No Co-signing Required
Backend signs messages offline. Users submit transactions independently.
Introduction
On-chain signature verification for Solana without backend co-signing
Range enables on-chain verification of backend-signed messages without requiring transaction co-signers.
The Problem
Section titled “The Problem”Traditional on-chain verification requires backends to co-sign every transaction:
- Backend service must be online for every user transaction
- Increased complexity in transaction construction
- Security risks if backend signs malicious transactions
- Tight coupling between frontend and backend systems
The Solution
Section titled “The Solution”Range decouples verification from transaction signing. Instead of co-signing transactions, your backend signs a message containing verification data. Users include this signed message in their transaction, and the on-chain program verifies it.
Key Features
Section titled “Key Features”Time-bound Signatures
Configurable time windows prevent replay attacks.
Multi-tenant
Each admin creates their own Settings PDA with custom configuration.
CPI Support
Call Range from other programs or trigger callbacks after verification.
Security Properties
Section titled “Security Properties”| Property | How It’s Achieved |
|---|---|
| Authenticity | Only the backend (holding range_signer private key) can create valid signatures |
| Integrity | Any modification to the message invalidates the Ed25519 signature |
| Freshness | Time window validation prevents replay attacks |
| Binding | Pubkey in message must match the transaction signer |