diff --git a/crypto.c b/crypto.c
index 3619f3c..fa37f5e 100644
--- a/crypto.c
+++ b/crypto.c
@@ -527,6 +527,29 @@ smc_sum (gcry_mpi_point_t out, gcry_mpi_point_t in[], uint16_t len)
 }
 
 
+/**
+ * smc_gen_keyshare creates the private additive keyshare and computes the
+ * public multiplicative key share
+ *
+ * @param[in,out] ad Pointer to the AuctionData struct to operate on
+ * @param[out] proof Pointer to where the proof of knowledge should be saved.
+ * Must be allocated memory with apropriate size for one proof struct.
+ */
+void
+smc_gen_keyshare (struct AuctionData *ad, struct proof_dl *proof)
+{
+	uint16_t i;
+
+	ad->y = calloc (ad->n, sizeof (*ad->y));
+	for (i = 0; i < ad->n; i++)
+		ad->y[0] = gcry_mpi_point_new (0);
+
+	ad->x = gcry_mpi_new (0);
+	ec_skey_create (ad->x);
+	smc_zkp_dl (ad->y[ad->i], ad->x, proof);
+}
+
+
 /**
  * smc_compute_pkey calculates the shared public key
  *
@@ -540,26 +563,6 @@ smc_compute_pkey (struct AuctionData *ad)
 }
 
 
-/**
- * smc_gen_keyshare creates the private additive keyshare and computes the
- * public multiplicative key share
- *
- * @param[in,out] ad Pointer to the AuctionData struct to operate on
- */
-void
-smc_gen_keyshare (struct AuctionData *ad)
-{
-	uint16_t i;
-
-	ad->y = calloc (ad->n, sizeof (*ad->y));
-	for (i = 0; i < ad->n; i++)
-		ad->y[0] = gcry_mpi_point_new (0);
-
-	ad->x = gcry_mpi_new (0);
-	ec_keypair_create (ad->y[ad->i], ad->x);
-}
-
-
 /**
  * smc_encrypt_bid \todo
  *
diff --git a/crypto.h b/crypto.h
index c6ddb36..d21a292 100644
--- a/crypto.h
+++ b/crypto.h
@@ -115,7 +115,7 @@ int smc_zkp_0og_check (const gcry_mpi_point_t y,
 
 /* --- Protocol implementation --- */
 
-void smc_gen_keyshare (struct AuctionData *ad);
+void smc_gen_keyshare (struct AuctionData *ad, struct proof_dl *proof);
 void smc_compute_pkey (struct AuctionData *ad);
 
 #endif /* ifndef _BRANDT_CRYPTO_H */