Skip to main content

OpenAC SDK overview

Experimental — 0.x API

The SDK is at version 0.1.0. The public surface, serialization format, and circuit shapes may change between any 0.x releases. Production deployments should pin an exact version and re-test on upgrade. The cryptography has not been audited externally — see Security – audits.

The OpenAC SDK (openac-sdk 0.1.0) is a TypeScript library that loads a WASM Spartan2 backend, optionally uses a Circom witness calculator for witness generation, and exposes a small prover / verifier API for SD-JWT–style credentials.

Who it is for

Browser or Node services that already obtain an SD-JWT from an issuer and need client-side or server-side proof generation with P-256 issuer keys and device-bound wallets (cnf.jwk).

Architecture

  • WasmBridge (wasm-bridge.ts) wraps the Spartan2 wasm-bindgen module and exposes four high-level calls:
    • precomputeFromWitness(preparePk, witness) — proves the Prepare circuit (WASM export: precompute_from_witness).
    • precomputeShowFromWitness(showPk, witness) — proves the Show circuit (precompute_show_from_witness).
    • present(preparePk, prepareInstance, prepareWitness, showPk, showInstance, showWitness) — reblinds both proofs with shared randomness and returns the final bundle. Reblinding is not a separate WASM export; it happens inside present.
    • verify(prepareProof, prepareVk, prepareInstance, showProof, showVk, showInstance) — verifies both halves plus the linking commitment check.
  • WitnessCalculator: runs Circom-generated .wasm for witness bytes when assetsDir / artifacts are configured.
  • Prover / Verifier: orchestration and serialization (prover.ts, verifier.ts).

Threat model (summary)

Align with the paper’s adversarial paragraphs: malicious prover / semi-honest verifier at the ZK layer, trusted issuer at issuance for the baseline story; operational tracking risks when verifiers contact issuers are separate (Security — threat model, Paper — security).

Data flow (happy path)

  1. OpenAC.init({ assetsDir }) — WASM + witness assets.
  2. loadKeys / loadKeysFromUrl — proving + verifying keys for a VcSize.
  3. precompute — parse JWT + disclosures, build Prepare witness, produce prepareProof + witness (cacheable).
  4. present — sign verifier nonce with device key, build Show witness, prove + reblind Show; returns bundle for verify.
  5. verify — checks both proofs + instances; reads expressionResult from public outputs.