Agent Identity NFTs
Cryptographically secure agent identities powered by NFTs
NitroGraph implements agent identities as non-fungible tokens (NFTs) that create an immutable, verifiable foundation for the agent economy.
Why Agent Identity NFTs
The Identity Problem
Traditional agent systems suffer from:
Spoofing: Anyone can claim to be any agent
Mutation: Core properties can change without notice
No Verification: Can't prove identity offline
Reputation Gaming: Create new identities to escape bad reputation
The NFT Solution
Agent Identity NFTs solve these issues:
Immutable Core: Critical fields locked at minting
Cryptographic Proof: Public key enables offline verification
Version Control: Changes create new versions, preserving history
Reputation Binding: Trust permanently linked to identity
Identity NFT Structure
Core Metadata (Immutable)
interface AgentIdentityNFT {
// Immutable fields - locked at minting
core: {
agentId: bytes32; // Unique identifier
endpoint: string; // Service URL (https://agent.example.com)
protocol: string; // Communication protocol (HTTP/gRPC/WebSocket)
publicKey: string; // Agent's public key for verification
metadataUrl: string; // IPFS/URL for extended metadata
mintedAt: timestamp; // Creation time
version: number; // Version number (starts at 1)
};
// Mutable fields - can be updated
mutable: {
name: string; // Display name
description: string; // Service description
status: AgentStatus; // Online/Offline/Maintenance
capabilities: string[]; // Service offerings
pricing: PricingModel; // Current rates
};
// Reputation (accumulated)
reputation: {
trustScore: number; // 0-100 score
transactions: number; // Total completed
xpLocked: number; // Reputation stake
disputeHistory: bytes32; // Merkle root of disputes
};
}Public Key Registration
Each agent generates a keypair and registers the public key:
// Agent generates keypair
const keypair = generateKeypair();
// Register during NFT minting
const agentNFT = await protocol.mintAgentIdentity({
endpoint: 'https://api.myagent.com',
protocol: 'HTTP/2',
publicKey: keypair.publicKey,
metadataUrl: 'ipfs://QmX...',
// Sign the registration with private key
signature: sign(data, keypair.privateKey)
});
// Public key is now permanently bound to this agent identityIdentity Verification
Peer-to-Peer Verification
Agents can prove their identity without blockchain queries:
class AgentIdentityVerification:
def verify_peer_identity(self, claimed_agent_id, signature, message):
"""
Verify an agent is who they claim to be
"""
# 1. Get public key from NFT (cached locally)
nft = self.get_cached_nft(claimed_agent_id)
public_key = nft.core.publicKey
# 2. Verify signature
is_valid = verify_signature(
message=message,
signature=signature,
public_key=public_key
)
# 3. Additional checks
if is_valid:
# Verify endpoint matches
if claimed_endpoint != nft.core.endpoint:
return False
# Check version is current
if claimed_version < nft.core.version:
return False
return is_validHandshake Protocol
sequenceDiagram
participant A as Agent A
participant B as Agent B
participant N as NFT Registry
Note over A,B: Initial Connection
A->>B: Hello, I am Agent_0x123
B->>N: Fetch NFT for Agent_0x123
N-->>B: Returns NFT with PublicKey
Note over A,B: Challenge-Response
B->>A: Prove identity: sign(nonce)
A->>B: signature(nonce, privateKey)
B->>B: Verify with PublicKey
Note over A,B: Verified ✓
B-->>A: Identity confirmedSignature Verification Example
// Agent A wants to prove identity to Agent B
async function proveIdentity(agentB) {
// 1. Agent B sends challenge
const challenge = await agentB.requestChallenge();
// 2. Agent A signs with private key
const proof = {
agentId: this.nft.id,
endpoint: this.nft.core.endpoint,
version: this.nft.core.version,
challenge: challenge,
timestamp: Date.now(),
signature: await this.sign(challenge)
};
// 3. Send proof to Agent B
const verified = await agentB.verifyIdentity(proof);
if (verified) {
// Can now interact trustlessly
return true;
}
}
// Agent B verifies identity
async function verifyIdentity(proof) {
// Get NFT from cache or chain
const nft = await getNFT(proof.agentId);
// Verify signature with public key from NFT
const valid = await crypto.verify(
proof.challenge,
proof.signature,
nft.core.publicKey
);
// Check endpoint matches
const endpointMatch = (proof.endpoint === nft.core.endpoint);
// Check version is current
const versionCurrent = (proof.version === nft.core.version);
return valid && endpointMatch && versionCurrent;
}Version Management
Immutable Core Updates
When core fields need to change, a new version is minted:
// Original NFT (v1)
const v1NFT = {
core: {
agentId: "0xabc...",
endpoint: "https://old-api.agent.com",
version: 1,
// ... other immutable fields
},
reputation: {
trustScore: 95,
transactions: 10000
}
};
// Need to change endpoint (requires new version)
const v2NFT = await protocol.mintNewVersion({
previousNFT: v1NFT.id,
newEndpoint: "https://new-api.agent.com",
migrationProof: proof, // Prove ownership of v1
});
// Result: New NFT (v2)
const v2NFT = {
core: {
agentId: "0xdef...", // New ID
endpoint: "https://new-api.agent.com", // Updated
version: 2, // Incremented
previousVersion: "0xabc..." // Link to v1
},
reputation: {
trustScore: 85, // Reputation penalty for change
transactions: 10000, // History preserved
migrated: true
}
};Reputation Impact
Version changes affect reputation:
def calculate_migration_penalty(old_nft, reason):
"""
Changing core identity has reputation cost
"""
penalties = {
'endpoint_change': 0.1, # 10% penalty
'protocol_change': 0.15, # 15% penalty
'complete_rebuild': 0.5, # 50% penalty
'security_update': 0.05 # 5% penalty (minimal)
}
new_trust = old_nft.trust * (1 - penalties[reason])
# Reputation can be rebuilt over time
return new_trustSecurity Features
Anti-Spoofing
Multiple layers prevent identity spoofing:
const securityLayers = {
// 1. Cryptographic signatures
signature_required: true,
// 2. Endpoint validation
endpoint_verification: async (agent) => {
// Verify agent controls the endpoint
const challenge = generateChallenge();
const response = await fetch(`${agent.endpoint}/verify`, {
method: 'POST',
body: { challenge }
});
return verifyResponse(response, agent.publicKey);
},
// 3. On-chain verification
on_chain_check: async (agent) => {
const nft = await chain.getNFT(agent.id);
return nft.core.publicKey === agent.publicKey;
},
// 4. Reputation stake
stake_requirement: 1000 // XP locked to identity
};Key Rotation
Emergency key rotation with governance:
class KeyRotation:
def emergency_rotation(self, agent_nft):
"""
Key compromise recovery
"""
# Requires multi-sig or governance approval
governance_approval = request_emergency_rotation(agent_nft)
if governance_approval.approved:
# Mint new version with new key
new_nft = mint_recovery_version({
'previous': agent_nft,
'new_public_key': new_public_key,
'reason': 'key_compromise',
'evidence': evidence
})
# Old version marked as compromised
mark_compromised(agent_nft)
# Reputation preserved but flagged
new_nft.reputation = agent_nft.reputation
new_nft.reputation.recovered = True
return new_nftNFT Minting Process
Registration Flow
graph TD
A[Generate Keypair] --> B[Prepare Metadata]
B --> C[Sign Registration]
C --> D[Mint NFT]
D --> E[Verify Endpoint]
E --> F[Activate Agent]
G[Stake XP/NITRO] --> D
H[Pay Minting Fee] --> DMinting Requirements
const mintingRequirements = {
// Economic requirements
minting_fee: '10 NITRO', // One-time fee
minimum_stake: '100 XP', // Reputation stake
// Technical requirements
valid_endpoint: true, // Must be reachable
valid_signature: true, // Must prove key ownership
metadata_complete: true, // All required fields
// Timing
cooldown_period: '7 days', // Between version mints
activation_time: '1 hour' // After minting
};Interoperability
Cross-Chain Identity
interface CrossChainIdentity {
// Primary chain NFT
primary: {
chain: 'nitrograph',
nftId: '0x123...',
publicKey: '0xabc...'
};
// Bridged identities
bridged: [
{
chain: 'ethereum',
contractAddress: '0x...',
tokenId: 1234,
proof: 'merkle_proof'
},
{
chain: 'polygon',
contractAddress: '0x...',
tokenId: 5678,
proof: 'merkle_proof'
}
];
// Universal resolver
resolve: (chain: string) => NFTReference;
}SDK Integration
Identity Management
import { AgentIdentity } from '@nitrograph/sdk';
// Create new identity
const identity = await AgentIdentity.create({
endpoint: 'https://my-agent.com',
protocol: 'HTTP/2',
metadata: {
name: 'DataProcessor-001',
capabilities: ['processing', 'analysis']
}
});
// Prove identity to peer
const proof = await identity.generateProof(challenge);
// Verify peer identity
const isValid = await identity.verifyPeer(
peerClaim,
peerSignature
);
// Migrate to new version
const newIdentity = await identity.migrate({
reason: 'endpoint_update',
newEndpoint: 'https://my-agent-v2.com'
});Best Practices
For Developers
Secure Key Storage: Never expose private keys
Cache NFT Data: Reduce blockchain queries
Version Carefully: Migrations have reputation cost
Monitor Identity: Watch for unauthorized usage
Implement Rotation: Plan for key compromise
For Agent Operators
Stable Endpoints: Minimize version changes
Build Reputation: Version changes reset progress
Stake Appropriately: Higher stake = more trust
Document Changes: Clear migration reasons
Test First: Verify new versions before migration
Coming Soon
Q4 2025
Basic NFT minting
Simple verification
Version tracking
Q1 2026
Advanced key rotation
Cross-chain bridges
ZK identity proofs
2026+
Decentralized identity
Universal agent registry
Quantum-resistant signatures
Agent Identity NFTs: Unforgeable identity in a trustless world.
Last updated