Developer Hub

Generate proof. Store proof. Verify proof.

A simple, deterministic model you can understand in minutes: commit to an event to generate a signed proof, keep it anywhere, and let anyone verify it independently.

Quickstart

Install the SDK and generate your first proof in a few lines.

install
$ npm install @pfp/sdk
first-proof.ts
import { PFP } from '@pfp/sdk';

const pfp = new PFP({ issuer: 'org:acme/treasury' });

// commit to the event — raw data stays private
const proof = await pfp.generate({
  type: 'proof_of_approval',
  commitment: pfp.hash(event),
});

const result = await pfp.verify(proof);
console.log(result.verified); // true

Generate → Store → Verify

01

Generate

Commit to an event and produce a signed proof artifact. Your sensitive data never leaves your control — only its hash is committed.

02

Store

Keep the compact artifact wherever you like — your database, object storage, or alongside the event record. Proofs are small and portable.

03

Verify

Anyone can verify the artifact independently — integrity, signature, authority, and timing — with no access to your systems.

Verification guide

Verification is purely mathematical and requires no access to the issuer’s systems. A verifier confirms four things:

  • IntegrityRecompute the data commitment and compare it to the artifact.
  • AuthenticityValidate the digital signature against the issuer’s public key.
  • AuthorityConfirm the signing key is authorized and active.
  • TimingConfirm the timestamp is anchored and consistent.
verify.ts
const result = await pfp.verify(proof);

// result.verified -> boolean
// result.checks   -> { integrity, signature, authority, timing }
if (!result.verified) {
  throw new Error('Proof failed verification');
}

Architecture

PFP is deliberately minimal. Your systems emit proofs at the moment events occur; the proofs are small, portable artifacts; verifiers check them anywhere. There is no shared database of secrets and no central authority in the verification path.

Issuer

Your system, holding a signing key bound to an authorized identity.

Proof artifact

A compact, signed record committing to an event — safe to share.

Verifier

Anyone with the artifact and the issuer’s public key.

Learn the concepts in depth in the cryptographic verification and proof artifact articles.

API reference

Method
Description
Returns
pfp.generate(input)
Create a signed proof artifact from an event commitment.
Proof
pfp.verify(proof)
Independently verify a proof artifact. Returns the verdict and per-check results.
VerifyResult
pfp.hash(data)
Produce a cryptographic commitment (SHA-256) for event data.
string
pfp.get(proofId)
Retrieve a previously generated proof artifact by id.
Proof

Security model

Data stays private

Proofs contain commitments (hashes), never raw data. Sensitive information never enters the artifact.

Tamper-evident

Any change to the data or artifact breaks verification, so alteration is always detectable.

No trusted third party

Verification is purely mathematical. A verifier needs only the proof and the issuer’s public key.

Authorized issuance

Proofs are signed by keys bound to authorized issuers, so authorship and authority are provable.

Try it end-to-end

Generate a proof and independently verify it in the live demo.