Whitepaper: AT1C Protocol Specification (v1.0)One Human, One Identity, Infinite Agents
Executive SummaryAT1C establishes a civilization-grade standard for digital identity sovereignty. Rather than treating identity as data stored in corporate vaults, AT1C treats it as a permanent, transferable asset that belongs entirely to the individual—secure against future threats, inheritable by heirs, and designed to outlast any single technology platform.Think of traditional digital identity as renting an apartment: the landlord (tech company) controls access, can evict you, and everything disappears when they close. AT1C is homeownership: you hold the deed, you control the locks, and your home can pass to your heirs.
The Core Problem: The Accountability GapToday's digital systems suffer from a critical flaw: agents act without verifiable permission, and identities vanish when users die.Consider a practical example: When you die, your email account is locked forever. Your digital assets (photos, documents, cryptocurrency) become inaccessible to heirs. AI agents operating on your behalf have no way to prove they acted with your consent. And if a data breach occurs, you have no recourse—your identity is already compromised.AT1C solves this by unifying three distinct identities into one sovereign object:Public Identity: Your official self (legal name, business credentials, KYC verification)
Anonymous Identity: Your private self (pseudonymous accounts, gaming, experimentation)
Life-Cycle Identity: Your legacy (will, inheritance instructions, recovery secrets)The Architecture: Four Secure LayersImagine a bank building. Security doesn't rely on a single wall—it uses multiple, independent systems working together. AT1C applies this principle to digital identity.
Layer 1: The Logic Anchor (Nervos CKB Blockchain)Purpose: The permanent foundation that proves you own your identity.How it works: Your identity exists as a "Spore Cell"—a first-class digital asset on the blockchain, similar to how Bitcoin proves ownership of money. You hold the cryptographic keys; no company can seize it.Why Nervos instead of Ethereum?On Ethereum, identity is state inside a smart contract—like a guest list maintained by a nightclub owner who can rewrite it anytime.
On Nervos, identity is a native asset owned directly by you—like a deed to land that no one can alter without your signature.What's stored here: Only essential data—your public keys, lifecycle status, and root hashes (cryptographic fingerprints). This keeps costs predictable and prevents blockchain bloat.
Layer 2: The Secret Vault (Nillion Network)Purpose: Secure storage for sensitive inheritance data—wills, recovery secrets, and emergency instructions.The Innovation: Instead of traditional encryption (where a server holds a decrypted copy), we use Blind Computation. Your data is shattered into pieces across a decentralized network using Multi-Party Computation (MPC). No single server ever sees the complete, unencrypted data.Why this matters for quantum security: Even if a quantum computer breaks today's encryption methods, the data remains inaccessible because the attacker would need to compromise every single piece simultaneously—mathematically impossible.Real-world analogy: Imagine a will stored in a bank vault. With traditional encryption, the bank manager holds a master key. With Blind Computation, the will is split into 100 pieces hidden across 100 different banks. Even if one bank is compromised, the will remains secret.
Layer 3: The Public Asset Layer (Walrus Storage)Purpose: High-availability storage for your public and anonymous profiles—portraits, credentials, activity logs.Why Walrus? It uses advanced erasure coding, meaning your data survives even if 60% of storage nodes fail. It's like a building with redundant electrical systems: if one circuit fails, power still flows.Benefit: Your identity remains accessible and censorship-resistant at a fraction of the cost of alternatives like Arweave.
Layer 4: The Archival Anchor (5D Optical Glass Storage)Purpose: Civilization-grade permanence for your most critical legacy data.The Technology: Your identity's root hash is etched into glass using femtosecond lasers—creating a permanent, physical record.Durability: Glass survives heat, radiation, water, and electromagnetic pulses. It lasts millions of years without degradation.Security: WORM (Write Once, Read Many)—data cannot be hacked, deleted, or remotely altered. It's like carving your will into stone.Steganography Option: The data can be hidden in plain sight—etched into a watch face, eyeglass lens, or household mirror. Your heirs know where to look; no one else does.Implementation: When costs decrease, AT1C will offer "Glass Vault" services where the root hash of your inheritance data is physically etched, ensuring your digital legacy survives even if the internet fails.
The Three Profiles: Your Composable SelfAT1C recognizes that you are not one person—you are many, depending on context.
Profile Purpose Storage Use Cases
Public (Official) Your legal identity Walrus (distributed) Business, KYC, legal contracts, professional credentials
Anonymous (Pseudonymous) Your private self Walrus (distributed) Forums, gaming, experimentation, agent operations
Life-Cycle (The Vault) Your legacy and inheritance Nillion (active) + Sphotonix (archival) Death protocols, asset transfer, emergency recovery, family instructionsEach profile is cryptographically signed and independently verifiable, yet unified under a single sovereign identity.
The Inheritance Mechanism: The Hybrid Life-LockThe greatest challenge in digital inheritance is the "Schrödinger's User" problem: How do you know someone is truly dead and not just offline?AT1C's solution: A two-factor death trigger that requires both conditions to be true:Condition A: Proof of Silence (Time-Lock)You sign a "Heartbeat" transaction every 6 months (or a user-selected interval).
If you miss this deadline, Condition A is met.Condition B: Proof of Death (Attestation)A threshold of trusted Guardians (family, friends) OR an oracle-verified death certificate confirms your death.
Only then is Condition B met.Why this is safer than alternatives:
Scenario Outcome Protection
You're in a coma Condition A met, but Condition B fails (family won't sign). Assets remain locked. ✓ Coma protection
You're coerced by criminals Condition A not yet met (you're forced to sign). Assets remain locked. ✓ Hostage protection
You die naturally Both conditions met after 6+ months. Inheritance proceeds. ✓ Proper succession
System glitch falsely declares death Guardians refuse to attest. Conditions not fully met. Assets remain locked. ✓ Error recoveryArchival Option: For Glass Vault users, heirs can physically present the glass disc to an executor, who can reconstruct the digital estate without relying on online oracles. This ensures inheritance even if the internet fails.
Cryptography Standard: Quantum-Ready Hybrid SignaturesAT1C mandates dual-algorithm signatures for all critical actions:SIG = SIGClassical (Ed25519) || SIGPostQuantum (CRYSTALS-Dilithium)Why both?Ed25519 is secure today and widely trusted.
CRYSTALS-Dilithium is secure against quantum computers (NIST-standardized).By requiring both signatures, AT1C ensures your identity remains secure even if one algorithm is compromised. It's like a safe with two locks: a thief must break both.
The Future Roadmap: From Digital to Phygital IdentityAs technology costs decrease, AT1C will evolve from purely digital to phygital (physical + digital) identity.
Phase Timeline Vision Implementation
Phase 1 Current Digital sovereignty via blockchain Nervos CKB + Nillion + Walrus
Phase 2 Enterprise (1-2 years) Corporate disaster recovery Identity keys etched to glass for enterprise backup
Phase 3 Mass adoption (3-5 years) Everyday identity integration Sovereign identity embedded in consumer products—watches, eyewear, jewelryIn Phase 3, your identity becomes inseparable from your physical possessions. Lose your phone? Your watch still holds your encrypted identity. The internet goes down? Your glasses contain the key to your digital estate.
Conclusion: Identity as InfrastructureAT1C is not a login system. It is the foundation for digital civilization.Just as physical infrastructure (roads, bridges, utilities) enables economic activity, AT1C enables digital sovereignty. It ensures that:You own your identity, not corporations.
Your identity survives you, passing to heirs with cryptographic certainty.
Your secrets remain secret, even against future quantum threats.
Your legacy endures, etched into glass if necessary.In an era of autonomous AI and digital permanence, AT1C answers a fundamental question: Who owns you?
The answer is simple: You do.IDocument 2:
The AT1C SDK
Developer Implementation Guide"Ship Accountable Agents with Cryptographic Evidence" 1. The Problem for BuildersYou are building AI agents (GPT-6 wrappers, autonomous hedge funds, personal assistants). The Risk: Regulations like the EU AI Act require Human Oversight. If your agent makes a mistake, can you prove the user authorized that specific action? Without a verifiable audit trail, you are exposed to "He said/She said" disputes and regulatory scrutiny. 2. The Solution: The AT1C SDKThe AT1C SDK wraps your AI agent in a layer of cryptographic accountability.For the User: They get a unified identity they own, with transparent control over what they sign.
For You (The Developer): You get a "Compliance Engine." Every action is logged with a verifiable receipt, proving exactly what the user authorized and when.Quick Start (Python/JS)Integrate AT1C into your existing LangChain or AutoGPT workflow instantly. pythonimport at1csdk
1. Initialize the Agent with the User's AT1C
This connects the agent to the user's on-chain identity Spore.agentat1csdk.Agent(at1cid="AT1C:nervos:0x1a2b...")
2. Define the Policy (The "Scope")
CRITICAL: Define precise limits, not just broad permissions.policy = at1csdk.Policy( actions=["transfer"], limits={"maxvalue": 1000, "currency": "USD"}, # Spending caps duration="24h" )
3. Request Authorization
This triggers a secure prompt to the user's wallet (Mobile/Browser).
The user signs the specific policy details.
The SDK handles the complex Hybrid (PQ) signature generation in the background.authrequest = agent.requestscope(policy)
4. Executeif authrequest.issigned: # SUCCESS: The action is now "receipted." # You have cryptographic proof that the user authorized THIS transaction # with THESE limits at THIS time. agent.execute(transfertx) else: # FAIL: User denied or transaction violates policy. # The agent is blocked from acting, preventing unauthorized errors. print("Authorization denied or policy violation.")Key Features for Adoption A. The "Passport Wrapper" Strategy (Client-Side Security)Proprietary models (OpenAI, Google) won't integrate AT1C natively? It doesn't matter.How it works: The AT1C SDK runs client-side (in the user's app or browser extension). It acts as a Local Proxy.
Security: The user's API keys for OpenAI never leave their device. The SDK intercepts requests, checks authorization against the AT1C identity, and then routes the request.
The Benefit: You turn proprietary AI into a utility pipe while keeping the identity layer open. The AT1C network never sees the user's secrets, only the authorization receipts.B. The "Accountability Standard" (Evidence over Immunity)Building on AT1C doesn't grant legal immunity, but it provides the strongest possible defense: Evidence.The Reality: Disputes arise when users claim, "I didn't authorize that."
The AT1C Solution:
AT1C replaces vague consent with Parameter-Locked Signatures.
For Regulators: You can demonstrate that the user explicitly signed: "Transfer maximum $500 to Address X within 24 hours."
Result: You transform a potential "negligence" lawsuit into a clear-cut case of user responsibility.C. Granular Authorization ControlsAddressing the "vague scope" risk, the SDK enforces Parameter Locking.User Experience: Users don't just sign "Transfer." They sign specific parameters (Amount, Recipient, Time Limit).
Enforcement: If the Agent tries to transfer $501 when the limit was $500, the AT1C SDK blocks the transaction locally before it ever reaches the network. The signature is mathematically invalid for that amount.D. Zero-Friction Onboarding (Account Abstraction)
Stop asking users to save 24-word seed phrases.
Implementation: AT1C supports native Account Abstraction on Nervos CKB.
UX: Users log in with Passkeys (FaceID / TouchID) or Email.
Recovery: If the user loses their device, the Hybrid Life-Lock (Guardians) allows identity recovery without a seed phrase.Why Build on AT1C?Interoperability: One identity works across all your apps. Cost: Uses Nervos CKB's deterministic fees—no more $50 gas spikes. Future-Proof: Your user's data is safe from Quantum decryption via Nillion integration. Sovereignty: You don't lock users in. If your app shuts down, their identity lives on. Users trust you more because they know they can leave.The AT1C Protocol is live.
The standard is set.
Build the future of accountable Identity with tagged AI.
Agents Made Inheiritable.
A.I. Agents owned by humans verified accountability.Why This Approach Wins For Nervos & The Spore Protocol
• Implement the framework on CKB first.
• Build commercial products on top identity verification services, DAO governance tools, inheritance platforms• Become the de facto standard while remaining open-source• Attract developers and users who believe in the mission, not the company.
Nervos doesn't need to own the framework to dominate the market.
Bitcoin never owned "decentralized money," but Bitcoin dominates because it was first and best.For Developers They get:• A clear specification to build against
• Multiple implementations to choose from
• A mission bigger than any single company
• Freedom to fork, modify, and improve
For Regulators They get:
• A transparent, auditable framework
• No single entity to regulate (can't shut it down)
• Accountability built into the foundation (easier to enforce)
• International adoption (can't be locked to one jurisdiction)
For Users They get:
• True ownership of their digital identity
• Portable agents (not locked to one platform)
• Family and community control (not corporate control)
• Inheritance and lifecycle management agents survive the human.For the World A Decentralized Identity Network (AT1C) an open, quantum resistant framework for autonomous agent accountability that no government, corporation, or individual can control or corrupt.
*****
Plant a seed in someone's mind together lets make a change.