feat: zk proof payload signing and verification [skip-line-limit]

crates/ciphernode-builder/src/ciphernode_builder.rs

@@ -7,6 +7,7 @@
 use crate::event_system::AggregateConfig;
 use crate::{CiphernodeHandle, EventSystem, EvmSystemChainBuilder, ProviderCache, WriteEnabled};
 use actix::{Actor, Addr};
+use alloy::signers::local::PrivateKeySigner;
 use anyhow::Result;
 use derivative::Derivative;
 use e3_aggregator::ext::{PublicKeyAggregatorExtension, ThresholdPlaintextAggregatorExtension};
@@ -67,6 +68,7 @@ pub struct CiphernodeBuilder {
     testmode_history: bool,
     task_pool: Option<TaskPool>,
     threads: Option<usize>,
+    testmode_signer: Option<PrivateKeySigner>,
     threshold_plaintext_agg: bool,
     zk_backend: Option<ZkBackend>,
     net_config: Option<NetConfig>,
@@ -132,6 +134,7 @@ impl CiphernodeBuilder {
             testmode_history: false,
             task_pool: None,
             threads: None,
+            testmode_signer: None,
             threshold_plaintext_agg: false,
             net_config: None,
             zk_backend: None,
@@ -261,6 +264,13 @@ impl CiphernodeBuilder {
         self
     }
 
+    /// Pre-populate the signer cache with the given signer.
+    /// This is conspicuously named so we understand that this should only be used when testing.
+    pub fn testmode_with_signer(mut self, signer: PrivateKeySigner) -> Self {
+        self.testmode_signer = Some(signer);
+        self
+    }
+
     /// Use score-based sortition (recommended)
     pub fn with_sortition_score(mut self) -> Self {
         self.sortition_backend = SortitionBackend::score();
@@ -358,7 +368,11 @@ impl CiphernodeBuilder {
         };
 
         // Create provider cache early to use for chain validation
-        let mut provider_cache = ProviderCache::new();
+        let mut provider_cache = if let Some(signer) = self.testmode_signer.take() {
+            ProviderCache::new().with_signer(signer)
+        } else {
+            ProviderCache::new()
+        };
         let aggregate_config = self.create_aggregate_config(&mut provider_cache).await?;
 
         // Get an event system instance.
@@ -434,8 +448,13 @@ impl CiphernodeBuilder {
                 share_enc_preset,
             ));
 
+            let backend = self
+                .zk_backend
+                .as_ref()
+                .ok_or_else(|| anyhow::anyhow!("ZK backend is required for threshold keyshare"))?;
             info!("Setting up ZK actors");
-            setup_zk_actors(&bus, self.zk_backend.as_ref());
+            let signer = provider_cache.ensure_signer().await?;
+            setup_zk_actors(&bus, backend, signer);
         }
 
         if self.pubkey_agg {

crates/ciphernode-builder/src/provider_caches.rs

@@ -44,6 +44,11 @@ impl ProviderCache<ReadOnly> {
         }
     }
 
+    pub fn with_signer(mut self, signer: LocalSigner<SigningKey>) -> Self {
+        self.signer_cache = Some(signer);
+        self
+    }
+
     pub fn from_single_read_provider(
         chain: ChainConfig,
         provider: EthProvider<ConcreteReadProvider>,

crates/events/src/enclave_event/encryption_key_created.rs

@@ -4,7 +4,7 @@
 // without even the implied warranty of MERCHANTABILITY
 // or FITNESS FOR A PARTICULAR PURPOSE.
 
-use crate::{E3id, Proof};
+use crate::{E3id, Proof, SignedProofPayload};
 use actix::Message;
 use derivative::Derivative;
 use e3_utils::utility_types::ArcBytes;
@@ -23,6 +23,9 @@ pub struct EncryptionKey {
     pub pk_bfv: ArcBytes,
     /// Proof of correct BFV public key generation (T0 proof).
     pub proof: Option<Proof>,
+    /// ECDSA-signed payload for fault attribution.
+    /// Present when the node signs its proof before broadcasting.
+    pub signed_payload: Option<SignedProofPayload>,
 }
 
 impl EncryptionKey {
@@ -31,13 +34,19 @@ impl EncryptionKey {
             party_id,
             pk_bfv: pk_bfv.into(),
             proof: None,
+            signed_payload: None,
         }
     }
 
     pub fn with_proof(mut self, proof: Proof) -> Self {
         self.proof = Some(proof);
         self
     }
+
+    pub fn with_signed_payload(mut self, signed: SignedProofPayload) -> Self {
+        self.signed_payload = Some(signed);
+        self
+    }
 }
 
 #[derive(Message, Clone, Debug, PartialEq, Eq, Hash, Serialize, Deserialize)]

crates/events/src/enclave_event/mod.rs

@@ -36,6 +36,7 @@ mod proof;
 mod publickey_aggregated;
 mod publish_document;
 mod shutdown;
+mod signed_proof;
 mod sync_effect;
 mod sync_end;
 mod sync_start;
@@ -80,6 +81,7 @@ pub use proof::*;
 pub use publickey_aggregated::*;
 pub use publish_document::*;
 pub use shutdown::*;
+pub use signed_proof::*;
 use strum::IntoStaticStr;
 pub use sync_effect::*;
 pub use sync_end::*;
@@ -223,6 +225,7 @@ pub enum EnclaveEventData {
     ComputeRequest(ComputeRequest),           // ComputeRequested
     ComputeResponse(ComputeResponse),         // ComputeResponseReceived
     ComputeRequestError(ComputeRequestError), // ComputeRequestFailed
+    SignedProofFailed(SignedProofFailed),
     OutgoingSyncRequested(OutgoingSyncRequested),
     NetSyncEventsReceived(NetSyncEventsReceived),
     EvmSyncEventsReceived(EvmSyncEventsReceived),
@@ -438,6 +441,7 @@ impl EnclaveEventData {
             EnclaveEventData::TicketSubmitted(ref data) => Some(data.e3_id.clone()),
             EnclaveEventData::EncryptionKeyCreated(ref data) => Some(data.e3_id.clone()),
             EnclaveEventData::ComputeResponse(ref data) => Some(data.e3_id.clone()),
+            EnclaveEventData::SignedProofFailed(ref data) => Some(data.e3_id.clone()),
             EnclaveEventData::E3Failed(ref data) => Some(data.e3_id.clone()),
             EnclaveEventData::E3StageChanged(ref data) => Some(data.e3_id.clone()),
             _ => None,
@@ -505,6 +509,7 @@ impl_event_types!(
     ComputeRequest,
     ComputeResponse,
     ComputeRequestError,
+    SignedProofFailed,
     OutgoingSyncRequested,
     NetSyncEventsReceived,
     EvmSyncEventsReceived,