search

Cryptography Client

The Shielder SDK uses a modular cryptographic architecture where the main SDK depends on the shielder-sdk-crypto interface, which is implemented by various platform-specific packages. This design allows the same SDK to work across different environments while providing flexibility in how cryptographic operations are performed.

hashtag
Architecture Overview

All cryptographic implementations in the Shielder ecosystem implement the CryptoClient interface defined in @cardinal-cryptography/shielder-sdk-crypto. This interface provides:

  • Field Element Representation: Scalar class for BN256 conversions to/from vanilla JS's types.

  • Cryptographic Types Definition: an interface for ZKP circuits and hashing backends.

The main shielder-sdk package accepts any implementation of this interface, making it environment-agnostic.

hashtag
Available Implementations

hashtag
1. @cardinal-cryptography/shielder-sdk-crypto-wasm

The full-featured WebAssembly implementation with local cryptographic operations.

Key Features:

  • Complete Local Implementation: All zero-knowledge proof generation happens locally in the browser, making it the most secure option.

  • Multi-threading Support: Can utilize Web Workers for faster proof generation

  • Production Ready: Fully tested and recommended for production deployments

circle-exclamation

Important Requirements:

SharedArrayBuffer Support Required: The multi-threaded WASM implementation requires SharedArrayBuffer to be enabled, which needs Cross-Origin Isolation headers.

For Vite projects, add this configuration:

// vite.config.ts
import { defineConfig } from "vite";

function crossOriginIsolationMiddleware(_, res, next) {
  res.setHeader("Cross-Origin-Opener-Policy", "same-origin");
  res.setHeader("Cross-Origin-Embedder-Policy", "require-corp");
  next();
}

const setCors = () => ({
  name: "configure-server",
  configureServer: (server) => {
    server.middlewares.use(crossOriginIsolationMiddleware);
  },
  configurePreviewServer: (server) => {
    server.middlewares.use(crossOriginIsolationMiddleware);
  }
});

export default defineConfig({
  plugins: [
    // ... your other plugins
    setCors()
  ],
  // ... rest of your config
});

For production deployments, ensure your web server sends these headers:

Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Embedder-Policy: require-corp

Setup:

Trade-offs:

  • Pros: Maximum security, no external dependencies, production-ready, fastest proof generation

  • Cons: Large bundle size (~10-50MB), complex setup, requires downloading circuit parameters, multi-threading requires SharedArrayBuffer browser feature to be enabled.

Use Cases:

  • Production applications

  • Applications requiring maximum security

  • Environments where bundle size is not a primary concern

  • Applications that need offline cryptographic operations

hashtag
2. @cardinal-cryptography/shielder-sdk-crypto-wasm-light

A lightweight WebAssembly implementation that uses Trusted Execution Environment (TEE) for remote proof generation.

Key Features:

  • Remote Proving + TEE Security: Zero-knowledge proofs are generated in AWS Nitro Enclaves with attestation verification, ensuring data is securely encrypted and not accessible to remote host operator.

  • Small Bundle Size: No circuit parameters or proving keys in the client

  • Simple Setup: Minimal configuration required

  • Alpha Stage: Currently in development, not recommended for production

Setup:

Trade-offs:

  • Pros: Very small bundle size, simple setup, fast initial load

  • Cons: Alpha stage, requires network connectivity, depends on external TEE service, potential privacy implications

Use Cases:

  • Development and testing environments

  • Applications with strict bundle size requirements

  • Rapid prototyping

hashtag
3. @cardinal-cryptography/shielder-sdk-crypto-mobile (React Native)

React Native implementation for mobile applications.

Key Features:

  • React Native Support: Native mobile app integration

  • Native Performance: Leverages device-native cryptographic operations

Setup:

Use Cases:

  • React Native mobile applications

hashtag
Choosing the Right Implementation

hashtag
For Production Web Applications:

Use @cardinal-cryptography/shielder-sdk-crypto-wasm

  • Maximum security with local proof generation

  • No external service dependencies

  • Battle-tested and production-ready

hashtag
For Development/Testing:

Use @cardinal-cryptography/shielder-sdk-crypto-wasm-light

  • Quick setup and small bundle size

  • Good for rapid prototyping

  • Remember: Alpha stage, not for production

hashtag
For Mobile Applications:

Use @cardinal-cryptography/shielder-sdk-crypto-mobile

  • Native React Native integration

  • Device-optimized performance

hashtag
Integration with Shielder SDK

All implementations work seamlessly with the main Shielder SDK:

PreviousDeploymentsNextUseful links

Last updated