Skip to main content
Research Preview — APIs may change. GitHub

What is verified

When Astral produces a signed result, that signature makes specific claims. This page spells out exactly what is covered.

Verifiability properties

PropertyHow it’s achieved
Input integrityInput signatures verified at TEE boundary before processing
Execution integrityTEE ensures code runs as deployed, can’t be modified
Output authenticitySigning key held inside TEE, can’t be extracted
DeterminismStateless model + fixed precision = same inputs produce same outputs

What the signature covers

A signed result from Astral proves three things:
  1. The computation ran inside the TEE. EigenCompute provides hardware attestation that the expected code is executing in the attested environment.
  2. The inputs were hashed and recorded. Every signed result includes inputRefs — hashes of the inputs used. You can verify which inputs went into the computation.
  3. The output was produced by that computation. The signing key exists only inside the TEE. If the signature is valid, the output came from the attested code running on the referenced inputs.

Input references (inputRefs)

Every signed result includes an array of inputRefs — deterministic references to the inputs used in the computation. These let downstream consumers verify which inputs were used:
  • For geographic features referenced by UID, the inputRef is the UID itself
  • For raw GeoJSON inputs, the inputRef is a hash of the geometry
This means you can check not just that a computation was performed, but what data it operated on.

Computation reproducibility

Determinism is what makes signed results meaningful. If someone else runs the same computation on the same inputs, they should get the same answer. Astral achieves this through:
  • Centimeter precision rounding before signing — eliminates floating-point variance
  • Pinned PostGIS version in the container — no algorithm changes between builds
  • Stateless execution — no accumulated state that could affect results

The signing key

The service holds a signing key inside the TEE:
  • Key is generated within the TEE or securely provisioned
  • Cannot be extracted by the operator
  • All results are signed with this key
  • Downstream consumers verify that results came from the known Astral signer
// In a resolver contract
require(attestation.attester == ASTRAL_SIGNER, "Not from Astral");

Next: What you are trusting

Honest accounting of current assumptions