Attesta
Attesta Kit is a passkey-first, policy-based infrastructure SDK for building secure smart accounts and payment flows on Arbitrum. It replaces seed phrases with WebAuthn passkeys, enforces on-chain exe
視頻
描述
Attesta Kit is a passkey-first, policy-based infrastructure SDK for building secure smart accounts, payments, and attestations across the Arbitrum ecosystem. It is designed to eliminate seed phrases entirely while giving developers fine-grained control over how accounts are accessed, authorized, and recovered.
Instead of relying on private keys or custodial signers, Attesta Kit uses WebAuthn passkeys for user authentication. These passkeys are backed by hardware-secure devices and verified using standard cryptography, enabling passwordless, phishing-resistant access without exposing secret material to applications or servers.
At the core of Attesta Kit is a policy execution engine. Every account action is evaluated against explicit, programmable policies that define who can execute an action, what can be executed, under what conditions, and within which limits. Policies can express spending caps, time windows, device requirements, delegation rules, and multi-party approvals—turning smart accounts into controllable, auditable systems rather than blind signers.
Attesta Kit also introduces offline settlement as a first-class primitive. Users or merchants can authorize transactions while offline or in low-connectivity environments, with those authorizations later submitted and settled on-chain. This makes the system suitable for real-world payment flows, mobile applications, and emerging markets where continuous connectivity cannot be assumed.
Recovery is handled without centralized custodians or seed phrases. Attesta Kit supports non-custodial recovery flows, where encrypted recovery data and policies can be stored using decentralized storage such as IPFS and Filecoin, allowing accounts to be restored without trusting a single service provider.
The SDK is built natively for Arbitrum, supporting Arbitrum One, Arbitrum Nova, Stylus (Rust smart contracts), and Orbit chains. This ensures Attesta Kit can be used across public mainnets, high-throughput environments, Rust-based execution, and custom application-specific rollups.
By combining passkeys, policy-based execution, offline settlement, and decentralized recovery, Attesta Kit provides a foundation for building smart accounts that are secure, flexible, and practical for everyday use—without sacrificing user experience or decentralization.
黑客松進展
During the hackathon, Attesta Kit progressed from concept to a working, multi-network infrastructure prototype. We designed and implemented a passkey-first authentication flow using WebAuthn, enabling users to authenticate and authorize actions without seed phrases or traditional private keys. This included implementing P-256 signature verification and replay protection to ensure secure and verifiable execution. A policy-based execution engine was built to control how smart accounts perform actions. Policies were defined to enforce spending limits, execution conditions, and permission rules, allowing account behavior to be explicitly constrained and audited rather than relying on blind signing. We implemented offline settlement support, allowing transactions to be authorized without immediate on-chain access and later submitted for settlement. This demonstrated the feasibility of passkey-based payments and approvals in low-connectivity and mobile-first environments. Non-custodial recovery mechanisms were also designed and integrated. Recovery data and policies are encrypted and structured for decentralized storage, with support planned for IPFS and Filecoin to avoid reliance on centralized recovery services. On the infrastructure side, Attesta Kit was deployed and tested across the Arbitrum stack, including Arbitrum One, Arbitrum Nova, Stylus, and Orbit, validating cross-environment compatibility and execution consistency. By the end of the hackathon, Attesta Kit had evolved into a functional SDK with working cryptographic verification, policy enforcement, offline authorization flows, and multi-network support—laying a strong foundation for further development and real-world adoption.
技術堆疊
籌資狀態
not yet fundraised but we hope to find any investors to help us scale the app