Introducing Client-Side Signing: 0ms latency for developers optimizing for speed

To support teams looking to optimize for speed, we’re introducing client-side signing. This comes on the heels of our multi-region rollout, which has already reduced global latency to industry-leading standards for our highly-secure infrastructure.

With client-side signing, transaction signatures are generated directly on the user’s device (vs within secure enclaves) This removes network roundtrips and enables near-instant execution, allowing developers to achieve effectively zero signing latency and keep performance fully under their control.

While client-side signing offers an ultra-fast experience, it also isn’t as secure as Turnkey’s enclave-based signing.

At Turnkey, our focus has always been on giving developers the tools to build extremely secure, verifiable, and high-performance onchain applications. But we also recognize that not every application has those same requirements.

A consumer-facing meme-coin trading app, for example, may accept higher risk in exchange for a fast, gamified experience, while institutional platforms managing significant assets require stricter controls and more conservative security models.

For use cases where instantaneous signing is required, client-side signing provides an additional option, giving developers control over when speed is critical, and security is not the chief but only one of many concerns.

Speed vs. security: The tradeoff with client-side signing

While client-side signing offers unmatched speed, it comes with tradeoffs.

By generating signatures directly on user devices, client-side signing removes network latency but also shifts more responsibility to the application and the end user. As a result, this approach is best suited for use cases where performance is critical and stronger infrastructure-level security controls are not required.

Unlike Turnkey’s managed, enclave-based signing, client-side signing does not execute inside a hardware-isolated environment. This means there is no trusted runtime enforcing signing policies, producing audit logs, or providing cryptographic proof that the expected code and configuration were used.

For this reason, we still recommend our enclave-based signing for most applications, which now benefits from multi-region performance improvements. This traditional signing flow delivers sub-100ms latency while providing strong security guarantees and full verifiability.

Providing developers the flexibility to choose

Client-side signing is about giving developers a choice. You can decide when speed matters and when security should take priority:

• Use client-side signing for workflows where speed is critical, and you’re comfortable managing local signing securely.
• Use enclave-based signing when you need hardware-isolated security, verifiability, and auditability — still at lightning-fast sub-100ms speeds.

Even when using client-side signing, Turnkey provides clear guidance and support to help teams secure their applications as much as possible. This helps developers apply best practices for managing keys and signing operations on user devices, while acknowledging the tradeoffs inherent to this approach.

Balancing performance and protection

Turnkey’s platform lets you compose the right signing environment for each workflow, giving developers full control over the balance between latency, security, and verifiability.

Client-side signing isn’t for every workflow, but for applications that demand maximum responsiveness. It opens up new possibilities, and Turnkey will support developers to use it safely.

For more information, see our documentation on client-side signing, and  contact our team to get started.

‍