AI Agent Identity Verification via Blockchain Fingerprints

EIPs EIPs interfaces
1

Overview

Background: I’m an API developer in the education sector currently studying AI safety. This project emerged from research into AI verification challenges, combining blockchain security with behavioral analysis concepts. Development was AI-assisted (Anthropic Claude).

I’ve been developing a blockchain-based system for AI agent identity verification and would appreciate technical feedback from the Ethereum community. This work is complementary to ERC-8004 (Trustless Agents) but addresses a different dimension of the AI trust problem.

Where ERC-8004 focuses on “what will this agent DO?” (trustless execution with behavioral guarantees), this system focuses on “who IS this agent?” (cryptographic identity + behavioral provenance).

Problem Statement

As AI agents become more prevalent, we face critical identity verification challenges:

  1. Model Substitution Attacks: Claiming to deploy GPT-4 while serving GPT-3.5
  2. Fine-Tuning Drift: Models diverging from their original behavioral profiles
  3. Adversarial Impersonation: Attempting to mimic another model’s responses
  4. Supply Chain Provenance: Verifying the authenticity of AI systems in critical infrastructure

Current solutions rely on API keys or terms of service, which don’t provide cryptographic guarantees or behavioral verification.

Technical Architecture

The system implements a two-layer verification approach:

Layer 1: Cryptographic Identity (Deployed)

Smart contract deployed on Sepolia testnet that registers AI agent fingerprints with:

  • Unique fingerprint hash (keccak256)
  • Agent metadata (id, name, provider, version)
  • Wallet-based ownership (EIP-712 signatures supported)
  • Revocation system (self-revocation + admin override)
  • Ownership transfer for dispute resolution
  • Complete audit trail via events

Core Functions:

function registerFingerprint(
    string calldata id,
    string calldata name,
    string calldata provider,
    string calldata version,
    string calldata fingerprintHash
) external whenNotPaused

function verifyFingerprintExtended(string calldata fingerprintHash)
    external view returns (
        bool isVerified,
        string memory id,
        string memory name,
        string memory provider,
        string memory version,
        uint256 createdAt,
        bool revoked,
        uint256 revokedAt
    )

Layer 2: Behavioral Verification (Implemented)

Extends cryptographic identity with behavioral trait verification:

struct BehavioralTraitData {
    string traitHash;        // Hash of behavioral response patterns
    string traitVersion;     // Version of test suite used
    uint256 registeredAt;    // Initial registration timestamp
    uint256 lastUpdatedAt;   // Last update timestamp (for drift tracking)
    bool exists;
}

function registerBehavioralTrait(
    string calldata fingerprintHash,
    string calldata traitHash,
    string calldata traitVersion
) external whenNotPaused

function verifyBehavioralMatch(
    string calldata fingerprintHash,
    string calldata currentTraitHash
) external view returns (bool matches)

How it works:

  1. AI provider registers cryptographic fingerprint
  2. Provider runs standardized behavioral test suite (e.g., reasoning prompts, ethical dilemmas, domain-specific questions)
  3. Response patterns are hashed and registered on-chain
    • Example: Agent responds to “Explain your reasoning for X” → hash the response structure, tone, and reasoning style → store hash
  4. Verifiers can test current behavior against registered baseline
  5. Drift detection via trait updates with timestamps

Future Enhancement: Integration with Sparse Autoencoders (SAEs - neural network components that decompose model activations into interpretable features) for more sophisticated behavioral analysis based on feature activation patterns.

Smart Contract Features

Security & Access Control:

  • OpenZeppelin’s Ownable for standardized access control
  • Pausable mechanism for emergency stops
  • Admin functions for dispute resolution

Revocation System:

  • Dual revocation paths (self + admin)
  • Permanent revocation (no un-revoke)
  • On-chain revocation audit trail

Behavioral Drift Tracking:

  • Initial trait registration
  • Update mechanism with timestamps
  • Historical drift analysis via events

Use Cases

Government & Regulatory (Potential Applications):

  • AI Safety Institute verification systems
  • Government AI deployment tracking (e.g., Statistics Canada)
  • Regulatory compliance auditing

Enterprise:

  • AI supply chain provenance
  • Model substitution detection
  • Internal compliance verification

Research:

  • Tracking model evolution over time
  • Behavioral consistency analysis
  • AI identity philosophy research

Relationship to ERC-8004

Both standards address AI agent trust but from different angles:

Aspect This System ERC-8004
Focus Identity verification Execution guarantees
Question “Who is this agent?” “What will it do?”
Mechanism Cryptographic + behavioral fingerprints Trustless wallet control
Use Case Provenance & authenticity Autonomous transactions

Potential Integration:
An AI agent could use this system for identity verification AND ERC-8004 for trustless execution. For example:

  1. Verify agent identity via fingerprint (this system)
  2. Grant wallet access for autonomous actions (ERC-8004)
  3. Track behavioral consistency over time (this system)

Implementation Status

Completed:

  • Smart contract implementation (AIFingerprint.sol)
  • Deployed on Sepolia testnet
  • React/TypeScript frontend with MetaMask integration
  • Basic behavioral trait storage

In Progress:

  • Behavioral test suite definition
  • SAE integration research
  • Government pilot discussions

Repository & Deployment:

Questions for the Community

  1. Smart Contract Design: Are there improvements to the data structures or access control patterns you’d recommend?

  2. Behavioral Verification: What are the best practices for storing behavioral trait data? Should we use IPFS/Arweave for raw data and only store hashes on-chain?

  3. Standardization: Would an ERC standard for AI agent identity be valuable? What should it include?

  4. Gas Optimization: The current implementation stores metadata as strings. Would there be significant gas savings from alternative encoding?

  5. Integration with ERC-8004: Do you see synergies between identity verification and trustless execution that we should explore?

  6. Revocation Semantics: Is the current revocation model (permanent, dual-path) appropriate, or should we support un-revoke capabilities or time-limited revocations?

Technical Specifications

Contract Details:

  • Solidity: ^0.8.20
  • Dependencies: OpenZeppelin Contracts (Ownable, Pausable)
  • Network: Sepolia Testnet (production deployment planned)
  • Gas Costs (measured on local testnet):
    • Fingerprint registration: ~192k gas
    • Behavioral trait registration: ~216k gas
    • Verification: 0 gas (view function - free to call)

Security Considerations:

  • All state-changing functions protected by whenNotPaused
  • Owner-only admin functions for emergency management
  • Event logging for complete audit trail
  • No external contract dependencies beyond OpenZeppelin
  • Ownership transfer mechanism available for key compromise scenarios
  • Revocation is permanent to prevent identity resurrection attacks

Version History

  • 2025-11-30: Initial Proposal for Community Feedback

Outstanding Issues & Roadmap

  • Standardization: Determine if this should be a standalone ERC or an extension of existing identity standards.
  • Storage Optimization: Investigate gas-efficient storage for behavioral traits (e.g., IPFS hash vs. on-chain data).
  • SAE Integration: Research and specify the format for Sparse Autoencoder feature activation patterns.
  • Governance: Refine the revocation and dispute resolution mechanisms based on community feedback.

Next Steps

I’m interested in:

  1. Technical feedback on the smart contract design and architecture - please comment below or open GitHub issues
  2. Community discussion on AI identity verification standards - would this be valuable as an ERC?
  3. Potential collaboration with ERC-8004 authors or related projects - if you’re working on AI agent infrastructure, let’s connect
  4. Real-world testing - if you’re deploying AI agents and want to pilot this system, reach out

Thanks for reading! Looking forward to your thoughts and feedback. Feel free to comment here or engage on GitHub.