Show phase

The Show relation binds a verifier nonce, proves device key ownership (signature over that nonce), and evaluates generalized predicates over normalized claim values, while linking to the Prepare commitment interface (Paper — Show / linking).

In code: Rust show …; SDK present (OpenAC.present).

Re-randomization and unlinkability

The Rust CLI exposes prepare reblind / show reblind as separate subcommands after the corresponding prove calls. The SDK takes a different path: there is no separate reblind WASM export; instead, the present WASM call (wasm-bridge.ts) takes both (prepareInstance, prepareWitness) and (showInstance, showWitness) and returns the already-reblinded prepareProof, prepareInstance, showProof, showInstance bundle. Fresh blinds per presentation reduce fixed-transcript linkability when verifiers collude — formalized in the paper's unlinkability paragraph (Paper — security).

Challenge binding

export function signDeviceNonce(nonce: string, privateKey: EcdsaPrivateKey): string {
  const privateKeyBytes =
    typeof privateKey === "string"
      ? hexToBytes(privateKey)
      : privateKey;

  const messageHash = sha256(new TextEncoder().encode(nonce));
  const signature = p256.sign(messageHash, privateKeyBytes);

  return bytesToBase64url(signature.toCompactRawBytes());
}

The Show builder verifies this signature off-chain before assembling circuit inputs, failing with INVALID_SIGNATURE if the nonce does not match the device key (buildShowCircuitInputs). This is a local prover check to fail fast on a mis-constructed witness; the verifier-side guarantee comes from the in-circuit ECDSA check (show.circom), not from the wallet's local pre-verification.

Predicate + logic surface

export const PredicateOp = {
  LE: 0,
  GE: 1,
  EQ: 2,
} as const;

export const LogicToken = {
  REF: 0,
  AND: 1,
  OR: 2,
  NOT: 3,
} as const;

These codes match eval-predicate.circom (see comment in source). Postfix expression entries are { type: LogicToken.*, value: predicateIndex }.

`PresentRequest`

Key fields (types.ts): precomputed, verifierNonce, devicePrivateKey, keys, optional showParams, showInputOptions.

`DEFAULT_SHOW_PARAMS`

Values exported from types.ts:

Field	Default	Meaning
`nClaims`	`2`	Slots in `claimValues` addressable by `claimRef`.
`maxPredicates`	`2`	Maximum number of active predicate tuples.
`maxLogicTokens`	`8`	Capacity of the postfix logic-token buffer.
`valueBits`	`64`	Bit width used by `LessEqThan` in `EvalPredicate`.

Raising any of these requires recompiling Show with matching Show(nClaims, maxPredicates, maxLogicTokens, valueBits) template parameters; see Writing predicates.

Version

Defaults track SDK 0.1.0.

Re-randomization and unlinkability​

Challenge binding​

Predicate + logic surface​

PresentRequest​

DEFAULT_SHOW_PARAMS​

Version​