Research preview — APIs may change. GitHub
Astral Location Services
Astral Location Services is the hosted service that performs location proof verification and geospatial computation. It runs inside a Trusted Execution Environment (TEE), which is what makes the results verifiable rather than merely signed.What the Service Provides
Two endpoints, one TEE:- Verify — Submit a location proof, get back a verified location proof: the original proof, a credibility vector, and a signed EAS attestation
- Compute — Submit location data with geographic features and a specified spatial operation, get a signed result representing the computed relationship between those features
Verifiability Properties
The TEE provides four properties that together make computation verifiable:| Property | What it guarantees |
|---|---|
| Input verification | Attestation signatures are verified at the TEE boundary. Inputs are validated before computation begins. |
| Deterministic computation | Same inputs always produce the same result. PostGIS version is pinned, precision is fixed at centimeter level, and no persistent state exists between requests. |
| Signed output | Results are signed by a key that only exists inside the TEE. The key cannot be extracted by the operator. |
| TEE attestation | EigenCompute provides hardware-generated attestation that specific code executed on specific inputs inside the enclave. |
Privacy Properties
The TEE provides meaningful privacy guarantees. Inputs and outputs are encrypted in transit and decrypted only inside the enclave — the infrastructure operator never sees raw location data.- Raw input coordinates are processed inside the enclave and never exposed to the operator
- Exact geometries (polygon boundaries, line paths) exist only during computation and are discarded after signing
- The operator — whoever runs the Astral service — cannot access the plaintext data at any point
contains answer of true tells you the point is inside the polygon), but this is inherent to the computation, not a limitation of the privacy model.
EigenCompute TEE stack
The service runs on EigenCompute, part of the EigenCloud ecosystem: PostGIS runs inside the TEE container, not as an external service — no external dependencies means the entire execution environment is attested. The GEOS library under PostGIS is the same C++ geometry engine used by QGIS, GDAL, and most professional geospatial software.The Signing Key
The signing key is generated and provisioned inside the TEE. It cannot be extracted by the operator, even with physical access to the machine. All signed results are produced by this key, and downstream consumers (smart contracts, applications, agents) can verify that a result was signed by the Astral service by checking the signature against the known public key.For key rotation and management details in smart contract integrations, see the SDK: EAS module.
Stateless Model
Each request brings all required inputs. There is no persistent state between requests. This ensures determinism — the same request always produces the same result, regardless of when it’s submitted or what other requests have been processed.Future Directions
The current TEE-based approach provides verifiable computation today. Future enhancements include:- AVS consensus — Multiple operators independently verify computations
- ZK proofs — Cryptographic proof of correct execution without trusted hardware
- Decentralized signers — Multi-party result signing
Next: Verify
The verification endpoint in detail
See also:
- API Reference — full endpoint documentation