From d61a34ac78a84240bc10ad0c10943274b4943567 Mon Sep 17 00:00:00 2001 From: SecAgg Team Date: Sun, 24 May 2026 23:12:16 -0700 Subject: [PATCH] No public description PiperOrigin-RevId: 920784388 --- willow/proto/willow/BUILD | 10 ++++++---- willow/proto/willow/decryptor.proto | 17 +++++++++++++++++ willow/proto/willow/key.proto | 9 +++++++++ 3 files changed, 32 insertions(+), 4 deletions(-) diff --git a/willow/proto/willow/BUILD b/willow/proto/willow/BUILD index f543f23..ec0214d 100644 --- a/willow/proto/willow/BUILD +++ b/willow/proto/willow/BUILD @@ -40,10 +40,6 @@ cc_proto_library( proto_library( name = "aggregation_config_proto", srcs = ["aggregation_config.proto"], - deps = [ - "//willow/proto/shell:shell_ciphertexts_proto", - "//willow/proto/zk:proofs_proto", - ], ) cc_proto_library( @@ -59,6 +55,9 @@ rust_proto_library( proto_library( name = "decryptor_proto", srcs = ["decryptor.proto"], + deps = [ + "@protobuf//:timestamp_proto", + ], ) cc_proto_library( @@ -69,6 +68,9 @@ cc_proto_library( proto_library( name = "key_proto", srcs = ["key.proto"], + deps = [ + "@protobuf//:timestamp_proto", + ], ) cc_proto_library( diff --git a/willow/proto/willow/decryptor.proto b/willow/proto/willow/decryptor.proto index ff70c34..8d8aaa4 100644 --- a/willow/proto/willow/decryptor.proto +++ b/willow/proto/willow/decryptor.proto @@ -16,6 +16,8 @@ syntax = "proto3"; package secure_aggregation.willow; +import "google/protobuf/timestamp.proto"; + option java_multiple_files = true; option java_outer_classname = "DecryptorProto"; @@ -23,11 +25,23 @@ message GenerateKeyRequest { // The key ID to use for the generated key. If the key with the given ID // already exists, it will be returned instead. bytes key_id = 1; + + // A permanent session_tag that is shared across all keys mapped to the same + // logical recurring task. To avoid race condition in a potentially costly, + // key generation operation, only one key per session tag can be generated at + // a time. + string session_tag = 2; + + // The timestamp that indicates when the key was produced. This is used to + // distinguish keys in the same series. + google.protobuf.Timestamp timestamp = 3; } message GenerateKeyResponse { // The serialized bytes of the public key. bytes public_key = 1; + // The key_id of the generated key. + bytes key_id = 2; } message DecryptRequest { @@ -37,6 +51,9 @@ message DecryptRequest { bytes public_key = 2 [deprecated = true]; // The key ID of the public key that was used in the GenerateKey call. bytes key_id = 3; + // Session tag associated with the key. Even though this isn't strictly + // required, it is good include this for diagnostic purposes. + string session_tag = 4; } message DecryptResponse { diff --git a/willow/proto/willow/key.proto b/willow/proto/willow/key.proto index 7b24f08..101125c 100644 --- a/willow/proto/willow/key.proto +++ b/willow/proto/willow/key.proto @@ -16,6 +16,8 @@ syntax = "proto3"; package secure_aggregation.willow; +import "google/protobuf/timestamp.proto"; + option java_multiple_files = true; option java_outer_classname = "KeyProto"; @@ -29,4 +31,11 @@ message Key { // The raw key material. This is the serialized bytes of the key material // returned by the key generation service. bytes key_material = 2; + + // The timestamp that indicates when the key was produced. This is used to + // distinguish keys in the same series. + google.protobuf.Timestamp timestamp = 3; + + // We might consider the original session_tage for diagnostic purposes. + string session_tag = 4; }