feat: integrate proof of correct share decryption [skip-line-limit]

crates/events/src/enclave_event/compute_request/mod.rs

@@ -85,6 +85,8 @@ impl ToString for ComputeRequest {
                 ZkRequest::PkGeneration(_) => "ZkPkGeneration",
                 ZkRequest::ShareComputation(_) => "ZkShareComputation",
                 ZkRequest::ShareEncryption(_) => "ZkShareEncryption",
+                ZkRequest::DkgShareDecryption(_) => "ZkDkgShareDecryption",
+                ZkRequest::VerifyShareProofs(_) => "ZkVerifyShareProofs",
             },
         }
         .to_string()

crates/events/src/enclave_event/compute_request/zk.rs

@@ -4,7 +4,7 @@
 // without even the implied warranty of MERCHANTABILITY
 // or FITNESS FOR A PARTICULAR PURPOSE.
 
-use crate::Proof;
+use crate::{Proof, ProofType, SignedProofPayload};
 use derivative::Derivative;
 use e3_crypto::SensitiveBytes;
 use e3_fhe_params::BfvPreset;
@@ -23,6 +23,10 @@ pub enum ZkRequest {
     ShareComputation(ShareComputationProofRequest),
     /// Generate proof for share encryption (C3a/C3b).
     ShareEncryption(ShareEncryptionProofRequest),
+    /// Generate proof for DKG share decryption (C4a/C4b).
+    DkgShareDecryption(DkgShareDecryptionProofRequest),
+    /// Batch-verify C2/C3 proofs from other parties.
+    VerifyShareProofs(VerifyShareProofsRequest),
 }
 
 /// Request to generate a proof for share computation (C2a or C2b).
@@ -73,6 +77,28 @@ pub struct ShareEncryptionProofRequest {
     pub esi_index: usize,
 }
 
+/// Request to generate a proof for DKG share decryption (C4a or C4b).
+///
+/// Proves that a node correctly decrypted H honest parties' BFV-encrypted
+/// Shamir shares using its own BFV secret key.
+#[derive(Derivative, Clone, PartialEq, Eq, Hash, Serialize, Deserialize)]
+#[derivative(Debug)]
+pub struct DkgShareDecryptionProofRequest {
+    /// BFV secret key used for decryption (witness — encrypted at rest).
+    pub sk_bfv: SensitiveBytes,
+    /// Serialized BFV Ciphertext bytes from H honest parties, flattened as [H * L].
+    /// Layout: party 0 mod 0, party 0 mod 1, ..., party 1 mod 0, ...
+    pub honest_ciphertexts_raw: Vec<ArcBytes>,
+    /// Number of honest parties (H).
+    pub num_honest_parties: usize,
+    /// Number of CRT moduli (L).
+    pub num_moduli: usize,
+    /// SecretKey or SmudgingNoise.
+    pub dkg_input_type: DkgInputType,
+    /// BFV preset for parameter resolution.
+    pub params_preset: BfvPreset,
+}
+
 /// Request to generate a proof for BFV public key generation (C0).
 #[derive(Derivative, Clone, PartialEq, Eq, Hash, Serialize, Deserialize)]
 #[derivative(Debug)]
@@ -142,6 +168,10 @@ pub enum ZkResponse {
     ShareComputation(ShareComputationProofResponse),
     /// Proof for share encryption (C3a/C3b).
     ShareEncryption(ShareEncryptionProofResponse),
+    /// Proof for DKG share decryption (C4a/C4b).
+    DkgShareDecryption(DkgShareDecryptionProofResponse),
+    /// Batch verification results for C2/C3 proofs.
+    VerifyShareProofs(VerifyShareProofsResponse),
 }
 
 /// Response containing a generated share computation proof.
@@ -174,6 +204,22 @@ pub struct PkGenerationProofResponse {
     pub proof: Proof,
 }
 
+/// Response containing a generated DKG share decryption proof.
+#[derive(Clone, Debug, PartialEq, Eq, Hash, Serialize, Deserialize)]
+pub struct DkgShareDecryptionProofResponse {
+    pub proof: Proof,
+    pub dkg_input_type: DkgInputType,
+}
+
+impl DkgShareDecryptionProofResponse {
+    pub fn new(proof: Proof, dkg_input_type: DkgInputType) -> Self {
+        Self {
+            proof,
+            dkg_input_type,
+        }
+    }
+}
+
 impl ShareComputationProofResponse {
     pub fn new(proof: Proof, dkg_input_type: DkgInputType) -> Self {
         Self {
@@ -195,6 +241,44 @@ impl PkGenerationProofResponse {
     }
 }
 
+/// Request to batch-verify C2/C3 proofs received from other parties.
+///
+/// Grouped by sender so the verifier can report honest/dishonest per party.
+#[derive(Clone, Debug, PartialEq, Eq, Hash, Serialize, Deserialize)]
+pub struct VerifyShareProofsRequest {
+    /// Proofs grouped by sender party_id.
+    pub party_proofs: Vec<PartyProofsToVerify>,
+}
+
+/// All signed proofs from a single sender to verify.
+#[derive(Clone, Debug, PartialEq, Eq, Hash, Serialize, Deserialize)]
+pub struct PartyProofsToVerify {
+    /// The party that generated these proofs.
+    pub sender_party_id: u64,
+    /// Signed proofs to verify (C2a, C2b, C3a×L, C3b×L).
+    pub signed_proofs: Vec<SignedProofPayload>,
+}
+
+/// Batch verification results for C2/C3 proofs.
+#[derive(Clone, Debug, PartialEq, Eq, Hash, Serialize, Deserialize)]
+pub struct VerifyShareProofsResponse {
+    /// Per-party verification results.
+    pub party_results: Vec<PartyVerificationResult>,
+}
+
+/// Verification result for all proofs from a single sender.
+#[derive(Clone, Debug, PartialEq, Eq, Hash, Serialize, Deserialize)]
+pub struct PartyVerificationResult {
+    /// The party whose proofs were verified.
+    pub sender_party_id: u64,
+    /// Whether ALL proofs from this party verified successfully.
+    pub all_verified: bool,
+    /// If any proof failed: the proof type that failed.
+    pub failed_proof_type: Option<ProofType>,
+    /// If any proof failed: the signed payload for fault attribution.
+    pub failed_signed_payload: Option<SignedProofPayload>,
+}
+
 /// ZK-specific error variants.
 #[derive(Clone, Debug, PartialEq, Eq, Hash, Serialize, Deserialize)]
 pub enum ZkError {

crates/events/src/enclave_event/decryption_key_shared.rs

@@ -0,0 +1,46 @@
+// SPDX-License-Identifier: LGPL-3.0-only
+//
+// This file is provided WITHOUT ANY WARRANTY;
+// without even the implied warranty of MERCHANTABILITY
+// or FITNESS FOR A PARTICULAR PURPOSE.
+
+use crate::{E3id, Proof};
+use actix::Message;
+use derivative::Derivative;
+use e3_utils::utility_types::ArcBytes;
+use serde::{Deserialize, Serialize};
+use std::fmt::{self, Display};
+
+/// Exchange #3: Each honest node shares its aggregated trBFV partial key shares
+/// with all other honest nodes, together with C4 proofs of correct BFV decryption.
+#[derive(Message, Derivative, Clone, PartialEq, Eq, Hash, Serialize, Deserialize)]
+#[rtype(result = "()")]
+#[derivative(Debug)]
+pub struct DecryptionKeyShared {
+    pub e3_id: E3id,
+    /// The sender's party_id.
+    pub party_id: u64,
+    /// The sender's node address.
+    pub node: String,
+    /// Lagrange-interpolated aggregated SK polynomial (serialized).
+    #[derivative(Debug(format_with = "e3_utils::formatters::hexf"))]
+    pub sk_poly_sum: ArcBytes,
+    /// Lagrange-interpolated aggregated E_SM polynomials (serialized), one per smudging noise.
+    pub es_poly_sum: Vec<ArcBytes>,
+    /// C4a proof (SecretKey decryption).
+    pub c4a_proof: Proof,
+    /// C4b proofs (SmudgingNoise decryption), one per smudging noise index.
+    pub c4b_proofs: Vec<Proof>,
+    /// Whether this was received from the network.
+    pub external: bool,
+}
+
+impl Display for DecryptionKeyShared {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        write!(
+            f,
+            "DecryptionKeyShared {{ e3_id: {}, party_id: {} }}",
+            self.e3_id, self.party_id
+        )
+    }
+}

crates/events/src/enclave_event/mod.rs

@@ -14,6 +14,7 @@ mod committee_published;
 mod committee_requested;
 mod compute_request;
 mod configuration_updated;
+mod decryption_key_shared;
 mod decryptionshare_created;
 mod die;
 mod e3_failed;
@@ -61,6 +62,7 @@ pub use committee_published::*;
 pub use committee_requested::*;
 pub use compute_request::*;
 pub use configuration_updated::*;
+pub use decryption_key_shared::*;
 pub use decryptionshare_created::*;
 pub use die::*;
 pub use e3_failed::*;
@@ -200,6 +202,7 @@ pub enum EnclaveEventData {
     E3Requested(E3Requested),
     PublicKeyAggregated(PublicKeyAggregated),
     CiphertextOutputPublished(CiphertextOutputPublished),
+    DecryptionKeyShared(DecryptionKeyShared),
     DecryptionshareCreated(DecryptionshareCreated),
     PlaintextAggregated(PlaintextAggregated),
     PublishDocumentRequested(PublishDocumentRequested),
@@ -468,6 +471,7 @@ impl EnclaveEventData {
             EnclaveEventData::E3Requested(ref data) => Some(data.e3_id.clone()),
             EnclaveEventData::PublicKeyAggregated(ref data) => Some(data.e3_id.clone()),
             EnclaveEventData::CiphertextOutputPublished(ref data) => Some(data.e3_id.clone()),
+            EnclaveEventData::DecryptionKeyShared(ref data) => Some(data.e3_id.clone()),
             EnclaveEventData::DecryptionshareCreated(ref data) => Some(data.e3_id.clone()),
             EnclaveEventData::PlaintextAggregated(ref data) => Some(data.e3_id.clone()),
             EnclaveEventData::PkGenerationProofSigned(ref data) => Some(data.e3_id.clone()),
@@ -519,6 +523,7 @@ impl_event_types!(
     E3Requested,
     PublicKeyAggregated,
     CiphertextOutputPublished,
+    DecryptionKeyShared,
     DecryptionshareCreated,
     PlaintextAggregated,
     PublishDocumentRequested,

crates/events/src/enclave_event/threshold_share_created.rs

@@ -4,7 +4,7 @@
 // without even the implied warranty of MERCHANTABILITY
 // or FITNESS FOR A PARTICULAR PURPOSE.
 
-use crate::E3id;
+use crate::{E3id, SignedProofPayload};
 use actix::Message;
 use derivative::Derivative;
 use e3_trbfv::shares::BfvEncryptedShares;
@@ -64,6 +64,18 @@ pub struct ThresholdShareCreated {
     pub share: Arc<ThresholdShare>,
     pub target_party_id: u64,
     pub external: bool,
+    /// Signed C2a proof (sk share computation) from the sender.
+    #[serde(default)]
+    pub signed_c2a_proof: Option<SignedProofPayload>,
+    /// Signed C2b proof (e_sm share computation) from the sender.
+    #[serde(default)]
+    pub signed_c2b_proof: Option<SignedProofPayload>,
+    /// Signed C3a proofs (sk share encryption per modulus row) for this recipient.
+    #[serde(default)]
+    pub signed_c3a_proofs: Vec<SignedProofPayload>,
+    /// Signed C3b proofs (e_sm share encryption per modulus row) for this recipient.
+    #[serde(default)]
+    pub signed_c3b_proofs: Vec<SignedProofPayload>,
 }
 
 impl Display for ThresholdShareCreated {