chore: refactor ccc before ZK verification [skip-line-limit]

[hmzakhalid]

Refactors the share verification pipeline from a 2-phase (ECDSA → ZK) to a 3-phase (ECDSA → commitment consistency check → ZK) flow.

Summary by CodeRabbit

• Documentation

  • Updated verification pipeline and failure-flow docs to show a new pre-ZK commitment consistency phase and its integration with accusation handling.

• New Features

  • Added cross-circuit commitment consistency checks (request/complete/violation events) that gate ZK verification and filter parties before heavy proofs.
  • Consistency-check failures are now recorded as a dishonesty source and trigger the accusation/quorum flow.

• Tests

  • Integration test expectations updated to include the new consistency check events.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
crisp	Ready	Preview, Comment	Mar 27, 2026 6:03pm
enclave-docs	Ready	Preview, Comment	Mar 27, 2026 6:03pm

[coderabbitai]

📝 Walkthrough

Walkthrough

ShareVerificationActor now inserts a pre-ZK commitment-consistency phase: after ECDSA recovery it publishes per-party proof data for a CommitmentConsistencyChecker, receives inconsistent party IDs, merges them into the dishonest set, and only dispatches ZK verification for consistency-passing parties; violations are emitted to the accusation flow.

Changes

Cohort / File(s)	Summary
Documentation agent/flow-trace/04_DKG_AND_COMPUTATION.md, agent/flow-trace/00_INDEX.md, agent/flow-trace/05_FAILURE_REFUND_SLASHING.md	Updated flow traces to include the commitment-consistency request/complete steps and routed consistency-violation into the accusation path.
Event Types crates/events/src/enclave_event/commitment_consistency.rs, crates/events/src/enclave_event/mod.rs	Added PartyProofData, CommitmentConsistencyCheckRequested, CommitmentConsistencyCheckComplete, and CommitmentConsistencyViolation; re-exported module and extended EnclaveEventData and e3-id extraction.
Commitment Consistency Actor crates/zk-prover/src/actors/commitment_consistency_checker.rs	New/updated actor subscribes to CommitmentConsistencyCheckRequested and ProofVerificationPassed, caches proof/public-signal data (adds data_hash), evaluates CommitmentLinks, emits CommitmentConsistencyViolation on mismatches, and replies with CommitmentConsistencyCheckComplete listing inconsistent parties.
Share Verification Actor crates/zk-prover/src/actors/share_verification.rs	Added PendingConsistencyCheck + pending_consistency map; after ECDSA success builds PartyProofData, publishes consistency request, defers ZK dispatch until completion, merges inconsistent parties into dishonest set, filters proofs, then dispatches ZK compute requests; added handler/subscription for completion events and failure fallback.
Accusation Manager crates/zk-prover/src/actors/accusation_manager.rs	Subscribed to CommitmentConsistencyViolation, added handler to cache failures and call shared initiate_accusation(...); refactored accusation creation/dedup/broadcast into initiate_accusation.
Tests crates/tests/tests/integration.rs	Adjusted integration test expected event sequence/counts to include CommitmentConsistencyCheckRequested and CommitmentConsistencyCheckComplete.

Sequence Diagram

sequenceDiagram
    participant SVA as ShareVerificationActor
    participant CCC as CommitmentConsistencyChecker
    participant ZK as ZK Prover
    participant AM as AccusationManager

    rect rgba(200,200,255,0.5)
    SVA->>SVA: Phase 1 — ECDSA recovery\ncache addresses + public signals
    end

    rect rgba(200,255,200,0.5)
    SVA->>CCC: Publish CommitmentConsistencyCheckRequested\n(party_proofs, correlation_id)
    CCC->>CCC: Evaluate CommitmentLinks\ncheck same-/cross-party consistency
    alt mismatch detected
      CCC->>AM: Emit CommitmentConsistencyViolation\n(accused_party, address, proof_type, data_hash)
    end
    CCC->>SVA: CommitmentConsistencyCheckComplete\n{ inconsistent_parties }
    end

    rect rgba(255,200,200,0.5)
    SVA->>SVA: Mark inconsistent parties dishonest\nfilter proofs for ZK
    SVA->>ZK: Dispatch ComputeRequest (ZK verify)\nfor remaining parties
    ZK->>SVA: ComputeResponse (verification result)
    SVA->>AM: Publish ShareVerificationComplete / failures
    end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

• feat: add cross-circuit commitment consistency checker #1485: Implements cross-circuit commitment-consistency checking and related actor/event integration.
• refactor: proof integration cleanup #1429: Modifies ShareVerificationActor orchestration and proof handling overlapping with these changes.
• feat: finalisation proofs [skip-line-limit] #1377: Related multi-stage verification flow and event wiring changes intersecting this work.

Suggested labels

ciphernode

Suggested reviewers

• ctrlc03
• cedoor

Poem

🐇 I hopped through commits, nose twitching with glee,
I checked every proof, "Are you true? Are you me?"
Some hops failed the test,
I sorted the rest—
Now ZK sings with the honest, and merrily we see.

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title 'chore: refactor ccc before ZK verification' is partially related to the changeset but uses an undefined acronym (ccc) and is somewhat vague about the actual scope and significance of the changes.	Consider expanding the title to use the full term 'commitment consistency check' instead of the acronym 'ccc', or provide additional clarity about the architectural change (e.g., 'refactor share verification to add commitment consistency check phase').

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/refactor-ccc-flow

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

crates/tests/tests/integration.rs (1)

917-917: Replace hardcoded proof-pass count with the computed variable.

Line 917 still hardcodes + 9 even though c6_proof_count is already derived above. Using the variable avoids silent drift if threshold_n or num_votes_per_voter changes.

Suggested patch

-    let expected_count = 1 + 3 + 1 + 2 + 2 + 9 + 1 + 2 + 1 + 2 + 1 + c6_fold_events + 1;
+    let expected_count =
+        1 + 3 + 1 + 2 + 2 + c6_proof_count + 1 + 2 + 1 + 2 + 1 + c6_fold_events + 1;

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@crates/tests/tests/integration.rs` at line 917, The expected_count
calculation currently hardcodes "+ 9" instead of using the computed
c6_proof_count, so replace the literal with the variable: update the expression
that assigns expected_count to use c6_proof_count (which was derived from
threshold_n and num_votes_per_voter) in place of the hardcoded 9; ensure the
final sum uses the c6_proof_count identifier so future changes to threshold_n or
num_votes_per_voter are reflected automatically.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@crates/tests/tests/integration.rs`:
- Line 917: The expected_count calculation currently hardcodes "+ 9" instead of
using the computed c6_proof_count, so replace the literal with the variable:
update the expression that assigns expected_count to use c6_proof_count (which
was derived from threshold_n and num_votes_per_voter) in place of the hardcoded
9; ensure the final sum uses the c6_proof_count identifier so future changes to
threshold_n or num_votes_per_voter are reflected automatically.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: a585fa73-0769-4d2e-9f5c-cdc6f6f836ff

📥 Commits

Reviewing files that changed from the base of the PR and between 2cb8ab3 and 61b268e.

📒 Files selected for processing (1)

• crates/tests/tests/integration.rs

[ctrlc03]

Thanks

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

crates/zk-prover/src/actors/commitment_consistency_checker.rs (1)

147-199: ⚠️ Potential issue | 🔴 Critical

Cross-party links cannot blindly blame the source side.

For C1 -> C5, crates/zk-prover/src/actors/commitment_links/c1_to_c5.rs only asks whether a given source commitment appears in the target proof. If the target C5 is the bad artifact, both of these helpers still accuse or exclude the source party. Cross-party mismatches need symmetric attribution or an inconclusive result before they feed slashing or pre-ZK filtering.

Also applies to: 215-247

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@crates/zk-prover/src/actors/commitment_consistency_checker.rs` around lines
147 - 199, check_cross_party_link currently always blames the source party when
a cross-party consistency check fails; change it to determine attribution
symmetrically using the CommitmentLink helpers (e.g., for C1->C5 use
link.extract_source_values and link.check_consistency results to decide whether
the source or target is at fault or the result is inconclusive) rather than
unconditionally calling emit_violation on the source. Update
check_cross_party_link to: for each source/target pair, compute whether the
target contains the expected source commitment and whether the source value is
uniquely missing or the target contains an invalid value; if only targets are
missing/invalid call emit_violation for the target (using tgt.party_id,
tgt.address, tgt_type, tgt.data_hash), if only sources are at fault call
emit_violation for the source, and if the evidence is ambiguous do not emit a
violation but record/log an inconclusive finding (preserving link.name(),
self.e3_id in logs). Use CommitmentLink::extract_source_values and
CommitmentLink::check_consistency to drive the logic and avoid changing external
APIs.

♻️ Duplicate comments (1)

crates/zk-prover/src/actors/commitment_consistency_checker.rs (1)

358-399: ⚠️ Potential issue | 🟠 Major

Pre-ZK mismatches still never reach the accusation flow.

This handler only returns inconsistent_parties. The handle_consistency_check_complete path in crates/zk-prover/src/actors/share_verification.rs then merges those parties into the dishonest set and filters them out before ZK dispatch, so they never emit ProofVerificationPassed and emit_violation() is never reached for them. Today the new gate excludes them locally, but it does not trigger fault attribution or slashing.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@crates/zk-prover/src/actors/commitment_consistency_checker.rs` around lines
358 - 399, The consistency checker currently publishes
CommitmentConsistencyCheckComplete with inconsistent_parties but the handler
simply merges them into the dishonest set and filters them out, so no accusation
is emitted; update the handler handle_consistency_check_complete in
share_verification.rs to explicitly process
CommitmentConsistencyCheckComplete.inconsistent_parties by (1) invoking
emit_violation (or the existing accusation/slashing routine) for each
inconsistent party id, and (2) publishing any ProofVerificationFailed/accusation
events for those parties before or instead of filtering them out, while keeping
the normal ProofVerificationPassed flow for non-inconsistent parties; ensure you
reference CommitmentConsistencyCheckComplete, handle_consistency_check_complete,
emit_violation, and ProofVerificationPassed to locate and update the logic.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@crates/zk-prover/src/actors/commitment_consistency_checker.rs`:
- Around line 314-325: The code overwrites earlier proofs because verified is
keyed by (address, proof_type) and stores a single VerifiedProofData; change
verified to map to a Vec<VerifiedProofData> (or otherwise accumulate multiple
entries) so every proof instance from party.proofs is retained; update the
insertion site where self.verified.insert((address, proof_type),
VerifiedProofData { ... }) to push into the vector for that key, and modify
check_links (and any code paths referenced at the other occurrence around the
340-355 region) to iterate over all VerifiedProofData entries for a given
(address, proof_type) when performing consistency checks; mirror the design used
by PendingConsistencyCheck.party_public_signals in share_verification.rs to
ensure multiple C3a/C3b/C4b proofs are preserved and validated.

---

Outside diff comments:
In `@crates/zk-prover/src/actors/commitment_consistency_checker.rs`:
- Around line 147-199: check_cross_party_link currently always blames the source
party when a cross-party consistency check fails; change it to determine
attribution symmetrically using the CommitmentLink helpers (e.g., for C1->C5 use
link.extract_source_values and link.check_consistency results to decide whether
the source or target is at fault or the result is inconclusive) rather than
unconditionally calling emit_violation on the source. Update
check_cross_party_link to: for each source/target pair, compute whether the
target contains the expected source commitment and whether the source value is
uniquely missing or the target contains an invalid value; if only targets are
missing/invalid call emit_violation for the target (using tgt.party_id,
tgt.address, tgt_type, tgt.data_hash), if only sources are at fault call
emit_violation for the source, and if the evidence is ambiguous do not emit a
violation but record/log an inconclusive finding (preserving link.name(),
self.e3_id in logs). Use CommitmentLink::extract_source_values and
CommitmentLink::check_consistency to drive the logic and avoid changing external
APIs.

---

Duplicate comments:
In `@crates/zk-prover/src/actors/commitment_consistency_checker.rs`:
- Around line 358-399: The consistency checker currently publishes
CommitmentConsistencyCheckComplete with inconsistent_parties but the handler
simply merges them into the dishonest set and filters them out, so no accusation
is emitted; update the handler handle_consistency_check_complete in
share_verification.rs to explicitly process
CommitmentConsistencyCheckComplete.inconsistent_parties by (1) invoking
emit_violation (or the existing accusation/slashing routine) for each
inconsistent party id, and (2) publishing any ProofVerificationFailed/accusation
events for those parties before or instead of filtering them out, while keeping
the normal ProofVerificationPassed flow for non-inconsistent parties; ensure you
reference CommitmentConsistencyCheckComplete, handle_consistency_check_complete,
emit_violation, and ProofVerificationPassed to locate and update the logic.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: c20ac4a4-7497-4654-8a8f-1ef2e28e1447

📥 Commits

Reviewing files that changed from the base of the PR and between 61b268e and c253f38.

📒 Files selected for processing (7)

• agent/flow-trace/00_INDEX.md
• agent/flow-trace/04_DKG_AND_COMPUTATION.md
• agent/flow-trace/05_FAILURE_REFUND_SLASHING.md
• crates/events/src/enclave_event/commitment_consistency.rs
• crates/events/src/enclave_event/mod.rs
• crates/zk-prover/src/actors/accusation_manager.rs
• crates/zk-prover/src/actors/commitment_consistency_checker.rs

✅ Files skipped from review due to trivial changes (2)

• agent/flow-trace/00_INDEX.md
• agent/flow-trace/05_FAILURE_REFUND_SLASHING.md

🚧 Files skipped from review as they are similar to previous changes (2)

• crates/events/src/enclave_event/mod.rs
• crates/events/src/enclave_event/commitment_consistency.rs

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@crates/zk-prover/src/actors/commitment_consistency_checker.rs`:
- Around line 279-291: The loop that collects pre-ZK mismatches (for link in
&self.links { for m in self.find_mismatches(...) { ...
inconsistent_parties.insert(m.party_id); } }) currently only logs and excludes
parties via inconsistent_parties but does not emit any
CommitmentConsistencyViolation (or a dedicated pre-ZK failure event) for the
accusation pipeline; modify this block to also publish a violation event for
each pre-ZK mismatch (using the same mechanism the post-ZK path uses to create
CommitmentConsistencyViolation) or create and publish a new
PreZkCommitmentFailure event referencing self.e3_id, link.name(), m.party_id and
a data_hash (use m.data_hash if available or a sentinel [0u8;32] and document
it), so the accusation manager receives these pre-ZK detections while still
keeping the inconsistent_parties insertion and existing warning log.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 026046a7-5f71-4a05-b24f-583cf6dbb28b

📥 Commits

Reviewing files that changed from the base of the PR and between c253f38 and 799fa92.

📒 Files selected for processing (1)

• crates/zk-prover/src/actors/commitment_consistency_checker.rs