> For the complete documentation index, see [llms.txt](https://shinkalabs.gitbook.io/hub/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://shinkalabs.gitbook.io/hub/andromeda/concepts/zero-attestor.md). # Zero attestor "Zero attestor" is the security stance behind Andromeda's recovery and policy flows: **no signature is trusted because Andromeda says so.** Every signature an on-chain program acts on is verified by the Solana runtime itself, using a precompile, inside the same transaction. ## What an attestor would be In many designs, an off-chain service inspects a signature and then tells the chain "this is valid, proceed", usually by signing an attestation the program trusts. That makes the service a single point of failure: compromise it, and you can forge any approval. Andromeda does not do that. When a recovery action or a policy action runs, the transaction includes a precompile instruction that re-checks the user's signature against the message and the expected public key. The Quasar program only proceeds if that check passed. Andromeda's role is limited to assembling the transaction and paying the gas. ## What this buys you * A compromised Andromeda backend can: choose when to submit, batch things, see request metadata, and (for sponsored flows) decide whether to pay the gas. * A compromised Andromeda backend cannot: forge a primary owner's signature, forge a quorum member's signature, satisfy a policy that requires a signature it does not have, or move a dWallet's authority without the on-chain rule allowing it. See [Threat model](/hub/andromeda/security/threat-model.md) for the full table. ## The cost: fewer schemes on-chain Runtime precompiles exist for Ed25519, Secp256k1 and Secp256r1, plus enough primitives to validate a full WebAuthn assertion. They do not exist for sr25519, Ristretto, or pure Bitcoin Taproot signatures. Rather than bridge those with an attestor (which would reintroduce the single point of failure), Andromeda simply does not support them on-chain. Users on Substrate enroll recovery owners with Ed25519 or Secp256k1, both of which Substrate supports natively; the same applies to Bitcoin via BIP-137 message signing for discovery and Secp256k1 on-chain. This is a deliberate trade: less surface, no attestor. When a limit comes from transaction size rather than cryptography (for example, an unbounded quorum), Andromeda uses staging in a PDA instead of an attestor. See [Quorum via PDA staging](/hub/andromeda/on-chain-programs/quorum-staging.md). ## WebAuthn on-chain A full WebAuthn assertion (with `clientDataJSON` and authenticator data) is large. It fits in a transaction for quorum members, where it can be carried inline, so WebAuthn is available as a quorum-member scheme. For the primary owner slot, a passkey is used in its compact raw-P-256 form (Secp256r1). See [Precompile validation](/hub/andromeda/on-chain-programs/precompiles.md). --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://shinkalabs.gitbook.io/hub/andromeda/concepts/zero-attestor.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.