feat: add sk_share and e_sm_share

[ctrlc03]

Add sk_share_computation and e_sm_share computation circuits into zk prover, as well as tests.

Summary by CodeRabbit

Release Notes

• New Features

  • Added support for two new zero-knowledge proof circuits for share computation, enabling proof generation for both secret key and smudging noise types.
  • Enhanced circuit selection logic to support multiple valid circuits per operation.

• Tests

  • Expanded end-to-end test coverage with commitment consistency tests for new share computation proof types.
  • Added test utilities for extracting field values from proof outputs.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
crisp	Ready	Preview, Comment	Feb 12, 2026 10:51am
enclave-docs	Ready	Preview, Comment	Feb 12, 2026 10:51am

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

The changes extend ZK proof circuit infrastructure to support distinct share computation circuits for different secret types (SecretKey and SmudgingNoise) by adding new CircuitName variants, implementing input-dependent circuit resolution via the Provable trait, updating witness serialization to include type metadata, and adding corresponding end-to-end tests.

Changes

Cohort / File(s)	Summary
Circuit Naming & Enumeration crates/events/src/enclave_event/proof.rs	Added two new CircuitName enum variants: SkShareComputation and ESmShareComputation. Updated as_str() and group() methods to handle new variants with "dkg" grouping. Minor doc comment adjustment for TrBFV key share proof.
DKG Input Type crates/zk-helpers/src/circuits/computation.rs	Added SmudgingNoise variant to DkgInputType enum. Derived Serialize and Deserialize traits for the enum to support type serialization.
Share Computation Witness crates/zk-helpers/src/circuits/dkg/share_computation/computation.rs	Added dkg_input_type field to Witness struct. Updated to_json() to emit type-specific JSON payloads: sk_secret for SecretKey and e_sm_secret for SmudgingNoise variants.
Share Computation Codegen crates/zk-helpers/src/circuits/dkg/share_computation/codegen.rs	Simplified generate_toml() function signature by removing dkg_input_type parameter. Now directly serializes witness via witness.to_json() without DKG-type-specific field injection.
Share Computation Circuit Implementation crates/zk-prover/src/circuits/dkg/share_computation.rs, crates/zk-prover/src/circuits/dkg/mod.rs	Implemented Provable trait for ShareComputationCircuit with resolve_circuit_name() method routing based on input DkgInputType. Added valid_circuits() method listing both circuit variants and updated circuit() method. Added module declaration for share_computation.
Provable Trait crates/zk-prover/src/traits.rs	Added resolve_circuit_name() and valid_circuits() methods to Provable trait for input-dependent circuit selection. Updated build_witness, prove, and verification paths to use resolve_circuit_name() for dynamic circuit name resolution instead of static circuit() calls.
Utility Functions crates/zk-prover/src/circuits/utils.rs, crates/zk-prover/tests/common/mod.rs	Added JSON string value handling in json_value_to_input_value(). Added field extraction helpers: FIELD_SIZE constant, extract_field(), and extract_field_from_end() functions for test signal parsing.
End-to-End Tests crates/zk-prover/tests/local_e2e_tests.rs	Added setup helpers for share computation test variants (setup_share_computation_sk_test, setup_share_computation_e_sm_test). Added commitment consistency tests. Refactored existing pk_generation tests to use extract_field_from_end() helper.

Sequence Diagram(s)

sequenceDiagram
    participant Input as CircuitInput<br/>(with DkgInputType)
    participant Circuit as ShareComputationCircuit<br/>(Provable)
    participant Resolver as resolve_circuit_name()
    participant CircuitEnum as CircuitName<br/>enum
    participant Validator as valid_circuits()
    participant Prover as Prover/<br/>Verification

    Input->>Circuit: build_witness(input)
    activate Circuit
    Circuit->>Resolver: resolve_circuit_name(&input)
    activate Resolver
    alt input.dkg_input_type == SecretKey
        Resolver->>CircuitEnum: SkShareComputation
    else input.dkg_input_type == SmudgingNoise
        Resolver->>CircuitEnum: ESmShareComputation
    end
    CircuitEnum-->>Resolver: resolved CircuitName
    Resolver-->>Circuit: CircuitName
    deactivate Resolver
    Circuit->>Prover: use resolved circuit name<br/>for dir_path, json_file
    deactivate Circuit
    
    Note over Validator: During verification
    Validator->>Circuit: valid_circuits()
    Circuit-->>Validator: [SkShareComputation,<br/>ESmShareComputation]
    Validator->>Prover: check proof.circuit<br/>in valid_circuits()

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• feat: add share-decryption circuit gen and refactoring [skip-line-limit] #1269: Directly modifies DKG share-computation codepaths, extends ShareComputationCircuit/Witness to handle secret vs. smudging-noise flows with DkgInputType variants and circuit naming.
• feat: add pk_trfv_generation_circuit to zk-prover #1281: Modifies the same CircuitName enum in proof.rs, adding/renaming circuit variants that affect circuit naming consistency.
• refactor: move pvss and pvss-cli as zk-helpers mods [skip-line-limit] #1258: Related modifications to zk-helpers circuit types and DkgInputType-based circuit selection for share-computation circuit name resolution.

Suggested reviewers

• 0xjei
• cedoor
• hmzakhalid

Poem

🐰 With circuits split by secret types,
SkShare and ESmShare take flight,
resolve_circuit_name hops true,
Each input finds its path anew,
The prover dances left and right! 🎪

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 38.71% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main objective of the pull request by highlighting the addition of two new computation circuits (sk_share and e_sm_share) to the ZK prover.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feat/proof-1b

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cedoor]

LGTM, added @0xjei as a reviewer to check the dkg_input_type part

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

crates/zk-prover/tests/local_e2e_tests.rs (1)

273-276: ⚠️ Potential issue | 🟡 Minor

Add share computation circuits to e2e_proof_tests! macro.

The new setup_share_computation_sk_test and setup_share_computation_e_sm_test helpers are structurally compatible with the macro and their fixture files (.json and .vk) already exist. The current commitment consistency tests only verify mathematical correctness; adding these entries to the macro ensures cryptographic proof verification (circuit.verify()) is tested:

 e2e_proof_tests! {
     (pk_generation, setup_pk_generation_test()),
     (pk_bfv, setup_pk_bfv_test()),
+    (share_computation_sk, setup_share_computation_sk_test()),
+    (share_computation_e_sm, setup_share_computation_e_sm_test()),
 }

🤖 Fix all issues with AI agents

In `@crates/zk-prover/src/circuits/utils.rs`:
- Around line 11-14: Remove the three unused imports CrtPolynomial, Polynomial,
and BigInt from the top of utils.rs and keep only AcirField (so try_from_str
stays in scope); specifically edit the use statements to delete references to
CrtPolynomial, Polynomial, and BigInt so that only use acvm::AcirField; (and
retain any other truly used imports like InputValue/InputMap) to eliminate the
unused-import warnings.

🧹 Nitpick comments (4)

crates/zk-prover/tests/common/mod.rs (1)

20-28: No bounds/alignment validation on signals slice.

Both helpers will panic on out-of-bounds access or if signals.len() is not a multiple of FIELD_SIZE. For test-only code this is acceptable, but extract_field_from_end silently ignores trailing bytes when signals.len() % FIELD_SIZE != 0, which could mask a test bug if public signals are ever malformed.

Consider adding a debug assertion:

🛡️ Optional: guard against misaligned signals

 pub fn extract_field_from_end(signals: &[u8], from_end: usize) -> BigInt {
+    debug_assert_eq!(
+        signals.len() % FIELD_SIZE, 0,
+        "signals length {} is not a multiple of FIELD_SIZE {}",
+        signals.len(), FIELD_SIZE
+    );
     let total_fields = signals.len() / FIELD_SIZE;
     extract_field(signals, total_fields - 1 - from_end)
 }

crates/zk-helpers/src/circuits/dkg/share_computation/computation.rs (1)

246-246: Unnecessary .clone() on a Copy type.

DkgInputType derives Copy, so .clone() is redundant. You can just write input.dkg_input_type.

crates/zk-helpers/src/bin/zk_cli.rs (1)

258-258: Unnecessary .clone() on a Copy type.

DkgInputType derives Copy; .clone() can be dropped here (same nit as in computation.rs).

crates/zk-helpers/src/circuits/dkg/share_computation/codegen.rs (1)

128-190: Test only covers SecretKey TOML variant; consider adding a SmudgingNoise case.

The test verifies that "sk_secret" appears in the generated TOML, but there's no corresponding test for SmudgingNoise that would assert "e_sm_secret" is present. Since the to_json branching is a key part of this PR, a parallel test would increase confidence.

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

crates/zk-prover/tests/local_e2e_tests.rs (1)

273-276: ⚠️ Potential issue | 🟡 Minor

Share-computation circuits are not covered by the e2e_proof_tests! macro.

The SK and ESM share-computation setup helpers exist but are only used in commitment-consistency tests, which call prove() but never verify(). The macro-generated tests exercise both prove and verify. Was this intentional (e.g., fixture VKs not yet available), or should these be added?

e2e_proof_tests! {
    (pk_generation, setup_pk_generation_test()),
    (pk_bfv, setup_pk_bfv_test()),
+   (share_computation_sk, setup_share_computation_sk_test()),
+   (share_computation_e_sm, setup_share_computation_e_sm_test()),
}

🧹 Nitpick comments (3)

crates/zk-helpers/src/circuits/dkg/share_computation/computation.rs (1)

246-246: Unnecessary .clone() on a Copy type.

DkgInputType derives Copy, so you can just write dkg_input_type: input.dkg_input_type.

Proposed fix

-            dkg_input_type: input.dkg_input_type.clone(),
+            dkg_input_type: input.dkg_input_type,

crates/zk-helpers/src/bin/zk_cli.rs (1)

265-265: Unnecessary .clone() on a Copy type.

Same nit as in computation.rs — DkgInputType is Copy.

-        dkg_input_type.clone(),
+        dkg_input_type,

crates/zk-prover/tests/local_e2e_tests.rs (1)

366-428: The SK and ESM commitment-consistency tests are near-identical.

Consider extracting a shared helper to reduce duplication, e.g.:

async fn assert_share_computation_commitment(
    setup: impl Future<Output = Option<(ZkBackend, tempfile::TempDir, ZkProver, ShareComputationCircuit, ShareComputationCircuitInput, BfvPreset, &'static str)>>,
) {
    let Some((_backend, _temp, prover, circuit, sample, preset, e3_id)) = setup.await else {
        println!("skipping: bb not found");
        return;
    };
    let proof = circuit.prove(&prover, &preset, &sample, e3_id).expect("proof generation should succeed");
    let commitment_from_proof = extract_field(&proof.public_signals, 0);
    let output = ShareComputationCircuit::compute(preset, &sample).expect("computation should succeed");
    assert_eq!(commitment_from_proof, output.witness.expected_secret_commitment, "commitment mismatch");
    prover.cleanup(e3_id).unwrap();
}

This is test code so not critical — just a suggestion.

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@crates/zk-prover/src/traits.rs`:
- Around line 87-93: Fix the typo in the verification error message inside the
check that uses self.valid_circuits() and proof.circuit: update the string
passed to ZkError::VerifyFailed from "circuit mismatch: expected on of {:?}, got
{}" to "circuit mismatch: expected one of {:?}, got {}" so the message reads
"one of" correctly while keeping the existing formatting and use of
self.valid_circuits() and proof.circuit.

🧹 Nitpick comments (1)

crates/zk-prover/tests/local_e2e_tests.rs (1)

109-184: Consider extracting a shared setup helper to reduce duplication.

The two setup functions (setup_share_computation_sk_test and setup_share_computation_e_sm_test) are nearly identical, differing only in fixture name, DkgInputType variant, and e3_id. A parameterized helper would reduce the ~75 lines of duplication.

That said, this is test code and the current approach is clear and readable.

♻️ Example: parameterized helper

+async fn setup_share_computation_test(
+    input_type: DkgInputType,
+    fixture_name: &str,
+    e3_id: &'static str,
+) -> Option<(
+    ZkBackend,
+    tempfile::TempDir,
+    ZkProver,
+    ShareComputationCircuit,
+    ShareComputationCircuitInput,
+    BfvPreset,
+    &'static str,
+)> {
+    let committee = CiphernodesCommitteeSize::Small.values();
+    let preset = BfvPreset::InsecureThreshold512;
+    let bb = find_bb().await?;
+    let (backend, temp) = setup_test_prover(&bb).await;
+
+    setup_circuit_fixtures(&backend, &["dkg", fixture_name], fixture_name).await;
+
+    let sample =
+        ShareComputationCircuitInput::generate_sample(preset, committee, input_type).ok()?;
+    let prover = ZkProver::new(&backend);
+
+    Some((backend, temp, prover, ShareComputationCircuit, sample, preset, e3_id))
+}
+
+async fn setup_share_computation_sk_test() -> Option<(...)> {
+    setup_share_computation_test(DkgInputType::SecretKey, "sk_share_computation", "1").await
+}
+
+async fn setup_share_computation_e_sm_test() -> Option<(...)> {
+    setup_share_computation_test(DkgInputType::SmudgingNoise, "e_sm_share_computation", "2").await
+}