zama-ai
diff --git a/‎Cargo.lock‎
Lines changed: 0 additions & 33 deletions b/‎Cargo.lock‎
Lines changed: 0 additions & 33 deletions
diff --git a/‎Cargo.toml‎
Lines changed: 0 additions & 1 deletion b/‎Cargo.toml‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎core/service/src/client/tests/threshold/custodian_backup_tests.rs‎
Lines changed: 2 additions & 1 deletion b/‎core/service/src/client/tests/threshold/custodian_backup_tests.rs‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎core/service/src/cryptography/mod.rs‎
Lines changed: 4 additions & 13 deletions b/‎core/service/src/cryptography/mod.rs‎
Lines changed: 4 additions & 13 deletions
diff --git a/‎core/service/src/engine/centralized/central_kms.rs‎
Lines changed: 8 additions & 3 deletions b/‎core/service/src/engine/centralized/central_kms.rs‎
Lines changed: 8 additions & 3 deletions
diff --git a/‎core/service/src/engine/centralized/service/decryption.rs‎
Lines changed: 2 additions & 2 deletions b/‎core/service/src/engine/centralized/service/decryption.rs‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎core/service/src/engine/threshold/service/user_decryptor.rs‎
Lines changed: 20 additions & 2 deletions b/‎core/service/src/engine/threshold/service/user_decryptor.rs‎
Lines changed: 20 additions & 2 deletions
diff --git a/‎core/service/src/engine/validation_non_wasm.rs‎
Lines changed: 6 additions & 4 deletions b/‎core/service/src/engine/validation_non_wasm.rs‎
Lines changed: 6 additions & 4 deletions
@@ -134,7 +134,6 @@ const_format = "=0.2.34"  # Compile-time string formatting - HIGH RISK: Individu
 console_error_panic_hook = { version = "=0.1.7" }  # WASM panic hook for better error messages - LOW RISK: rustwasm team
 criterion = { version = "=0.5.1", features = ["async_tokio"] }  # Benchmarking framework - MEDIUM RISK: Individual maintainers (bheisler, lemmih, rust-bus), despite 120M+ downloads, test-only dependency
 crypto-bigint = { version = "=0.6.1", features = ["serde", "rand_core", "extra-sizes"] }  # Big integer operations for crypto - LOW RISK: RustCrypto org
-ctor = "=0.4.2"  # Constructor functions - HIGH RISK: Individual maintainer (mmastrac), test-only dependency
 dashmap = "=6.1.0"  # Concurrent hashmap - HIGH RISK: Individual maintainer (xacrimon), despite 156M+ downloads
 derive_more = { version = "=2.0.1", features = ["display"] }  # Derive macros for common traits - HIGH RISK: Individual maintainer (JelteF), despite 180M+ downloads
 enum_dispatch = "=0.3.13"  # Enum dispatch optimization - HIGH RISK: Individual maintainer (Anton Lazarev), despite 29M+ downloads
 
@@ -72,7 +72,8 @@ async fn auto_update_backup(amount_custodians: usize, threshold: u32) {
     ))
     .unwrap();
 
-    let test_path = None;
+    let temp_dir = tempfile::tempdir().unwrap();
+    let test_path = Some(temp_dir.path());
     let dkg_param: WrappedDKGParams = FheParameter::Test.into();
     tokio::time::sleep(tokio::time::Duration::from_millis(TIME_TO_SLEEP_MS)).await;
     let (kms_servers, kms_clients, mut internal_client) = threshold_handles_custodian_backup(
 
@@ -11,8 +11,6 @@ pub mod encryption;
 #[allow(deprecated)]
 pub mod signcryption;
 
-use crate::cryptography::encryption::UnifiedPublicEncKey;
-use crate::cryptography::internal_crypto_types::LegacySerialization;
 #[cfg(any(feature = "non-wasm", test))]
 use crate::cryptography::signatures::PrivateSigKey;
 #[cfg(any(feature = "non-wasm", test))]
@@ -28,17 +26,17 @@ pub(crate) fn compute_external_user_decrypt_signature(
     server_sk: &PrivateSigKey,
     payload: &UserDecryptionResponsePayload,
     eip712_domain: &Eip712Domain,
-    user_pk: &UnifiedPublicEncKey,
+    user_pk_buf: &[u8],
     extra_data: &[u8],
 ) -> anyhow::Result<Vec<u8>> {
-    let message = compute_user_decrypt_message(payload, user_pk, extra_data)?;
+    let message = compute_user_decrypt_message(payload, user_pk_buf, extra_data)?;
     tracing::debug!("Computing signature for UserDecryptResponseVerification");
     compute_eip712_signature(server_sk, &message, eip712_domain)
 }
 
 pub(crate) fn compute_user_decrypt_message(
     payload: &UserDecryptionResponsePayload,
-    user_pk: &UnifiedPublicEncKey,
+    user_pk_buf: &[u8],
     extra_data: &[u8],
 ) -> anyhow::Result<UserDecryptResponseVerification> {
     // convert external_handles back to 256-bit bytes32 to be signed
@@ -62,21 +60,14 @@ pub(crate) fn compute_user_decrypt_message(
 
     let user_decrypted_share_buf = bc2wrap::serialize(payload)?;
 
-    // LEGACY CODE: we used to only support ML-KEM1024 encoded with bincode
-    // the solidity structure to sign with EIP-712
-    // note that the JS client must also use the same encoding to verify the result
-    let user_pk_buf = user_pk
-        .to_legacy_bytes()
-        .map_err(|e| anyhow::anyhow!("serialization error: {e}"))?;
-
     tracing::info!(
         "Computed UserDecryptResponseVerification for handles {:?} and extra data \"{}\".",
         external_handles_bytes32,
         hex::encode(extra_data)
     );
 
     Ok(UserDecryptResponseVerification {
-        publicKey: user_pk_buf.into(),
+        publicKey: user_pk_buf.to_vec().into(),
         ctHandles: external_handles_bytes32,
         userDecryptedShare: user_decrypted_share_buf.into(),
         extraData: extra_data.to_vec().into(),
 
@@ -8,6 +8,7 @@ use crate::cryptography::attestation::SecurityModuleProxy;
 use crate::cryptography::compute_external_user_decrypt_signature;
 use crate::cryptography::decompression;
 use crate::cryptography::encryption::UnifiedPublicEncKey;
+use crate::cryptography::internal_crypto_types::LegacySerialization;
 use crate::cryptography::signatures::{PrivateSigKey, PublicSigKey, Signature};
 use crate::cryptography::signcryption::SigncryptFHEPlaintext;
 use crate::cryptography::signcryption::UnifiedSigncryptionKey;
@@ -506,7 +507,7 @@ pub async fn async_user_decrypt<
     rng: &mut (impl CryptoRng + RngCore),
     typed_ciphertexts: &[TypedCiphertext],
     req_digest: &[u8],
-    client_enc_key: &UnifiedPublicEncKey,
+    client_enc_key_bytes: &[u8],
     client_address: &alloy_primitives::Address,
     server_verf_key: Vec<u8>,
     domain: &alloy_sol_types::Eip712Domain,
@@ -518,6 +519,10 @@ pub async fn async_user_decrypt<
         metrics_names::{OP_USER_DECRYPT_INNER, TAG_TFHE_TYPE},
     };
 
+    // LEGACY CODE: see `from_legacy_bytes` for docs
+    let client_enc_key = UnifiedPublicEncKey::from_legacy_bytes(client_enc_key_bytes)
+        .map_err(|e| anyhow::anyhow!("Error deserializing UnifiedPublicEncKey: {e}"))?;
+
     let mut all_signcrypted_cts = vec![];
     for typed_ciphertext in typed_ciphertexts {
         let mut inner_timer = metrics::METRICS
@@ -538,7 +543,7 @@ pub async fn async_user_decrypt<
             fhe_type,
             ct_format,
             req_digest,
-            client_enc_key,
+            &client_enc_key,
             client_address.as_ref(),
         )?;
         all_signcrypted_cts.push(TypedSigncryptedCiphertext {
@@ -562,7 +567,7 @@ pub async fn async_user_decrypt<
         sig_key,
         &payload,
         domain,
-        client_enc_key,
+        client_enc_key_bytes,
         extra_data,
     )?;
 
 
@@ -47,7 +47,7 @@ pub async fn user_decrypt_impl<
     let (
         typed_ciphertexts,
         link,
-        client_enc_key,
+        client_enc_key_bytes,
         client_address,
         request_id,
         key_id,
@@ -152,7 +152,7 @@ pub async fn user_decrypt_impl<
                 &mut rng,
                 &typed_ciphertexts,
                 &link,
-                &client_enc_key,
+                &client_enc_key_bytes,
                 &client_address,
                 server_verf_key,
                 &domain,
 
@@ -52,6 +52,7 @@ use crate::{
     anyhow_error_and_log,
     cryptography::{
         compute_external_user_decrypt_signature,
+        encryption::UnifiedPublicEncKey,
         error::CryptographyError,
         internal_crypto_types::LegacySerialization,
         signcryption::{SigncryptFHEPlaintext, UnifiedSigncryptionKeyOwned},
@@ -169,6 +170,12 @@ impl<
     ///
     /// This function does not perform user decryption in a background thread.
     /// The return type should be [UserDecryptCallValues] except the final item in the tuple
+    ///
+    /// Note that the argument `client_enc_key_bytes` must be the original
+    /// bytes that was provided by the user, it should not go through any re-serialization.
+    /// The same information is in `signcryption_key.receiver_enc_key` but in there it is
+    /// already serialized, that's why the original bytes representation is still needed
+    /// for signing later on.
     #[allow(clippy::too_many_arguments)]
     async fn inner_user_decrypt(
         req_id: &RequestId,
@@ -179,6 +186,7 @@ impl<
         typed_ciphertexts: Vec<TypedCiphertext>,
         link: Vec<u8>,
         signcryption_key: Arc<UnifiedSigncryptionKeyOwned>,
+        client_enc_key_bytes_orig: Vec<u8>,
         fhe_keys: OwnedRwLockReadGuard<
             HashMap<(RequestId, EpochId), ThresholdFheKeys>,
             ThresholdFheKeys,
@@ -384,7 +392,7 @@ impl<
             &signcryption_key.signing_key,
             &payload,
             domain,
-            &signcryption_key.receiver_enc_key,
+            &client_enc_key_bytes_orig,
             &extra_data,
         )?;
         Ok((payload, external_signature, extra_data))
@@ -456,7 +464,7 @@ impl<
         let (
             typed_ciphertexts,
             link,
-            client_enc_key,
+            client_enc_key_bytes_orig, // the original bytes for the encryption key
             client_address,
             req_id,
             key_id,
@@ -506,6 +514,15 @@ impl<
             )
         })?)
         .clone();
+        let client_enc_key = UnifiedPublicEncKey::from_legacy_bytes(&client_enc_key_bytes_orig)
+            .map_err(|e| {
+                MetricedError::new(
+                    OP_USER_DECRYPT_REQUEST,
+                    Some(req_id),
+                    anyhow::anyhow!("Error deserializing UnifiedPublicEncKey: {e}"),
+                    tonic::Code::Internal,
+                )
+            })?;
         let signcryption_key = Arc::new(UnifiedSigncryptionKeyOwned::new(
             sk,
             client_enc_key,
@@ -543,6 +560,7 @@ impl<
                 typed_ciphertexts,
                 link,
                 signcryption_key,
+                client_enc_key_bytes_orig,
                 fhe_keys_rlock,
                 dec_mode,
                 &domain,
 
@@ -186,7 +186,7 @@ pub(crate) fn validate_user_decrypt_req(
     (
         Vec<TypedCiphertext>,
         Vec<u8>,
-        UnifiedPublicEncKey,
+        Vec<u8>,
         alloy_primitives::Address,
         RequestId,
         KeyId,
@@ -214,7 +214,7 @@ fn unpack_user_decrypt_req(
     (
         Vec<TypedCiphertext>,
         Vec<u8>,
-        UnifiedPublicEncKey,
+        Vec<u8>,
         alloy_primitives::Address,
         RequestId,
         KeyId,
@@ -261,15 +261,17 @@ fn unpack_user_decrypt_req(
     };
 
     let (link, _) = req.compute_link_checked()?;
-    let client_enc_key = UnifiedPublicEncKey::from_legacy_bytes(&req.enc_key).map_err(|e| {
+    // Deserialize to validate the enc_key bytes, but don't return the typed key —
+    // callers use raw bytes for EIP-712 and deserialize at point-of-use for crypto.
+    let _client_enc_key = UnifiedPublicEncKey::from_legacy_bytes(&req.enc_key).map_err(|e| {
         Into::<Box<dyn std::error::Error + Send + Sync>>::into(anyhow::anyhow!(
             "Error deserializing UnifiedPublicEncKey from UserDecryptionRequest: {e}"
         ))
     })?;
     Ok((
         req.typed_ciphertexts.clone(),
         link,
-        client_enc_key,
+        req.enc_key.clone(),
         client_verf_key,
         request_id,
         key_id,