The Certifier Service (token/services/certifier) provides specialized capabilities for generating and managing token certifications. Certifications are cryptographic proofs of the validity or ownership of a token that can be verified by third parties, often off-chain.
The Certifier Service is responsible for:
The Certifier Service is particularly critical for privacy-preserving drivers like zkatdlog when graph hiding is required.
graph TD
User[Application / Verifier] --> CertService[Certifier Service]
CertService --> Driver[Token Driver]
CertService --> Storage[Storage Service]
subgraph "Certification Workflow"
Fetch[Fetch Token State]
Gen[Generate Cryptographic Proof]
Sign[Sign Certification]
end
CertService --> Fetch
Fetch --> Gen
Gen --> Sign
Certifications allow for “lightweight” verification of token existence. For example, a user can present a certification to a third party (like an exchange or a merchant) to prove that the token exists on the ledger, without that third party having to query the DLT directly.
In some system configurations, specific nodes are designated as Certifiers. These nodes are trusted to inspect the ledger and issue certifications. The Certifier Service provides the necessary Views and APIs for these nodes to receive certification requests, verify the requested token existence in their local TokenDB, and respond with a signed certification.
The service leverages the Driver API to generate the actual cryptographic proof. Different drivers may implement certifications in different ways (e.g., a simple signature over the token ID for cleartext tokens, or a complex ZKP for privacy-preserving ones).