Attestor
The Attestor is the cryptographic heart of the KRNL Protocol. While executors run workflow logic, the attestor ensures that every step is secure, verifiable, and policy-compliant. It acts as the developer’s private guardian, responsible for attesting to the integrity of execution and safeguarding master secrets, without ever becoming a centralized point of trust.
Role in the Protocol
At a high level:
Executor = runs the workflow logic (open-source, community-audited).
Attestor = enforces trust boundaries and signs off on the results (developer-controlled, security-hardened).
Core Responsibilities
Cryptographic Signing
Generates execution signatures using ephemeral keys derived from a master secret.
Guarantees that every workflow run is uniquely bound to its execution context, preventing replay or forgery.
Signs both raw execution outputs and the network attestation hash, producing end-to-end verifiable proofs.
Network Monitoring
Acts as a transparent interceptor for all network traffic (HTTP, HTTPS, DNS).
Detects tampering, MITM attempts, or injection by monitoring every request and response.
Produces cryptographically sealed logs that provide forensic-grade auditability.
Secret Management
Safely holds the developer’s master key material.
Derives one-time-use ephemeral keys per execution, minimizing exposure.
Optionally integrates with external Remote Signers or hardware-based Trusted Execution Environments (TEEs) for heightened security.
Execution Environment Validation
Verifies that executors run in correct, reproducibly built sandbox environments (e.g., gVisor containers).
Enforces policies on which executors are authorized and under what conditions.
Provides an auditable chain of custody for every workflow step.
Attestation Data Structures
The attestor doesn’t just sign results, it builds a multi-layered proof system:
Request Attestation: Every outbound API call is logged with full method, endpoint, headers, payload, and a timestamp.
DNS Attestation: All DNS queries and responses are cryptographically recorded, ensuring transparency at the lowest layer.
Response Attestation: Each inbound response (status, headers, payload, TLS metadata) is bound to its request and signed.
Network Summary: A cryptographic digest of the entire execution session, aggregating request/response patterns into a compact verifiable proof.
Together, these structures transform the “black box” of off-chain execution into a glass box, anyone can independently verify exactly what happened, when, and under which conditions.
Security Model
Isolation: Attestors run in isolated gVisor environments, with optional TEE deployment for hardware-backed guarantees.
Ephemeral Keying: No key reuse, no persistent signing keys exposed; every run is cryptographically unique.
Developer Authority: dApp developers own their attestor, meaning only they define the policies, whitelists, and trust boundaries.
Auditability: The attestor’s signed outputs can be verified both on-chain (via standard signature recovery) and off-chain (via forensic inspection of attestation logs).
Why It Matters
Traditional oracles or middleware rely on trust in third-party operators. The attestor eliminates that dependency by giving developers full control over verification. This unlocks:
Regulatory-grade compliance – produce audit-ready reports of every API call and signature.
User confidence – end users can see verifiable evidence, not just promises.
Security resilience – even if an executor is compromised, the attestor prevents forged results from entering the workflow.
In short: Executors compute, attestors prove. This clear division of responsibility is what makes KRNL’s architecture uniquely trustworthy.
What's next?
VaultLast updated