Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.cosmos.network/llms.txt

Use this file to discover all available pages before exploring further.

The IBC Attestor is an enterprise-ready attestation service for the attestation light client. It is designed to secure cross-chain messages across Cosmos, EVM, Solana, Hyperledger Besu, and L2 rollup environments through quorum-signed attestations of finalized chain state. Attestors are used with the attestation light client because verifying consensus from chains such as EVM networks directly on chain can be prohibitively expensive. The attestation model trades some trust assumptions for a more operationally practical and gas-efficient way to verify cross-chain packets. The attestor is designed for organizations that require:
  1. Configurable trust models, with multi-attestor deployments and m-of-n quorum verification.
  2. Enterprise-grade key security, with support for local keystores or remote signing through HSM, KMS, or dedicated signer infrastructure.
  3. Flexible deployment, with support for cloud, Kubernetes, or self-hosted environments.
  4. Multi-network interoperability, through chain adapters and deployment patterns spanning Cosmos, EVM, Solana, Besu, and L2-based environments.
  5. Production observability, including gRPC, health checks, Prometheus metrics, structured logging, and tracing.

Attestors secure messages between any two networks

The Enterprise attestor offering emphasizes three advantages for cross-chain operations:
  1. Define your trust model, by choosing which actors sign attestations and what signature threshold is required to validate messages. Teams can build quorum policies around their own validators, trusted third parties, Cosmos Labs, or additional trusted actors.
  2. Ensure key security, with built-in support for remote signing, HSM and KMS-style integrations, and controlled key management outside the attestor process.
  3. Deploy your way, in AWS, Azure, GCP, or self-hosted environments, with the flexibility to run your own infrastructure, choose fully managed operations, or self-host with complete control.

Why teams use attestors

  • Attestation light client support, attestors provide the off-chain signed attestations consumed by the attestation light client.
  • Verified quorum model, multiple attestors can be combined so the light client accepts messages only after the configured m-of-n signature threshold is met.
  • Finalized state verification, attestors reject requests above the configured finalized height and sign only after validating the requested state.
  • Packet and state attestations, attestors can sign both block state and packet commitment statements for cross-chain packet delivery.
  • Multi-chain adapters, the service supports EVM, Cosmos, and Solana through pluggable adapters, with enterprise positioning across Besu and L2-connected environments.
  • Stateless request handling, attestors publish attestations on demand through a gRPC API.

Security model

Within the attestation model, trust is defined explicitly. Each attestor signs finalized chain state with a secp256k1 key, and the on-chain light client verifies that a sufficient number of registered attestors signed the same statement. This lets teams choose who participates in the trust model, including their own infrastructure, validators, trusted third parties, Cosmos Labs, or additional trusted actors, and set thresholds that align with internal security and compliance requirements.

Architecture

The attestor runs as a standalone service with four main layers: a gRPC API server, attestation logic, a signing backend, and a chain adapter. The gRPC service answers attestation requests, the adapter retrieves and validates chain state, and the signer returns a recoverable ECDSA signature that the attestation light client can verify on chain. For a full system view, see the Deployment Overview, the Attestation Light Client, and the Cosmos ↔ EVM Interoperability Tutorial.

Source Code

The source code is available in the cosmos/ibc-attestor repository.

Available Documentation

Availability

The IBC Attestor repository is published under a Source Available Evaluation License. Production or commercial use requires an Enterprise License from Cosmos Labs. See the license file for details. Please contact Cosmos Labs for enterprise licensing.