refactor: add pk_generation circuit

[cedoor]

Re #1259

Summary by CodeRabbit

Release Notes

• New Features

  • Added public-key generation circuit support with CLI integration.
  • Added add_limb() and remove() methods for polynomial operations.

• Bug Fixes

  • Updated cryptographic bit parameters and bounds for PK generation to enhance security properties.

• Chores

  • Reorganized threshold circuit modules for improved API structure.
  • Updated import paths for internal consistency.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
crisp	Ready	Preview, Comment	Feb 5, 2026 6:44pm
enclave-docs	Ready	Preview, Comment	Feb 5, 2026 6:44pm

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR introduces a new PK generation circuit for threshold cryptography with full implementation support, updates import paths to conform to the new module structure, adds utility methods to polynomial types, and adjusts configuration constants for PK generation parameters.

Changes

Cohort / File(s)	Summary
PK Generation Circuit Core crates/zk-helpers/src/circuits/threshold/pk_generation/circuit.rs, crates/zk-helpers/src/circuits/threshold/pk_generation/computation.rs, crates/zk-helpers/src/circuits/threshold/pk_generation/codegen.rs, crates/zk-helpers/src/circuits/threshold/pk_generation/sample.rs, crates/zk-helpers/src/circuits/threshold/pk_generation/mod.rs	Introduces complete PK generation circuit implementation with circuit definition, witness computation (Bounds, Bits, Witness structures), TOML/config codegen, and sample generation utilities. Handles polynomial operations, bound calculations, and serialization.
Module Structure crates/zk-helpers/src/circuits/threshold/mod.rs, crates/zk-helpers/src/bin/zk_cli.rs	Adds pk_generation module to threshold circuits and registers PkGenerationCircuit in CLI registry. Removes user_data_encryption re-export, affecting public API surface.
Import Path Updates crates/bfv-client/src/client.rs, crates/zk-helpers/src/circuits/threshold/user_data_encryption/utils.rs, examples/CRISP/crates/zk-inputs/src/lib.rs	Updates UserDataEncryptionCircuitInput import paths from e3_zk_helpers::threshold::* to e3_zk_helpers::circuits::threshold::user_data_encryption::* to reflect new module organization.
Polynomial Utilities crates/polynomial/src/crt_polynomial.rs, crates/polynomial/src/polynomial.rs	Adds new public methods: CrtPolynomial::add_limb() for appending limbs and Polynomial::remove() for coefficient removal. Updates documentation for cyclotomic reduction.
Configuration Updates circuits/lib/src/configs/insecure/threshold.nr, circuits/lib/src/configs/secure/threshold.nr	Adjusts PK generation bit parameters (EEK 6→5, SK 2→1, R1/PK/R2 decreased by 1), updates E_SM bound values, and reorganizes bound/bit declarations for clarity.
Codegen Refactoring crates/zk-helpers/src/circuits/threshold/user_data_encryption/codegen.rs	Changes generate_configs() to source N and L from configs object instead of preset metadata, deprecating preset parameter usage in function body.

Sequence Diagram(s)

sequenceDiagram
    participant CLI as CLI/Main
    participant Circuit as PkGenerationCircuit
    participant Computation as Computation Layer
    participant Codegen as Codegen Layer
    participant Artifacts as Output Artifacts

    CLI->>Circuit: generate_sample(preset, committee)
    Circuit->>Computation: Witness::compute(preset, input)
    Computation->>Computation: Bounds::compute(preset, committee)
    Computation->>Computation: Bits::compute(bounds)
    Computation->>Computation: Witness::compute(preset, input)
    Computation-->>Circuit: PkGenerationComputationOutput
    
    CLI->>Codegen: codegen(preset, sample_input)
    Codegen->>Computation: Witness::compute()
    Computation-->>Codegen: witness
    Codegen->>Codegen: Configs::compute(preset, committee)
    Codegen->>Codegen: generate_toml(witness)
    Codegen->>Codegen: generate_configs(preset, configs)
    Codegen-->>Artifacts: Artifacts {toml, configs}
    Artifacts-->>CLI: Ready for proving

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• refactor: move pvss and pvss-cli as zk-helpers mods [skip-line-limit] #1258: Introduces Circuit/CircuitCodegen/CircuitComputation trait framework that this PR directly implements for PkGenerationCircuit.
• refactor: polynomial conversions [skip-line-limit] #1231: Modifies CrtPolynomial type and conversions that are now used throughout the new PK generation computation module.
• feat: zk-helpers crate [skip-line-limit] #1212: Establishes the zk-helpers crate structure upon which the PK generation circuit module is built.

Suggested reviewers

• 0xjei
• ctrlc03

Poem

🐰 A circuit for keys takes gentle care,
With witness and bounds floating through the air,
Polynomials dance in CRT regalia,
From sample to codegen—what a travalia! 🎪
The threshold is set, the PK is ready,
Our hopping review keeps all systems steady!

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'refactor: add pk_generation circuit' accurately summarizes the main change—adding a new PK generation circuit module with comprehensive infrastructure (computation, codegen, sample generation).
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch refactor/pk-generation

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🤖 Fix all issues with AI agents

In `@crates/polynomial/src/polynomial.rs`:
- Around line 307-310: The public method `Polynomial::remove` currently calls
`self.coefficients.remove(index)` which will panic on out-of-range indices;
change the API to perform a bounds-checked removal and return a safe result
(e.g., Option<Scalar> or Result<Scalar, RemoveError>) instead of panicking:
check `index < self.coefficients.len()` and if valid remove and return the
removed coefficient, otherwise return None or an appropriate Err; update the
`remove` method signature and any callers to handle the new return type and keep
the internal storage access via `self.coefficients` and the method name
`remove`.

In `@crates/zk-helpers/src/circuits/threshold/pk_generation/computation.rs`:
- Around line 260-390: The parallel map using par_bridge() produces results
out-of-order so the tuple index (i) must be used to restore limb order before
building CRTs; sort the collected results Vec by the first element (the index)
or place each tuple into a Vec sized to moduli and write by index, then iterate
in index order when calling r2.add_limb, r1.add_limb, pk_share.add_limb,
a.add_limb and e_sm.add_limb (refer to the local variable results and the loop
that currently uses (_i, r2i, r1i, pk_sharei, ai, e_smi)); this preserves the
correspondence between limbs and moduli and fixes the scrambled CRT assembly.

In `@crates/zk-helpers/src/circuits/threshold/pk_generation/sample.rs`:
- Around line 26-67: The three unwrap() calls in generate_sample
(build_pair_for_preset(...).unwrap(), CommonRandomPoly::new(...).unwrap(), and
PublicKeyShare::new_extended(...).unwrap()) must be changed to propagate errors
instead of panicking: use ? where the called function returns a compatible
Result, or use map_err/and_then to convert the external error into
CircuitsErrors and then ? it (e.g., handle build_pair_for_preset,
CommonRandomPoly::new, and PublicKeyShare::new_extended results and return
Err(CircuitsErrors::from(...)) or map_err(|e| CircuitsErrors::from(e)) as
needed) so generate_sample returns Err on failure rather than calling unwrap.