refactor: proof integration cleanup

crates/events/src/enclave_event/compute_request/zk.rs

@@ -389,7 +389,7 @@ pub struct PartyShareDecryptionProofsToVerify {
     /// Signed C4a proof (SecretKey decryption).
     pub signed_sk_decryption_proof: SignedProofPayload,
     /// Signed C4b proofs (SmudgingNoise decryption), one per smudging noise index.
-    pub signed_esm_decryption_proofs: Vec<SignedProofPayload>,
+    pub signed_e_sm_decryption_proofs: Vec<SignedProofPayload>,
 }
 
 /// Batch verification results for C4 proofs.

crates/events/src/enclave_event/decryption_key_shared.rs

@@ -30,7 +30,7 @@ pub struct DecryptionKeyShared {
     /// ECDSA-signed C4a proof (SecretKey decryption) for verification and fault attribution.
     pub signed_sk_decryption_proof: SignedProofPayload,
     /// ECDSA-signed C4b proofs (SmudgingNoise decryption), one per smudging noise index.
-    pub signed_esm_decryption_proofs: Vec<SignedProofPayload>,
+    pub signed_e_sm_decryption_proofs: Vec<SignedProofPayload>,
     /// Whether this was received from the network.
     pub external: bool,
 }

crates/events/src/enclave_event/signed_proof.rs

@@ -39,12 +39,12 @@ pub enum ProofType {
     C3aSkShareEncryption = 4,
     /// C3b — Smudging noise share encryption proof (Proof 3b).
     C3bESmShareEncryption = 5,
-    /// T2 — DKG share decryption proof (Proof 4).
-    T2DkgShareDecryption = 6,
-    /// T5 — Threshold share decryption proof (Proof 6).
-    T5ShareDecryption = 7,
-    /// T6 — Decrypted shares aggregation proof (Proof 7).
-    T6DecryptedSharesAggregation = 8,
+    /// C4 — DKG share decryption proof (Proof 4).
+    C4DkgShareDecryption = 6,
+    /// C6 — Threshold share decryption proof (Proof 6).
+    C6ThresholdShareDecryption = 7,
+    /// C7 — Decrypted shares aggregation proof (Proof 7).
+    C7DecryptedSharesAggregation = 8,
     /// C5 — Public key aggregation proof (Proof 5).
     C5PkAggregation = 9,
 }
@@ -59,9 +59,9 @@ impl ProofType {
             ProofType::C2bESmShareComputation => vec![CircuitName::ESmShareComputation],
             ProofType::C3aSkShareEncryption => vec![CircuitName::ShareEncryption],
             ProofType::C3bESmShareEncryption => vec![CircuitName::ShareEncryption],
-            ProofType::T2DkgShareDecryption => vec![CircuitName::DkgShareDecryption],
-            ProofType::T5ShareDecryption => vec![CircuitName::ThresholdShareDecryption],
-            ProofType::T6DecryptedSharesAggregation => vec![
+            ProofType::C4DkgShareDecryption => vec![CircuitName::DkgShareDecryption],
+            ProofType::C6ThresholdShareDecryption => vec![CircuitName::ThresholdShareDecryption],
+            ProofType::C7DecryptedSharesAggregation => vec![
                 CircuitName::DecryptedSharesAggregationBn,
                 CircuitName::DecryptedSharesAggregationMod,
             ],
@@ -78,9 +78,9 @@ impl ProofType {
             | ProofType::C2bESmShareComputation
             | ProofType::C3aSkShareEncryption
             | ProofType::C3bESmShareEncryption
-            | ProofType::T2DkgShareDecryption => "E3_BAD_DKG_PROOF",
-            ProofType::T5ShareDecryption => "E3_BAD_DECRYPTION_PROOF",
-            ProofType::T6DecryptedSharesAggregation => "E3_BAD_AGGREGATION_PROOF",
+            | ProofType::C4DkgShareDecryption => "E3_BAD_DKG_PROOF",
+            ProofType::C6ThresholdShareDecryption => "E3_BAD_DECRYPTION_PROOF",
+            ProofType::C7DecryptedSharesAggregation => "E3_BAD_AGGREGATION_PROOF",
             ProofType::C5PkAggregation => "E3_BAD_PK_AGGREGATION_PROOF",
         }
     }
@@ -392,15 +392,15 @@ mod tests {
             vec![CircuitName::ShareEncryption]
         );
         assert_eq!(
-            ProofType::T2DkgShareDecryption.circuit_names(),
+            ProofType::C4DkgShareDecryption.circuit_names(),
             vec![CircuitName::DkgShareDecryption]
         );
         assert_eq!(
-            ProofType::T5ShareDecryption.circuit_names(),
+            ProofType::C6ThresholdShareDecryption.circuit_names(),
             vec![CircuitName::ThresholdShareDecryption]
         );
         assert_eq!(
-            ProofType::T6DecryptedSharesAggregation.circuit_names(),
+            ProofType::C7DecryptedSharesAggregation.circuit_names(),
             vec![
                 CircuitName::DecryptedSharesAggregationBn,
                 CircuitName::DecryptedSharesAggregationMod,

crates/keyshare/src/threshold_keyshare.rs

@@ -1924,11 +1924,11 @@ impl ThresholdKeyshare {
         let party_proofs: Vec<PartyShareDecryptionProofsToVerify> = collected_shares
             .iter()
             .filter_map(|(&party_id, share)| {
-                if share.signed_esm_decryption_proofs.len() != expected_esm {
+                if share.signed_e_sm_decryption_proofs.len() != expected_esm {
                     warn!(
                         "Party {} has wrong ESM proof count ({} vs expected {}) for E3 {} — treating as dishonest",
                         party_id,
-                        share.signed_esm_decryption_proofs.len(),
+                        share.signed_e_sm_decryption_proofs.len(),
                         expected_esm,
                         e3_id
                     );
@@ -1938,7 +1938,7 @@ impl ThresholdKeyshare {
                     Some(PartyShareDecryptionProofsToVerify {
                         sender_party_id: party_id,
                         signed_sk_decryption_proof: share.signed_sk_decryption_proof.clone(),
-                        signed_esm_decryption_proofs: share.signed_esm_decryption_proofs.clone(),
+                        signed_e_sm_decryption_proofs: share.signed_e_sm_decryption_proofs.clone(),
                     })
                 }
             })

crates/multithread/src/multithread.rs

@@ -1159,7 +1159,7 @@ fn handle_verify_share_decryption_proofs(
 
             // Guard: an empty esm_decryption_proofs vec would make this loop
             // vacuously true.  Defence-in-depth: reject any party with zero ESM proofs.
-            if party.signed_esm_decryption_proofs.is_empty() {
+            if party.signed_e_sm_decryption_proofs.is_empty() {
                 return PartyVerificationResult {
                     sender_party_id: sender,
                     all_verified: false,
@@ -1171,7 +1171,7 @@ fn handle_verify_share_decryption_proofs(
             // Flatten all signed proofs (SK + ESMs) and verify uniformly.
             let all_signed: Vec<&e3_events::SignedProofPayload> =
                 std::iter::once(&party.signed_sk_decryption_proof)
-                    .chain(party.signed_esm_decryption_proofs.iter())
+                    .chain(party.signed_e_sm_decryption_proofs.iter())
                     .collect();
 
             for signed_proof in &all_signed {

crates/trbfv/src/gen_pk_share_and_sk_sss.rs

@@ -62,11 +62,11 @@ pub struct GenPkShareAndSkSssResponse {
     pub pk_share: ArcBytes,
     /// SecretKey Shamir Shares for other parties
     pub sk_sss: Encrypted<SharedSecret>,
-    /// Raw pk0 share polynomial (RNS form) for ZK proof generation (T1a).
+    /// Raw pk0 share polynomial (RNS form) for ZK proof generation (C1).
     pub pk0_share_raw: ArcBytes,
-    /// Raw secret key polynomial (RNS form) for ZK proof generation (T1a) — encrypted at rest.
+    /// Raw secret key polynomial (RNS form) for ZK proof generation (C1) — encrypted at rest.
     pub sk_raw: SensitiveBytes,
-    /// Raw error polynomial from key generation (RNS form) for ZK proof generation (T1a) — encrypted at rest.
+    /// Raw error polynomial from key generation (RNS form) for ZK proof generation (C1) — encrypted at rest.
     pub eek_raw: SensitiveBytes,
     /// Raw smudging noise polynomial (RNS form) for ZK proof generation (C1) — encrypted at rest.
     pub e_sm_raw: SensitiveBytes,

crates/zk-prover/src/actors/proof_request.rs

@@ -697,7 +697,7 @@ impl ProofRequestActor {
         // Sign C4a (SK decryption proof)
         let Some(signed_sk) = self.sign_proof(
             e3_id,
-            ProofType::T2DkgShareDecryption,
+            ProofType::C4DkgShareDecryption,
             pending.sk_proof.expect("checked in is_complete"),
         ) else {
             error!("Failed to sign C4a SK proof — DecryptionKeyShared will not be published");
@@ -712,7 +712,7 @@ impl ProofRequestActor {
                 .get(&idx)
                 .expect("checked in is_complete")
                 .clone();
-            let Some(signed) = self.sign_proof(e3_id, ProofType::T2DkgShareDecryption, proof)
+            let Some(signed) = self.sign_proof(e3_id, ProofType::C4DkgShareDecryption, proof)
             else {
                 error!(
                     "Failed to sign C4b ESM proof [{}] — DecryptionKeyShared will not be published",
@@ -738,7 +738,7 @@ impl ProofRequestActor {
                 sk_poly_sum: pending.sk_poly_sum,
                 es_poly_sum: pending.es_poly_sum,
                 signed_sk_decryption_proof: signed_sk,
-                signed_esm_decryption_proofs: signed_esms,
+                signed_e_sm_decryption_proofs: signed_esms,
                 external: false,
             },
             pending.ec,
@@ -826,7 +826,9 @@ impl ProofRequestActor {
         // Sign raw C6 proofs (for ShareVerification)
         let mut signed_proofs = Vec::with_capacity(proofs.len());
         for proof in proofs {
-            let Some(signed) = self.sign_proof(&e3_id, ProofType::T5ShareDecryption, proof) else {
+            let Some(signed) =
+                self.sign_proof(&e3_id, ProofType::C6ThresholdShareDecryption, proof)
+            else {
                 error!("Failed to sign C6 proof — DecryptionshareCreated will not be published");
                 return;
             };
@@ -1004,7 +1006,7 @@ impl ProofRequestActor {
         let mut signed_proofs = Vec::with_capacity(proofs.len());
         for proof in proofs {
             let Some(signed) =
-                self.sign_proof(&e3_id, ProofType::T6DecryptedSharesAggregation, proof)
+                self.sign_proof(&e3_id, ProofType::C7DecryptedSharesAggregation, proof)
             else {
                 error!("Failed to sign C7 proof — AggregationProofSigned will not be published");
                 return;