> For the complete documentation index, see [llms.txt](https://shinkalabs.gitbook.io/hub/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://shinkalabs.gitbook.io/hub/andromeda/security/zero-attestor.md). # Zero attestor Andromeda's recovery and policy flows have no off-chain component in the trust path for signature validity. Every signature an on-chain program acts on is verified by a Solana runtime precompile, in the same transaction. For the concept and the trade-offs, see [Zero attestor](/hub/andromeda/concepts/zero-attestor.md); for the mechanics, see [Precompile validation](/hub/andromeda/on-chain-programs/precompiles.md). ## The property There is no service, key, or oracle that says "this signature is valid, proceed" and is trusted by the program. The program re-checks the signature itself, via a precompile, and only continues if that check passed. ## Why it matters An attestor would be a single point of failure: compromise it and you can forge any approval. Andromeda avoids creating one. Where a limit comes from cryptography (a scheme has no runtime precompile), Andromeda simply does not support that scheme on-chain. Where a limit comes from transaction size (an unbounded quorum), Andromeda stages contributions in a PDA rather than introducing an attestor. See [Quorum via PDA staging](/hub/andromeda/on-chain-programs/quorum-staging.md). ## Concretely * A primary recovery requires the primary owner's signature, precompile-verified on-chain. * A quorum recovery requires M members' signatures, each precompile-verified on-chain, deduplicated by member slot. * A `passkey-step-up` action requires a WebAuthn assertion, validated on-chain with strict challenge matching. * An `fhe-gated` action requires a signed confidential decision whose signature is checked on-chain against the policy's authority allowlist, with a non-zero age window. In every case, a compromised Andromeda backend cannot fabricate the thing the program checks. ## The cost No on-chain support for sr25519, Ristretto, or pure Bitcoin Taproot. Substrate users enroll with Ed25519 or Secp256k1; Bitcoin users prove ownership via BIP-137 (Secp256k1). See [Known limitations](/hub/andromeda/reference/limitations.md). This is a deliberate trade: fewer primitives, no attestor. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://shinkalabs.gitbook.io/hub/andromeda/security/zero-attestor.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.