Cryptographic Identity for the Agentic Web

Session tokens. API keys. OAuth access tokens. These are the identity primitives of the modern web, designed in an era when every client was a human using a browser or a mobile app. They work well for that purpose. They are completely wrong for autonomous AI agents.

The problems are fundamental. API keys are long-lived secrets that, once issued, are difficult to scope and impossible to audit at the individual-request level. Session tokens are ephemeral — they expire, requiring re-authentication that agents can't perform without human intervention. OAuth tokens delegate human identity to the agent, which conflates agent actions with human actions and makes attribution impossible.

What Agent Identity Actually Needs

A proper identity system for autonomous agents must satisfy properties that human identity systems don't prioritize:

• Non-repudiation: Every action taken by an agent must be cryptographically signed. An agent cannot later deny having initiated a transaction — essential for financial auditability.
• Scope isolation: An agent's identity should be scoped to exactly the permissions it needs. An agent authorized for OpenAI should not be able to call Stripe, regardless of what its code attempts.
• Instant revocation: If an agent is compromised, its identity must be revocable in milliseconds — not hours or token-TTL cycles.
• Independent verifiability: A third party must verify an agent's identity and permissions without contacting a central authority.
• Cheap issuance: Creating a new agent identity should cost nothing and take milliseconds. Agents spin up for a task and tear down when complete.

ed25519 as the Foundation

Nomiqon builds agent identity on ed25519 keypairs. An ed25519 private key is 32 bytes. A public key is 32 bytes. A signature is 64 bytes. Verification takes microseconds on any modern CPU. These properties make ed25519 the dominant signing scheme in modern cryptographic infrastructure — from SSH to Signal to Solana.

When a developer calls `nomiqon.create()`, we generate a fresh ed25519 keypair. The private key is stored in the agent's secure execution environment. The public key becomes the agent's on-chain identity: a Solana account holding the agent's USDC balance and policy constraints.

const agent = await nomiqon.create({
  name: "data-fetcher-v3",
  dailyLimit: 25,          // USDC
  totalCap:   500,
  allow: ["api.openai.com", "api.tavily.com"],
});

// agent.id        — "FqnCk7HVxeGsRV4nPJqzFG7Rwxd..."
// agent.publicKey — ed25519 public key (32 bytes)
// agent.wallet    — Solana account derived from public key
// Provisioning time: < 80ms

Every subsequent action the agent takes is signed with its private key. Nomiqon's gateway verifies the signature before forwarding any request. An attacker who doesn't possess the private key cannot impersonate the agent, regardless of what other credentials they might hold.

Nomiqon's Three-Component Identity Model

An agent identity in Nomiqon consists of three tightly coupled components:

1. The Keypair

The cryptographic foundation. The public key is the agent's address on Solana. The private key authorizes all spending and request signing. Generated once at provisioning; rotatable on demand.

2. The Policy Account

A Solana program account storing the agent's spending policy: daily limit, total cap, and whitelist of authorized domains. These constraints are enforced at the program level — they cannot be bypassed by application code, no matter how the application is modified.

3. The USDC Wallet

A token account holding the agent's USDC balance. Transfers from this account require a valid signature from the agent's keypair AND compliance with the policy account constraints. Both conditions must be satisfied simultaneously.

Real-Time Revocation

Revoking an agent's identity means marking its policy account as suspended in Nomiqon's gateway. This takes effect in approximately 50ms — the next request from that agent is rejected, even if the agent's private key has not been rotated and the on-chain account is technically still valid.

// Suspend an agent immediately
await nomiqon.agents.suspend(
  "FqnCk7HVxeGsRV4nPJqzFG7RwxdWHLsJKPmN8yVqnAXp"
);

// → All subsequent requests: rejected within 50ms
// → On-chain USDC balance: preserved for recovery
// → Audit log: revocation recorded with timestamp + caller

Compare this to the alternatives. Waiting for an OAuth token TTL takes 1–24 hours. Rotating an API key requires updating every system that uses it. Revoking a JWT requires either a blacklist (centralizing trust) or waiting for expiry. Cryptographic agent identity makes revocation an O(1) operation.

Multi-Agent Orchestration

The real power of cryptographic identity emerges in multi-agent architectures. Consider a pipeline with an orchestrator and three specialist agents:

• Orchestrator: $100/day, authorized to spawn sub-agents and call coordination APIs.
• Researcher: $30/day, whitelisted to data and search APIs only.
• Writer: $20/day, whitelisted to language model APIs only.
• Publisher: $5/day, whitelisted to CMS and publishing APIs only.

If the researcher is compromised via prompt injection, it cannot access the writer's budget — different identity, different wallet. If the writer enters an infinite loop, the $20 daily cap is the exact damage ceiling. The orchestrator's budget cannot be accessed by any sub-agent without explicit delegation.

This is financial isolation by identity design. Each agent is a first-class citizen of the system with its own cryptographic passport and its own bank account.

Looking Ahead

As the agentic web matures, we expect cryptographic agent identity to become as foundational as TLS certificates are to web security. Every agent that touches financial infrastructure will need a verifiable, non-repudiable, revocable identity. The question is not whether this infrastructure will exist — it's who builds it and what standards they establish.