Signatory v1.3.0 — Seamless tz4/BLS migration, Seoul‑ready, Cloud TEE (beta)

Project Updates
1

We’re excited to release Signatory v1.3.0, built to help Tezos bakers move smoothly and securely to tz4/BLS for Protocol Seoul. This release also brings Cloud TEE backends (beta) and keeps Signatory aligned with the Tezos X north star.

Why tz4/BLS in Seoul matters

  • Aggregated attestations using BLS cut daily attestation data from ~900 MB to ~14 MB, reducing bandwidth and speeding up sync.
  • Lower overhead opens room for higher throughput and faster blocks while preserving security and decentralization.
  • Native multisig via tz4 improves secure, collaborative operations for teams and institutions.

How Signatory helps bakers migrate to tz4 securely

  • Provision Cloud TEE backend: BLS keys are supported on AWS Nitro Enclaves or Google Confidential Space.
  • tz4 key generation & import: signatory-cli generate supports tz4; simplified import flows.
  • Proof of possession (PoP): API support to reveal BLS keys with PoP as required by Seoul.
  • Versioned signing & updated ops: Handles era‑specific formats and the rename to preattestation/attestation.
  • Aggregation‑ready: Full support for aggregated attestations in Seoul.
  • DAL‑ready: Add attestation_with_dal to your allow: block to participate in DAL attestations.
  • Watermarks & safety: New backends (Firestore, DynamoDB) for HA deployments.

Cloud TEE backends (beta)

  • AWS Nitro Enclaves: Keys operate inside isolated enclaves; sealing via AWS KMS.
  • Google Confidential Space: Hardware‑based memory encryption and integrity.

These options advance cloud security for baking while keeping keys protected.

Tezos X alignment

Signatory v1.3.0 helps optimize L1 consensus with BLS aggregation—freeing headroom for high‑throughput rollups and data availability in line with the Tezos X vision of a modular, evolvable, cloud‑like backend.

Migration checklist (quick start)

  • Upgrade Signatory to v1.3.0.
  • Provision Cloud TEE backend (Nitro Enclaves or Confidential Space) for BLS keys.
  • Generate/import a tz4 key.
  • Rotate your consensus key to tz4.
  • Update policy to include attestation_with_dal if running a DAL node.
  • Verify aggregated attestations and monitor metrics.

Additional enhancements

  • New Watermark Backends: Google Firestore (GCP), improved DynamoDB (AWS)
  • CLI: New signatory-cli generate and better imports
  • API: BLS PoP endpoint and versioned key signing
  • Docs: Expanded guides for TEE and Seoul migration

Notes

  • No breaking changes — backward compatible
  • Deprecation warnings for endorsement/preendorsement
  • TEE backends are beta; feedback welcome

Links:

3 Likes