Work / Consumer Privacy
Byte-identical signing parity across iOS and Android SDKs
- Platform
- iOS app · iOS SDK · Android SDK
Byte-identical signing parity across iOS and Android SDKs
Consumer Privacy
Industry: Consumer Privacy
Platform: iOS app · iOS SDK · Android SDK
Stack: Swift · Kotlin · TrustWalletCore · ES256k · W3C VC · Merkle proofs
Description: Cross-platform credentials SDKs with byte-identical signing and selective-disclosure Merkle proofs.
The engineering constraint was hard correctness: a signature produced on one mobile platform must verify byte-for-byte on the other. Any divergence in the cryptographic layer surfaces months later as silent interop failure. The work required a shared C++ cryptographic core wrapped by two native bindings, canonicalized JSON-LD before hashing to keep Merkle roots stable across serializations, and a cross-platform test corpus that asserts identical signature output for identical inputs. Hardware-backed key material had to negotiate the lifecycle differences between iOS and Android secure-element APIs without leaking platform quirks upward.
We owned the iOS app, both SDKs, the signing parity work, the Merkle selective-disclosure layer, and the encrypted backup format. The client owned the W3C ecosystem positioning and the partner integrations.
Engagement: multi-year retainer · 2-engineer team across iOS and Android · 2022.
Engineering signal: byte-identical ES256k signatures across both SDKs verified against a shared test corpus; two interop regressions caught at dependency-upgrade time before shipping.