← Back home · Compare
nklave vs Dirk
Attestant · Distributed-validator-oriented remote signer
Dirk is the third-party remote signer most commonly compared to Web3Signer. It targets a distributed-signing model with native account hierarchies and gRPC. nklave targets the simpler "one validator client, one signer instance, hardened trust boundary" deployment that most non-DVT operators actually run. Different architectures, different audiences — and worth comparing carefully so you pick the right one.
| Feature | nklave | Dirk | Best fit |
|---|---|---|---|
| Protocol | Web3Signer HTTP (REST) | gRPC | nklave |
| Distribution model | Single-instance or HA via shared Postgres | Native distributed signing with thresholds | Dirk |
| Slashing protection | EIP-3076 in/out · RocksDB or Postgres | Built-in, account-scoped | Comparable |
| Policy model | Ordered chain of typed policies; first refusal wins | Per-account rules with allow/refuse logic | Comparable |
| Audit log | Append-only with Merkle checkpoints, operator-signed | Structured logs | nklave |
| Multi-chain | Ethereum + Cosmos/CometBFT | Ethereum-focused | nklave |
| Validator-client integration | Drop-in via standard remote-signer URL | Requires Vouch or compatible client | nklave |
| License | MIT | Apache 2.0 | Comparable |
| Implementation language | Rust | Go | Comparable |
Pick nklave when
- ▸You run a single-operator validator fleet rather than a distributed-validator (DVT) setup
- ▸You want Web3Signer protocol compatibility, not a gRPC-only signer
- ▸You want a published threat model that explicitly names what is and is not in scope
- ▸You want the audit log to be tamper-evident and CLI-verifiable, not just structured logs
Pick Dirk when
- ▸You are building or operating a DVT validator with threshold signatures across multiple parties
- ▸You want native account hierarchies and wallet-style organization of validators
- ▸You are already invested in the Attestant operational toolchain (Vouch, Ethdo)
Still deciding?
Both are valid choices for a remote signer. If you want to see what nklave looks like in your stack, run the import against a testnet validator's slashing-protection export and watch the audit log fill.