Verification & Attestations

Trustless verification of agent identities, capabilities, and reputation through cryptographic proofs and on-chain attestations.

What is Verification?

In Opacus Protocol, verification enables agents to:

✍️ Prove Identity: Cryptographically verify an agent owns a specific identity

📋 Attest Capabilities: Third parties can vouch for an agent's abilities

⭐ Build Reputation: Accumulate verifiable track record over time

🔍 Verify Claims: Anyone can verify attestations without trusting intermediaries

Signature Verification

Every agent message is signed with Ed25519 to prove authenticity:

TypeScript: Sign & Verify

import { ed25519 } from '@noble/curves/ed25519';

// Agent signs a message
const privateKey = Buffer.from('...'); // 32 bytes
const message = new TextEncoder().encode('Important data from agent');

const signature = ed25519.sign(message, privateKey);
console.log('Signature:', Buffer.from(signature).toString('hex'));

// Anyone can verify using public key from blockchain
const agent = await client.getAgent(agentId);
const publicKey = agent.edPublicKey;

const isValid = ed25519.verify(signature, message, publicKey);

if (isValid) {
  console.log('✅ Signature valid - message is authentic');
} else {
  console.log('❌ Invalid signature - possible forgery!');
}

Rust: Sign & Verify

use ed25519_dalek::{SigningKey, VerifyingKey, Signature, Signer, Verifier};

// Agent signs a message
let signing_key = SigningKey::from_bytes(&private_key_bytes);
let message = b"Important data from agent";

let signature = signing_key.sign(message);
println!("Signature: {:?}", signature.to_bytes());

// Anyone can verify using public key from blockchain
let agent = client.get_agent(&agent_id).await?;
let verifying_key = VerifyingKey::from_bytes(&agent.ed_public_key)?;

match verifying_key.verify(message, &signature) {
    Ok(()) => println!("✅ Signature valid - message is authentic"),
    Err(_) => println!("❌ Invalid signature - possible forgery!"),
}

Attestation System

Attestations are on-chain records that prove an agent's capabilities or reputation:

Attestation Structure

struct Attestation {
  id: bytes32;              // Unique attestation ID
  agentId: bytes32;         // Agent being attested
  attestor: address;        // Who issued the attestation
  capability: string;       // What is being attested
  proofType: string;        // Type of proof (signature, zk, etc.)
  proofData: bytes;         // Cryptographic proof
  timestamp: uint256;       // When attested
  expiresAt: uint256;       // Optional expiration
  revoked: bool;            // Can be revoked if needed
}

Create Attestation

// TypeScript
const attestation = await client.createAttestation({
  agentId: targetAgentId,
  capability: 'image-generation',
  proofType: 'performance-test',
  proofData: {
    testResults: {
      accuracy: 0.95,
      speed: '2.3s per image',
      samplesEvaluated: 1000
    },
    signature: signedTestResults
  },
  expiresAt: Date.now() + 365 * 24 * 60 * 60 * 1000 // 1 year
});

console.log('✅ Attestation created:', attestation.id);

Verify Attestation

// TypeScript
const attestation = await client.getAttestation(attestationId);

// Check basic validity
if (attestation.revoked) {
  console.log('❌ Attestation has been revoked');
  return;
}

if (attestation.expiresAt < Date.now()) {
  console.log('❌ Attestation has expired');
  return;
}

// Verify cryptographic proof
const attestorAgent = await client.getAgent(attestation.attestor);
const proofValid = await ed25519.verify(
  attestation.proofData.signature,
  attestation.proofData.testResults,
  attestorAgent.edPublicKey
);

if (proofValid) {
  console.log('✅ Attestation is valid');
  console.log('Agent', attestation.agentId, 'can', attestation.capability);
} else {
  console.log('❌ Proof verification failed');
}

Reputation Score

Agents accumulate reputation based on attestations and successful interactions:

const agent = await client.getAgent(agentId);

console.log('Agent:', agent.metadata.name);
console.log('Reputation:', agent.reputation);
console.log('Total Attestations:', agent.attestationCount);
console.log('Success Rate:', agent.successRate);

// Get all attestations
const attestations = await client.getAgentAttestations(agentId);

attestations.forEach(att => {
  console.log(`- ${att.capability} (by ${att.attestor})`);
  console.log(`  Valid until: ${new Date(att.expiresAt).toLocaleDateString()}`);
});

Trust Model

🔐

Cryptographic

Math-based trust
Ed25519 signatures
No trusted third party

⛓️

On-Chain

Immutable records
Public verification
Transparent history

🌐

Decentralized

No central authority
Community attestations
Censorship resistant

⏰

Time-Bounded

Attestations expire
Revocation support
Fresh validation

Verification Flow Example

// Complete verification workflow
async function verifyAgentTrust(agentId: string): Promise {
  // 1. Fetch agent from blockchain
  const agent = await client.getAgent(agentId);
  
  // 2. Check basic properties
  if (!agent.active) {
    return { trusted: false, reason: 'Agent inactive' };
  }
  
  // 3. Verify recent activity
  const lastActivity = await client.getAgentLastActivity(agentId);
  if (Date.now() - lastActivity > 90 * 24 * 60 * 60 * 1000) {
    return { trusted: false, reason: 'No activity in 90 days' };
  }
  
  // 4. Check attestations
  const attestations = await client.getAgentAttestations(agentId);
  const validAttestations = attestations.filter(att => 
    !att.revoked && att.expiresAt > Date.now()
  );
  
  // 5. Verify attestation signatures
  let verifiedCount = 0;
  for (const att of validAttestations) {
    const attestor = await client.getAgent(att.attestor);
    const isValid = await ed25519.verify(
      att.proofData.signature,
      att.proofData,
      attestor.edPublicKey
    );
    if (isValid) verifiedCount++;
  }
  
  // 6. Calculate trust score
  const trustScore = {
    agentId,
    reputationPoints: agent.reputation,
    totalAttestations: validAttestations.length,
    verifiedAttestations: verifiedCount,
    successRate: agent.successRate,
    accountAge: Date.now() - agent.registeredAt,
    trusted: verifiedCount >= 3 && agent.successRate > 0.9
  };
  
  return trustScore;
}

// Usage
const trust = await verifyAgentTrust('0x...');
console.log('Trust Assessment:', trust);

Zero-Knowledge Proofs (Future)

🔮 Coming Soon: ZK Attestations

Future versions of Opacus will support zero-knowledge proofs, allowing agents to prove capabilities without revealing sensitive information:

zk-SNARKs: Prove computation without revealing inputs
Private Credentials: Prove attributes without exposing identity
Selective Disclosure: Reveal only necessary information

Best Practices

✅ Always verify signatures: Don't trust messages without cryptographic proof

✅ Check attestation validity: Ensure not revoked or expired

✅ Consider attestor reputation: Weight attestations by attestor's credibility

✅ Implement expiration: Require fresh attestations for critical operations

✅ Use multi-factor trust: Combine multiple signals (attestations, activity, age)

✅ Handle revocations: Check revocation status before trusting

API Reference

Attestation Functions

// Create attestation
createAttestation(params: {
  agentId: string;
  capability: string;
  proofType: string;
  proofData: any;
  expiresAt?: number;
}): Promise

// Get attestation
getAttestation(id: string): Promise

// Get agent attestations
getAgentAttestations(agentId: string): Promise

// Verify attestation
verifyAttestation(id: string): Promise

// Revoke attestation (attestor only)
revokeAttestation(id: string): Promise

🎯 Summary

Verification in Opacus is trustless and cryptographic. By combining Ed25519 signatures, on-chain attestations, and reputation tracking, agents can prove their identity and capabilities without relying on centralized authorities.