A Solana account signed a native Bitcoin transaction. It confirmed.
Every bridge is a contract holding custody, and the largest one is always the target. Distin holds nothing. A quorum of operators signs natively for the destination chain, the group secret is never reconstructed, and the only thing you trust is a program you can read and a signature you can verify.
Bridge
vs signature.
The difference is not a feature list. It is whether a contract holds your asset in custody, or whether your account simply signs for itself on the chain that needs it.
Five chains.
One key.
Each destination receives a signature on its own curve, from the same Solana account. Two schemes, branched per VM family. Nothing is wrapped.
Four moves.
One signature.
The signing rounds run off-chain. Solana holds the request, the deadline, and the staked-weight threshold, then records the finished aggregate. The chain coordinates the ceremony; it never recomputes the cryptography.
Post the intent
A user writes one 32-byte signing intent to the Solana program: the destination VM, the message hash, a stake-weight threshold, and a slot deadline. The request account is the whole ask.
create_signing_requestOperators sign, apart
Bonded operators run the real multi-round ceremony off-chain. FROST over Ed25519, GG20 over secp256k1. Each holds one Shamir share; the group key is never assembled in any single place.
kobe · FROST / GG20 roundsStake answers for them
Each operator posts a participation receipt carrying its staked weight. The chain does no curve math; it counts distinct operators and staked weight against the threshold, inside the deadline.
submit_partial_signatureRecord, then broadcast
The coordinator combines the partials off-chain and posts the finished signature back. The program records it once the threshold is met and emits it; a relayer verifies and broadcasts on the destination chain.
aggregate_and_emit