Skip to main content

Anonymous credentials for SD-JWT, with a TypeScript SDK and transparent Spartan2 proofs.

OpenAC is the open implementation of the zkID paper from PSE / Ethereum Foundation. Two-phase (Prepare / Show) ZK proofs over P-256 SD-JWTs, targeting EUDI ARF compatibility.

Get startedRead the paper

OpenAC SDK

TypeScript API for precompute (Prepare) and present (Show), WASM proving, and verifier-side checks.

SDK docs →

Generalized predicates

Postfix policies over disclosed claims: comparisons, booleans, and claim-to-claim relations in Circom.

Predicate docs →

Revocation research

Design space, constraints, and references for a privacy-preserving revocation channel. Not yet implemented in this repository.

Revocation docs →

Show-phase presentation (SDK)

After one-time precompute on the credential, each verifier challenge produces a fresh presentation proof. Pattern from the bundled SDK README (same types as the live package).

import { OpenAC, PredicateOp } from "openac-sdk";

const openac = await OpenAC.init({ assetsDir: "./assets" });
const keys = await openac.loadKeysFromUrl("https://cdn.example/keys", "1k");

const precomputed = await openac.precompute({
  jwt: sdJwtToken,
  disclosures: ["WyJzYWx0...", "..."],
  issuerPublicKey: { kty: "EC", crv: "P-256", x: "...", y: "..." },
  keys,
});

const proof = await openac.present({
  precomputed,
  verifierNonce: "challenge-123",
  devicePrivateKey: "0xabcdef...",
  keys,
  showInputOptions: {
    normalizedClaimValues: [890615n],
    predicates: [{ claimRef: 0, op: PredicateOp.GE, compareValue: 18n }],
  },
});
Standards engagement: ETSI TS 119 476-2 (contribution context), EUDI ARF, ICAO 9303 (ePassport) — see References.