Generate proof. Store proof. Verify proof.
A simple, deterministic model you can understand in minutes: commit to an event to generate a signed proof, keep it anywhere, and let anyone verify it independently.
Quickstart
Install the SDK and generate your first proof in a few lines.
$ npm install @pfp/sdkimport { PFP } from '@pfp/sdk'; const pfp = new PFP({ issuer: 'org:acme/treasury' }); // commit to the event — raw data stays private const proof = await pfp.generate({ type: 'proof_of_approval', commitment: pfp.hash(event), }); const result = await pfp.verify(proof); console.log(result.verified); // true
Generate → Store → Verify
Generate
Commit to an event and produce a signed proof artifact. Your sensitive data never leaves your control — only its hash is committed.
Store
Keep the compact artifact wherever you like — your database, object storage, or alongside the event record. Proofs are small and portable.
Verify
Anyone can verify the artifact independently — integrity, signature, authority, and timing — with no access to your systems.
Verification guide
Verification is purely mathematical and requires no access to the issuer’s systems. A verifier confirms four things:
- IntegrityRecompute the data commitment and compare it to the artifact.
- AuthenticityValidate the digital signature against the issuer’s public key.
- AuthorityConfirm the signing key is authorized and active.
- TimingConfirm the timestamp is anchored and consistent.
const result = await pfp.verify(proof); // result.verified -> boolean // result.checks -> { integrity, signature, authority, timing } if (!result.verified) { throw new Error('Proof failed verification'); }
Architecture
PFP is deliberately minimal. Your systems emit proofs at the moment events occur; the proofs are small, portable artifacts; verifiers check them anywhere. There is no shared database of secrets and no central authority in the verification path.
Issuer
Your system, holding a signing key bound to an authorized identity.
Proof artifact
A compact, signed record committing to an event — safe to share.
Verifier
Anyone with the artifact and the issuer’s public key.
Learn the concepts in depth in the cryptographic verification and proof artifact articles.
API reference
Security model
Data stays private
Proofs contain commitments (hashes), never raw data. Sensitive information never enters the artifact.
Tamper-evident
Any change to the data or artifact breaks verification, so alteration is always detectable.
No trusted third party
Verification is purely mathematical. A verifier needs only the proof and the issuer’s public key.
Authorized issuance
Proofs are signed by keys bound to authorized issuers, so authorship and authority are provable.
Try it end-to-end
Generate a proof and independently verify it in the live demo.