feat: integrate pk_generation proof in ciphernode [skip-line-limit]

crates/events/Cargo.toml

@@ -31,6 +31,7 @@ e3-crypto = { workspace = true }
 e3-trbfv = { workspace = true }
 e3-utils = { workspace = true }
 e3-fhe-params = { workspace = true }
+e3-zk-helpers = { workspace = true }
 
 [features]
 test-helpers = [] # ensure test-helpers is available for integration tests

crates/events/src/enclave_event/compute_request/mod.rs

@@ -82,6 +82,7 @@ impl ToString for ComputeRequest {
             },
             ComputeRequestKind::Zk(req) => match req {
                 ZkRequest::PkBfv(_) => "ZkPkBfv",
+                ZkRequest::PkGeneration(_) => "ZkPkGeneration",
             },
         }
         .to_string()

crates/events/src/enclave_event/compute_request/zk.rs

@@ -6,15 +6,19 @@
 
 use crate::Proof;
 use derivative::Derivative;
+use e3_crypto::SensitiveBytes;
 use e3_fhe_params::BfvPreset;
 use e3_utils::utility_types::ArcBytes;
+use e3_zk_helpers::CiphernodesCommitteeSize;
 use serde::{Deserialize, Serialize};
 
 /// ZK proof generation request variants.
 #[derive(Clone, Debug, PartialEq, Eq, Hash, Serialize, Deserialize)]
 pub enum ZkRequest {
     /// Generate proof for BFV public key (T0).
     PkBfv(PkBfvProofRequest),
+    /// Generate proof for PK generation (T1a).
+    PkGeneration(PkGenerationProofRequest),
 }
 
 /// Request to generate a proof for BFV public key generation (T0).
@@ -27,6 +31,28 @@ pub struct PkBfvProofRequest {
     pub params_preset: BfvPreset,
 }
 
+/// Request to generate a proof for PK share generation (T1a).
+#[derive(Derivative, Clone, PartialEq, Eq, Hash, Serialize, Deserialize)]
+#[derivative(Debug)]
+pub struct PkGenerationProofRequest {
+    /// Raw pk0 share polynomial bytes (public statement).
+    #[derivative(Debug(format_with = "e3_utils::formatters::hexf"))]
+    pub pk0_share: ArcBytes,
+    /// Raw common random polynomial bytes (public statement).
+    #[derivative(Debug(format_with = "e3_utils::formatters::hexf"))]
+    pub a: ArcBytes,
+    /// Raw secret key polynomial bytes (witness — encrypted at rest).
+    pub sk: SensitiveBytes,
+    /// Raw error polynomial bytes (witness — encrypted at rest).
+    pub eek: SensitiveBytes,
+    /// Raw smudging noise polynomial bytes (witness — encrypted at rest).
+    pub e_sm: SensitiveBytes,
+    /// BFV preset for parameter resolution.
+    pub params_preset: BfvPreset,
+    /// The size of the committee
+    pub committee_size: CiphernodesCommitteeSize,
+}
+
 impl PkBfvProofRequest {
     pub fn new(pk_bfv: impl Into<ArcBytes>, params_preset: BfvPreset) -> Self {
         Self {
@@ -36,11 +62,35 @@ impl PkBfvProofRequest {
     }
 }
 
+impl PkGenerationProofRequest {
+    pub fn new(
+        pk0_share: impl Into<ArcBytes>,
+        a: impl Into<ArcBytes>,
+        sk: SensitiveBytes,
+        eek: SensitiveBytes,
+        e_sm: SensitiveBytes,
+        params_preset: BfvPreset,
+        committee_size: CiphernodesCommitteeSize,
+    ) -> Self {
+        Self {
+            pk0_share: pk0_share.into(),
+            a: a.into(),
+            sk,
+            eek,
+            params_preset,
+            e_sm,
+            committee_size,
+        }
+    }
+}
+
 /// ZK proof generation response variants.
 #[derive(Clone, Debug, PartialEq, Eq, Hash, Serialize, Deserialize)]
 pub enum ZkResponse {
     /// Proof for BFV public key (T0).
     PkBfv(PkBfvProofResponse),
+    /// Proof for PK generation (T1a).
+    PkGeneration(PkGenerationProofResponse),
 }
 
 /// Response containing a generated BFV public key proof.
@@ -49,12 +99,24 @@ pub struct PkBfvProofResponse {
     pub proof: Proof,
 }
 
+/// Response containing a generated PK generation proof.
+#[derive(Clone, Debug, PartialEq, Eq, Hash, Serialize, Deserialize)]
+pub struct PkGenerationProofResponse {
+    pub proof: Proof,
+}
+
 impl PkBfvProofResponse {
     pub fn new(proof: Proof) -> Self {
         Self { proof }
     }
 }
 
+impl PkGenerationProofResponse {
+    pub fn new(proof: Proof) -> Self {
+        Self { proof }
+    }
+}
+
 /// ZK-specific error variants.
 #[derive(Clone, Debug, PartialEq, Eq, Hash, Serialize, Deserialize)]
 pub enum ZkError {

crates/events/src/enclave_event/keyshare_created.rs

@@ -4,7 +4,7 @@
 // without even the implied warranty of MERCHANTABILITY
 // or FITNESS FOR A PARTICULAR PURPOSE.
 
-use crate::E3id;
+use crate::{E3id, SignedProofPayload};
 use actix::Message;
 use derivative::Derivative;
 use e3_utils::ArcBytes;
@@ -19,6 +19,7 @@ pub struct KeyshareCreated {
     pub pubkey: ArcBytes,
     pub e3_id: E3id,
     pub node: String,
+    pub signed_pk_generation_proof: Option<SignedProofPayload>,
 }
 
 impl Display for KeyshareCreated {

crates/events/src/enclave_event/mod.rs

@@ -30,6 +30,7 @@ mod keyshare_created;
 mod net_sync_events_received;
 mod operator_activation_changed;
 mod outgoing_sync_requested;
+mod pk_generation_proof_signed;
 mod plaintext_aggregated;
 mod plaintext_output_published;
 mod proof;
@@ -43,6 +44,7 @@ mod sync_start;
 mod test_event;
 mod threshold_share_collection_failed;
 mod threshold_share_created;
+mod threshold_share_pending;
 mod ticket_balance_updated;
 mod ticket_generated;
 mod ticket_submitted;
@@ -75,6 +77,7 @@ pub use keyshare_created::*;
 pub use net_sync_events_received::*;
 pub use operator_activation_changed::*;
 pub use outgoing_sync_requested::*;
+pub use pk_generation_proof_signed::*;
 pub use plaintext_aggregated::*;
 pub use plaintext_output_published::*;
 pub use proof::*;
@@ -89,6 +92,7 @@ pub use sync_start::*;
 pub use test_event::*;
 pub use threshold_share_collection_failed::*;
 pub use threshold_share_created::*;
+pub use threshold_share_pending::*;
 pub use ticket_balance_updated::*;
 pub use ticket_generated::*;
 pub use ticket_submitted::*;
@@ -210,13 +214,15 @@ pub enum EnclaveEventData {
     TicketGenerated(TicketGenerated),
     TicketSubmitted(TicketSubmitted),
     PlaintextOutputPublished(PlaintextOutputPublished),
+    PkGenerationProofSigned(PkGenerationProofSigned),
     EnclaveError(EnclaveError),
     E3RequestComplete(E3RequestComplete),
     E3Failed(E3Failed),
     E3StageChanged(E3StageChanged),
     Shutdown(Shutdown),
     DocumentReceived(DocumentReceived),
     ThresholdShareCreated(ThresholdShareCreated),
+    ThresholdSharePending(ThresholdSharePending),
     EncryptionKeyPending(EncryptionKeyPending),
     EncryptionKeyReceived(EncryptionKeyReceived),
     EncryptionKeyCreated(EncryptionKeyCreated),
@@ -461,8 +467,10 @@ impl EnclaveEventData {
             EnclaveEventData::CiphertextOutputPublished(ref data) => Some(data.e3_id.clone()),
             EnclaveEventData::DecryptionshareCreated(ref data) => Some(data.e3_id.clone()),
             EnclaveEventData::PlaintextAggregated(ref data) => Some(data.e3_id.clone()),
+            EnclaveEventData::PkGenerationProofSigned(ref data) => Some(data.e3_id.clone()),
             EnclaveEventData::CiphernodeSelected(ref data) => Some(data.e3_id.clone()),
             EnclaveEventData::ThresholdShareCreated(ref data) => Some(data.e3_id.clone()),
+            EnclaveEventData::ThresholdSharePending(ref data) => Some(data.e3_id.clone()),
             EnclaveEventData::EncryptionKeyPending(ref data) => Some(data.e3_id.clone()),
             EnclaveEventData::EncryptionKeyReceived(ref data) => Some(data.e3_id.clone()),
             EnclaveEventData::CommitteePublished(ref data) => Some(data.e3_id.clone()),
@@ -510,6 +518,7 @@ impl_event_types!(
     DecryptionshareCreated,
     PlaintextAggregated,
     PublishDocumentRequested,
+    PkGenerationProofSigned,
     E3RequestComplete,
     E3Failed,
     E3StageChanged,
@@ -531,6 +540,7 @@ impl_event_types!(
     TestEvent,
     DocumentReceived,
     ThresholdShareCreated,
+    ThresholdSharePending,
     EncryptionKeyPending,
     EncryptionKeyReceived,
     EncryptionKeyCreated,

crates/events/src/enclave_event/pk_generation_proof_signed.rs

@@ -0,0 +1,24 @@
+// SPDX-License-Identifier: LGPL-3.0-only
+//
+// This file is provided WITHOUT ANY WARRANTY;
+// without even the implied warranty of MERCHANTABILITY
+// or FITNESS FOR A PARTICULAR PURPOSE.
+
+use crate::{E3id, SignedProofPayload};
+use actix::Message;
+use serde::{Deserialize, Serialize};
+use std::fmt::{self, Display};
+
+#[derive(Message, Clone, Debug, PartialEq, Eq, Hash, Serialize, Deserialize)]
+#[rtype(result = "()")]
+pub struct PkGenerationProofSigned {
+    pub e3_id: E3id,
+    pub party_id: u64,
+    pub signed_proof: SignedProofPayload,
+}
+
+impl Display for PkGenerationProofSigned {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        write!(f, "{:?}", self)
+    }
+}

crates/events/src/enclave_event/threshold_share_pending.rs

@@ -0,0 +1,27 @@
+// SPDX-License-Identifier: LGPL-3.0-only
+//
+// This file is provided WITHOUT ANY WARRANTY;
+// without even the implied warranty of MERCHANTABILITY
+// or FITNESS FOR A PARTICULAR PURPOSE.
+
+use crate::{E3id, PkGenerationProofRequest, ThresholdShare};
+use actix::Message;
+use serde::{Deserialize, Serialize};
+use std::fmt::{self, Display};
+use std::sync::Arc;
+
+#[derive(Message, Clone, Debug, PartialEq, Eq, Hash, Serialize, Deserialize)]
+#[rtype(result = "()")]
+pub struct ThresholdSharePending {
+    pub e3_id: E3id,
+    /// Full threshold share containing all encrypted shares for all parties
+    pub full_share: Arc<ThresholdShare>,
+    /// The proof request data for the zk actor
+    pub proof_request: PkGenerationProofRequest,
+}
+
+impl Display for ThresholdSharePending {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        write!(f, "{:?}", self)
+    }
+}

crates/keyshare/Cargo.toml

@@ -21,6 +21,7 @@ e3-multithread = { workspace = true }
 e3-request = { workspace = true }
 e3-trbfv = { workspace = true }
 e3-utils = { workspace = true }
+e3-zk-helpers = { workspace = true }
 fhe = { workspace = true }
 fhe-traits = { workspace = true }
 rand = { workspace = true }