diff --git a/willow/proto/willow/BUILD b/willow/proto/willow/BUILD
index fae653c..ccb59b1 100644
--- a/willow/proto/willow/BUILD
+++ b/willow/proto/willow/BUILD
@@ -12,6 +12,12 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# TODO(itester): Consider hiding the micro_rpc targets from open source.
+# Same as in https://source.corp.google.com/piper///depot/google3/third_party/fcp/protos/confidentialcompute/BUILD
+
+load("//net/grpc:cc_grpc_library.bzl", "cc_grpc_library")
+load("//net/proto2/compiler/stubby/cc:cc_stubby_library.bzl", "cc_stubby_library")
+load("//security/oak/micro_rpc/codegen/build_defs:micro_rpc.bzl", "cc_micro_rpc_library")  # fcp:google-only(internal use only)
 load("@protobuf//bazel:cc_proto_library.bzl", "cc_proto_library")
 load("@protobuf//bazel:proto_library.bzl", "proto_library")
 load("@protobuf//rust:defs.bzl", "rust_proto_library")
@@ -42,6 +48,8 @@ rust_proto_library(
 proto_library(
     name = "decryptor_proto",
     srcs = ["decryptor.proto"],
+    has_services = True,
+    deps = ["//third_party/oak/proto/micro_rpc:options_proto"],
 )
 
 cc_proto_library(
@@ -49,6 +57,24 @@ cc_proto_library(
     deps = [":decryptor_proto"],
 )
 
+cc_stubby_library(
+    name = "decryptor_cc_stubby",
+    srcs = [":decryptor_proto"],
+    deps = [":decryptor_cc_proto"],
+)
+
+cc_grpc_library(
+    name = "decryptor_cc_grpc_proto",
+    srcs = [":decryptor_proto"],
+    deps = [":decryptor_cc_proto"],
+)
+
+cc_micro_rpc_library(
+    name = "decryptor_cc_micro_proto",
+    srcs = [":decryptor_proto"],
+    deps = [":decryptor_cc_proto"],
+)
+
 proto_library(
     name = "key_proto",
     srcs = ["key.proto"],
diff --git a/willow/proto/willow/decryptor.proto b/willow/proto/willow/decryptor.proto
index 3d674df..72f0225 100644
--- a/willow/proto/willow/decryptor.proto
+++ b/willow/proto/willow/decryptor.proto
@@ -16,8 +16,26 @@ syntax = "proto3";
 
 package secure_aggregation.willow;
 
+import "third_party/oak/proto/micro_rpc/options.proto";
+
 option java_multiple_files = true;
 
+// DecryptorService is the service that implements the Willow Decryptor.
+service DecryptorService {
+  // Generates a new AHE key pair and returns the public key.
+  rpc GenerateKey(GenerateKeyRequest) returns (GenerateKeyResponse) {
+    option deadline = 60.0;
+    option (.oak.micro_rpc.method_id) = 1;
+  }
+
+  // Decrypts the content of the given request using the keys maintained in the
+  // state.
+  rpc Decrypt(DecryptRequest) returns (DecryptResponse) {
+    option deadline = 60.0;
+    option (.oak.micro_rpc.method_id) = 2;
+  }
+}
+
 message GenerateKeyRequest {
   // The key ID to use for the generated key. If the key with the given ID
   // already exists, it will be returned instead.
@@ -72,3 +90,6 @@ message DecryptorResponse {
     Status error = 3;
   }
 }
+
+// Decryptor configuration - used to configure replicated Decryptor job.
+message DecryptorConfig {}