits/pk_bfv/circuit.rs, crates/zk-helpers/src/circuits/pk_bfv/codegen.rs, crates/zk-helpers/src/circuits/pk_bfv/computation.rs	Established public-key BFV circuit implementation with new input/output types (PkBfvCodegenInput, PkBfvComputationOutput), updated error handling to CircuitsErrors, and restructured artifact generation (removed template/wrapper, retained toml/configs).
ZK-Helpers Module and Utility Updates crates/zk-helpers/src/lib.rs, crates/zk-helpers/src/utils.rs	Replaced commitments module export with circuits and added registry module; added map_witness_2d_vector_to_json utility function for BigInt vector conversion.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

• feat: add pvss and pvss-cli rust crates with C0 [skip-line-limit] #1217: Removes the same pvss modules and symbols (traits, types, utils, sample, pk_bfv) that this PR reorganizes into zk-helpers, representing complementary crate restructuring.
• feat: zk-helpers crate [skip-line-limit] #1212: Adds a new zk-helpers crate that reintroduces circuits/pk_bfv, codegen, computation, and sample modules matching the functionality being migrated in this PR.
• refactor: polynomial conversions [skip-line-limit] #1231: Refactors polynomial types to CrtPolynomial and updates pk_bfv computation/codegen surfaces affected by the circuit module restructuring in this PR.

Suggested reviewers

• cedoor

Poem

🐰 From PVSS to circuits bright,
We hop the modules to new heights,
The traits now live in zk's embrace,
Registry guides each circuit's pace,
No more old names—just ZK grace! ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Linked Issues check	❓ Inconclusive	The PR achieves the core coding requirement from issue #1248: moving pvss and pvss-cli code into zk-helpers. However, it does not fully implement all architectural objectives like creating 'witness-generator' and 'circuit-registry' submodules as separate entities.	Clarify whether the current 'circuits' module structure satisfies the 'circuit-registry' requirement, or if further refactoring is needed to align with the intended three-submodule architecture.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'refactor: move pvss and pvss-cli as zk-helpers submodules' accurately describes the main objective of the changeset - migrating PVSS functionality into zk-helpers.
Out of Scope Changes check	✅ Passed	All changes focus on relocating PVSS/PVSS-CLI code and removing outdated PVSS terminology/types from crates. The package name change in circuits/lib/Nargo.toml (pvss_lib to lib) appears directly related to the refactoring scope.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch ref/eliminate-pvss

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@crates/zk-helpers/Cargo.toml`:
- Line 28: The Cargo.toml currently declares tempfile as a regular dependency
but it’s only used in test-only modules (seen in codegen.rs and
pk_bfv/codegen.rs); move the tempfile entry from the main [dependencies] section
into the [dev-dependencies] section of Cargo.toml so it’s only enabled for
tests.

🧹 Nitpick comments (3)

crates/zk-helpers/src/utils.rs (1)

160-160: Prefer &[Vec<BigInt>] over &Vec<Vec<BigInt>>.

Using a slice reference is more idiomatic in Rust and allows callers to pass both Vec and slices without explicit conversion.

♻️ Suggested change

-pub fn map_witness_2d_vector_to_json(values: &Vec<Vec<BigInt>>) -> Vec<serde_json::Value> {
+pub fn map_witness_2d_vector_to_json(values: &[Vec<BigInt>]) -> Vec<serde_json::Value> {

crates/zk-helpers/src/registry/registry.rs (1)

19-26: Consider adding common derives to DkgInputType.

Adding Debug, Copy, and PartialEq would improve usability for testing, logging, and comparisons.

♻️ Suggested change

-#[derive(Clone)]
+#[derive(Clone, Copy, Debug, PartialEq, Eq)]
 pub enum DkgInputType {

crates/zk-helpers/src/bin/zk_cli.rs (1)

100-113: Defer parameter/sample generation until circuit dispatch.

Avoids unnecessary work when the circuit is not implemented or future circuits use different parameter types.

♻️ Suggested refactor

-    let params = BfvParamSet::from(preset).build_arc();
-    let sample = Sample::generate(&params);
     let circuit_name = circuit_meta.name();
     let artifacts = match circuit_name {
         name if name == <PkBfvCircuit as Circuit>::NAME => {
             let circuit = PkBfvCircuit;
+            let params = BfvParamSet::from(preset).build_arc();
+            let sample = Sample::generate(&params);
             circuit.codegen(PkBfvCodegenInput {
                 preset,
                 public_key: sample.public_key,
             })?
         }

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@crates/zk-helpers/src/registry/registry.rs`:
- Around line 92-93: Update the doc comment for the struct CircuitRegistry to
remove the term "PVSS" (and any variant like "pvss") so it no longer references
PVSS terminology; find the docstring immediately above pub struct
CircuitRegistry and replace wording that says "Registry for PVSS circuits." with
a neutral description (e.g., "Registry for circuits." or "Registry for
threshold-recovery circuits.") that matches the new naming convention.

🧹 Nitpick comments (4)

crates/zk-helpers/src/circuits/sample.rs (2)

25-32: Consider using OsRng for cryptographic key generation.

The code uses thread_rng() for generating cryptographic keys. While thread_rng() is cryptographically secure, the codebase pattern in templates/default/program/src/lib.rs (lines 48-49) uses OsRng for SecretKey::random. For consistency and to source entropy directly from the OS for key material, consider switching to OsRng.

♻️ Suggested change

-use rand::thread_rng;
+use rand::rngs::OsRng;
 use std::sync::Arc;

 // ...

 pub fn generate(params: &Arc<BfvParameters>) -> Self {
-    let mut rng = thread_rng();
-
-    let secret_key = SecretKey::random(&params, &mut rng);
-    let public_key = PublicKey::new(&secret_key, &mut rng);
+    let secret_key = SecretKey::random(&params, &mut OsRng);
+    let public_key = PublicKey::new(&secret_key, &mut OsRng);

     Self { public_key }
 }

---

41-47: Test assertion accesses internal structure.

The assertion sample.public_key.c.c.len() == 2 accesses the internal c field structure of PublicKey. This creates coupling to the fhe library's internal representation. If this is intentional to validate the BFV public key structure (two polynomials), consider adding a brief comment explaining what's being verified.

crates/zk-helpers/src/utils.rs (1)

160-169: Prefer slice reference over &Vec.

The parameter type &Vec<Vec<BigInt>> can be simplified to &[Vec<BigInt>]. This is more idiomatic Rust and allows the function to accept both Vec references and slices.

♻️ Suggested change

-pub fn map_witness_2d_vector_to_json(values: &Vec<Vec<BigInt>>) -> Vec<serde_json::Value> {
+pub fn map_witness_2d_vector_to_json(values: &[Vec<BigInt>]) -> Vec<serde_json::Value> {
     values
         .iter()
         .map(|value| {
             serde_json::json!({
                 "coefficients": to_string_1d_vec(value)
             })
         })
         .collect()
 }

crates/zk-helpers/src/bin/zk_cli.rs (1)

104-113: Consider simplifying the match pattern.

The current match uses name if name == <PkBfvCircuit as Circuit>::NAME which is verbose. Since there's currently only one circuit, a simple string literal match would be cleaner. As more circuits are added, consider using a dispatch table or the registry itself for codegen dispatch.

♻️ Suggested simplification

     let artifacts = match circuit_name {
-        name if name == <PkBfvCircuit as Circuit>::NAME => {
+        "pk-bfv" => {
             let circuit = PkBfvCircuit;
             circuit.codegen(PkBfvCodegenInput {
                 preset,
                 public_key: sample.public_key,
             })?
         }
         name => return Err(anyhow!("circuit {} not yet implemented", name)),
     };

Alternatively, if the intent is to avoid hardcoding the string, the constant could be used directly in a cleaner way or the registry could be extended to dispatch codegen.

[cedoor]

LGTM