chore: refactor proof gen to zk-prover [skip-line-limit]

crates/ciphernode-builder/src/ciphernode_builder.rs

@@ -435,6 +435,15 @@ impl CiphernodeBuilder {
             // Currently hardcoded to InsecureDkg512 for DKG operations.
             // Production deployments should use BfvPreset::SecureDkg8192.
             let share_enc_preset = BfvPreset::InsecureDkg512;
+
+            let backend = self
+                .zk_backend
+                .as_ref()
+                .ok_or_else(|| anyhow::anyhow!("ZK backend is required for threshold keyshare"))?;
+
+            // Ensure signer is available before setting up extensions that need it
+            let signer = provider_cache.ensure_signer().await?;
+
             info!("Setting up ThresholdKeyshareExtension");
             e3_builder = e3_builder.with(ThresholdKeyshareExtension::create(
                 &bus,
@@ -443,12 +452,7 @@ impl CiphernodeBuilder {
                 share_enc_preset,
             ));
 
-            let backend = self
-                .zk_backend
-                .as_ref()
-                .ok_or_else(|| anyhow::anyhow!("ZK backend is required for threshold keyshare"))?;
             info!("Setting up ZK actors");
-            let signer = provider_cache.ensure_signer().await?;
             setup_zk_actors(&bus, backend, signer);
         }
 

crates/ciphernode-builder/src/eventbus_factory.rs

@@ -6,11 +6,8 @@
 
 use actix::Actor;
 use actix::Addr;
-use e3_config::AppConfig;
-use e3_data::Repositories;
 use e3_events::Disabled;
 use e3_events::EventType;
-use e3_evm::EthPrivateKeyRepositoryFactory;
 use once_cell::sync::Lazy;
 use std::any::Any;
 use std::any::TypeId;

crates/ciphernode-builder/src/evm_system.rs

@@ -8,14 +8,11 @@ use std::mem::replace;
 
 use actix::Actor;
 use alloy::{primitives::Address, providers::Provider};
-use e3_events::{
-    run_once, BusHandle, EventExtractor, EventSubscriber, EventType, HistoricalEvmSyncStart,
-};
+use e3_events::{run_once, BusHandle, EventSubscriber, EventType, HistoricalEvmSyncStart};
 use e3_evm::{
     EthProvider, EvmChainGateway, EvmEventProcessor, EvmReadInterface, EvmRouter, Filters,
-    FixHistoricalOrder, SyncStartExtractor,
+    FixHistoricalOrder,
 };
-use e3_utils::actix::oneshot_runner::OneShotRunner;
 
 pub trait RouteFn: FnOnce(EvmEventProcessor) -> EvmEventProcessor + Send {}
 impl<F> RouteFn for F where F: FnOnce(EvmEventProcessor) -> EvmEventProcessor + Send {}

crates/cli/src/ciphernode/setup.rs

@@ -9,12 +9,11 @@ use anyhow::Result;
 use dialoguer::{theme::ColorfulTheme, Input};
 use e3_config::AppConfig;
 use e3_entrypoint::config::setup;
-use e3_utils::{colorize, eth_address_from_private_key, Color};
+use e3_utils::{colorize, Color};
 use std::path::PathBuf;
 use tracing::instrument;
 use zeroize::Zeroizing;
 
-use crate::password_set;
 use crate::password_set::ask_for_password;
 use crate::wallet_set::ask_for_private_key;
 

crates/cli/src/start.rs

@@ -5,7 +5,7 @@
 // or FITNESS FOR A PARTICULAR PURPOSE.
 
 use crate::owo;
-use anyhow::{anyhow, Result};
+use anyhow::Result;
 use e3_config::{AppConfig, NodeRole};
 use e3_entrypoint::helpers::listen_for_shutdown;
 use tracing::{info, instrument};

crates/entrypoint/src/start/aggregator_start.rs

@@ -4,7 +4,6 @@
 // without even the implied warranty of MERCHANTABILITY
 // or FITNESS FOR A PARTICULAR PURPOSE.
 
-use alloy::primitives::Address;
 use anyhow::Result;
 use e3_ciphernode_builder::{CiphernodeBuilder, CiphernodeHandle};
 use e3_config::AppConfig;

crates/events/src/enclave_event/compute_request/zk.rs

@@ -4,7 +4,8 @@
 // without even the implied warranty of MERCHANTABILITY
 // or FITNESS FOR A PARTICULAR PURPOSE.
 
-use crate::{Proof, ProofType, SignedProofPayload};
+use crate::{Proof, SignedProofPayload};
+use alloy::primitives::Address;
 use derivative::Derivative;
 use e3_crypto::SensitiveBytes;
 use e3_fhe_params::BfvPreset;
@@ -271,16 +272,18 @@ pub struct VerifyShareProofsResponse {
 }
 
 /// Verification result for all proofs from a single sender.
+///
+/// Used for both C2/C3 and C4 verification results.
 #[derive(Clone, Debug, PartialEq, Eq, Hash, Serialize, Deserialize)]
 pub struct PartyVerificationResult {
     /// The party whose proofs were verified.
     pub sender_party_id: u64,
     /// Whether ALL proofs from this party verified successfully.
     pub all_verified: bool,
-    /// If any proof failed: the proof type that failed.
-    pub failed_proof_type: Option<ProofType>,
     /// If any proof failed: the signed payload for fault attribution.
     pub failed_signed_payload: Option<SignedProofPayload>,
+    /// ECDSA-recovered address of the signer (set during verification).
+    pub recovered_address: Option<Address>,
 }
 
 /// Request to batch-verify C4 proofs from DecryptionKeyShared events.
@@ -297,26 +300,17 @@ pub struct VerifyShareDecryptionProofsRequest {
 pub struct PartyShareDecryptionProofsToVerify {
     /// The party that generated these proofs.
     pub sender_party_id: u64,
-    /// C4a proof (SecretKey decryption).
-    pub sk_decryption_proof: Proof,
-    /// C4b proofs (SmudgingNoise decryption), one per smudging noise index.
-    pub esm_decryption_proofs: Vec<Proof>,
+    /// Signed C4a proof (SecretKey decryption).
+    pub signed_sk_decryption_proof: SignedProofPayload,
+    /// Signed C4b proofs (SmudgingNoise decryption), one per smudging noise index.
+    pub signed_esm_decryption_proofs: Vec<SignedProofPayload>,
 }
 
 /// Batch verification results for C4 proofs.
 #[derive(Clone, Debug, PartialEq, Eq, Hash, Serialize, Deserialize)]
 pub struct VerifyShareDecryptionProofsResponse {
     /// Per-party verification results.
-    pub party_results: Vec<PartyShareDecryptionVerificationResult>,
-}
-
-/// Verification result for C4 proofs from a single sender.
-#[derive(Clone, Debug, PartialEq, Eq, Hash, Serialize, Deserialize)]
-pub struct PartyShareDecryptionVerificationResult {
-    /// The party whose C4 proofs were verified.
-    pub sender_party_id: u64,
-    /// Whether ALL C4 proofs from this party verified successfully.
-    pub all_verified: bool,
+    pub party_results: Vec<PartyVerificationResult>,
 }
 
 /// ZK-specific error variants.

crates/events/src/enclave_event/decryption_key_shared.rs

@@ -4,7 +4,7 @@
 // without even the implied warranty of MERCHANTABILITY
 // or FITNESS FOR A PARTICULAR PURPOSE.
 
-use crate::{E3id, Proof};
+use crate::{E3id, SignedProofPayload};
 use actix::Message;
 use derivative::Derivative;
 use e3_utils::utility_types::ArcBytes;
@@ -27,10 +27,10 @@ pub struct DecryptionKeyShared {
     pub sk_poly_sum: ArcBytes,
     /// Lagrange-interpolated aggregated E_SM polynomials (serialized), one per smudging noise.
     pub es_poly_sum: Vec<ArcBytes>,
-    /// C4a proof (SecretKey decryption).
-    pub sk_decryption_proof: Proof,
-    /// C4b proofs (SmudgingNoise decryption), one per smudging noise index.
-    pub esm_decryption_proofs: Vec<Proof>,
+    /// ECDSA-signed C4a proof (SecretKey decryption) for verification and fault attribution.
+    pub signed_sk_decryption_proof: SignedProofPayload,
+    /// ECDSA-signed C4b proofs (SmudgingNoise decryption), one per smudging noise index.
+    pub signed_esm_decryption_proofs: Vec<SignedProofPayload>,
     /// Whether this was received from the network.
     pub external: bool,
 }

crates/events/src/enclave_event/decryption_share_proofs.rs

@@ -0,0 +1,36 @@
+// SPDX-License-Identifier: LGPL-3.0-only
+//
+// This file is provided WITHOUT ANY WARRANTY;
+// without even the implied warranty of MERCHANTABILITY
+// or FITNESS FOR A PARTICULAR PURPOSE.
+
+//! Events for C4 proof generation and signing flow.
+//!
+//! `DecryptionShareProofsPending` is published by [`ThresholdKeyshare`] when it
+//! has computed the decryption data and needs C4 proofs generated and signed.
+//! `ProofRequestActor` generates the proofs, signs them, and publishes
+//! `DecryptionKeyShared` (Exchange #3) directly.
+
+use crate::{DkgShareDecryptionProofRequest, E3id};
+use e3_utils::utility_types::ArcBytes;
+use serde::{Deserialize, Serialize};
+
+/// ThresholdKeyshare → ProofRequestActor: generate and sign C4 proofs.
+///
+/// Carries both the proof generation inputs (sk_request, esm_requests)
+/// and the protocol data (sk_poly_sum, es_poly_sum, node) so that
+/// ProofRequestActor can publish `DecryptionKeyShared` directly.
+#[derive(Clone, Debug, PartialEq, Eq, Hash, Serialize, Deserialize)]
+pub struct DecryptionShareProofsPending {
+    pub e3_id: E3id,
+    pub party_id: u64,
+    pub node: String,
+    /// Decrypted SK polynomial sum (for Exchange #3).
+    pub sk_poly_sum: ArcBytes,
+    /// Decrypted ES polynomial sums (for Exchange #3).
+    pub es_poly_sum: Vec<ArcBytes>,
+    /// C4a proof request (SecretKey decryption).
+    pub sk_request: DkgShareDecryptionProofRequest,
+    /// C4b proof requests (SmudgingNoise decryption), one per ESI index.
+    pub esm_requests: Vec<DkgShareDecryptionProofRequest>,
+}

crates/events/src/enclave_event/mod.rs

@@ -15,6 +15,7 @@ mod committee_requested;
 mod compute_request;
 mod configuration_updated;
 mod decryption_key_shared;
+mod decryption_share_proofs;
 mod decryptionshare_created;
 mod die;
 mod e3_failed;
@@ -38,6 +39,7 @@ mod proof;
 mod publickey_aggregated;
 mod publish_document;
 mod share_computation_proof_signed;
+mod share_verification;
 mod shutdown;
 mod signed_proof;
 mod sync_effect;
@@ -63,6 +65,7 @@ pub use committee_requested::*;
 pub use compute_request::*;
 pub use configuration_updated::*;
 pub use decryption_key_shared::*;
+pub use decryption_share_proofs::*;
 pub use decryptionshare_created::*;
 pub use die::*;
 pub use e3_failed::*;
@@ -87,6 +90,7 @@ pub use proof::*;
 pub use publickey_aggregated::*;
 pub use publish_document::*;
 pub use share_computation_proof_signed::*;
+pub use share_verification::*;
 pub use shutdown::*;
 pub use signed_proof::*;
 use strum::IntoStaticStr;
@@ -238,6 +242,9 @@ pub enum EnclaveEventData {
     ComputeResponse(ComputeResponse),         // ComputeResponseReceived
     ComputeRequestError(ComputeRequestError), // ComputeRequestFailed
     SignedProofFailed(SignedProofFailed),
+    DecryptionShareProofsPending(DecryptionShareProofsPending),
+    ShareVerificationDispatched(ShareVerificationDispatched),
+    ShareVerificationComplete(ShareVerificationComplete),
     OutgoingSyncRequested(OutgoingSyncRequested),
     NetSyncEventsReceived(NetSyncEventsReceived),
     HistoricalEvmSyncStart(HistoricalEvmSyncStart),
@@ -492,6 +499,9 @@ impl EnclaveEventData {
             EnclaveEventData::ComputeResponse(ref data) => Some(data.e3_id.clone()),
             EnclaveEventData::TestEvent(ref data) => data.e3_id.clone(),
             EnclaveEventData::SignedProofFailed(ref data) => Some(data.e3_id.clone()),
+            EnclaveEventData::DecryptionShareProofsPending(ref data) => Some(data.e3_id.clone()),
+            EnclaveEventData::ShareVerificationDispatched(ref data) => Some(data.e3_id.clone()),
+            EnclaveEventData::ShareVerificationComplete(ref data) => Some(data.e3_id.clone()),
             EnclaveEventData::E3Failed(ref data) => Some(data.e3_id.clone()),
             EnclaveEventData::E3StageChanged(ref data) => Some(data.e3_id.clone()),
             _ => None,
@@ -560,6 +570,9 @@ impl_event_types!(
     ComputeResponse,
     ComputeRequestError,
     SignedProofFailed,
+    DecryptionShareProofsPending,
+    ShareVerificationDispatched,
+    ShareVerificationComplete,
     OutgoingSyncRequested,
     NetSyncEventsReceived,
     HistoricalEvmSyncStart,

crates/events/src/enclave_event/proof.rs

@@ -96,6 +96,6 @@ impl CircuitName {
 
 impl fmt::Display for CircuitName {
     fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
-        write!(f, "{}", self.as_str())
+        write!(f, "{}", self.dir_path())
     }
 }

crates/events/src/enclave_event/share_verification.rs

@@ -0,0 +1,50 @@
+// SPDX-License-Identifier: LGPL-3.0-only
+//
+// This file is provided WITHOUT ANY WARRANTY;
+// without even the implied warranty of MERCHANTABILITY
+// or FITNESS FOR A PARTICULAR PURPOSE.
+
+//! Events for C2/C3/C4 share proof verification flow.
+//!
+//! `ShareVerificationDispatched` is published by [`ThresholdKeyshare`] when
+//! proof verification is needed. [`ShareVerificationActor`] subscribes and
+//! orchestrates ECDSA validation + ZK verification via multithread.
+//!
+//! `ShareVerificationComplete` is published by [`ShareVerificationActor`]
+//! when verification finishes, carrying the set of dishonest party IDs.
+
+use crate::{E3id, PartyProofsToVerify, PartyShareDecryptionProofsToVerify};
+use serde::{Deserialize, Serialize};
+use std::collections::BTreeSet;
+
+/// Which verification phase this request/result refers to.
+#[derive(Clone, Debug, PartialEq, Eq, Hash, Serialize, Deserialize)]
+pub enum VerificationKind {
+    /// C2/C3 share proof verification (after AllThresholdSharesCollected).
+    ShareProofs,
+    /// C4 share decryption proof verification (after AllDecryptionKeySharesCollected).
+    DecryptionProofs,
+}
+
+/// ThresholdKeyshare → ShareVerificationActor: verify party proofs.
+#[derive(Clone, Debug, PartialEq, Eq, Hash, Serialize, Deserialize)]
+pub struct ShareVerificationDispatched {
+    pub e3_id: E3id,
+    pub kind: VerificationKind,
+    /// C2/C3 party proofs (when kind == ShareProofs).
+    pub share_proofs: Vec<PartyProofsToVerify>,
+    /// C4 party proofs (when kind == DecryptionProofs).
+    pub decryption_proofs: Vec<PartyShareDecryptionProofsToVerify>,
+    /// Parties already identified as dishonest before verification
+    /// (e.g., missing/incomplete proofs). Merged into the final result.
+    pub pre_dishonest: BTreeSet<u64>,
+}
+
+/// ShareVerificationActor → ThresholdKeyshare: verification results.
+#[derive(Clone, Debug, PartialEq, Eq, Hash, Serialize, Deserialize)]
+pub struct ShareVerificationComplete {
+    pub e3_id: E3id,
+    pub kind: VerificationKind,
+    /// All dishonest parties (pre-dishonest + ECDSA-failed + ZK-failed).
+    pub dishonest_parties: BTreeSet<u64>,
+}

crates/events/src/eventstore_router.rs

@@ -78,7 +78,7 @@ impl Handler<EventStoreQueryResponse> for QueryAggregator {
 impl Handler<Die> for QueryAggregator {
     type Result = ();
 
-    fn handle(&mut self, msg: Die, ctx: &mut Self::Context) -> Self::Result {
+    fn handle(&mut self, _msg: Die, ctx: &mut Self::Context) -> Self::Result {
         ctx.stop()
     }
 }

crates/events/src/snapshot_buffer/batch.rs

@@ -7,7 +7,6 @@ use std::mem::replace;
 
 use actix::{Actor, ActorContext, Addr, AsyncContext, Handler, Message, Recipient};
 use e3_utils::MAILBOX_LIMIT;
-use tracing::debug;
 
 use crate::{trap, Die, EType, Insert, InsertBatch, PanicDispatcher};
 

crates/events/src/snapshot_buffer/batch_router.rs

@@ -16,7 +16,7 @@ use actix::{Actor, Addr, Handler, Message, Recipient};
 use anyhow::Context;
 use e3_utils::MAILBOX_LIMIT;
 use std::{collections::HashMap, sync::Arc, time::Duration};
-use tracing::{debug, info, trace, warn};
+use tracing::debug;
 
 type Seq = u64;
 

crates/events/src/snapshot_buffer/snapshot_buffer.rs

@@ -140,7 +140,7 @@ impl Handler<Insert> for SnapshotBuffer {
 
 impl Handler<EnclaveEvent> for SnapshotBuffer {
     type Result = ();
-    fn handle(&mut self, msg: EnclaveEvent, ctx: &mut Self::Context) -> Self::Result {
+    fn handle(&mut self, msg: EnclaveEvent, _ctx: &mut Self::Context) -> Self::Result {
         trap(EType::IO, &PanicDispatcher::new(), || {
             if let Some(ref router) = self.router {
                 router.try_send(msg)?;

crates/evm/src/evm_parser.rs

@@ -7,7 +7,7 @@
 use actix::{Actor, Handler};
 use e3_events::{hlc::HlcTimestamp, EnclaveEventData};
 use e3_utils::MAILBOX_LIMIT;
-use tracing::{debug, info};
+use tracing::debug;
 
 use crate::{
     events::{EnclaveEvmEvent, EvmEventProcessor, EvmLog},