Concepts

KYA is not a rename of KYC. It is a separate primitive with different guarantees, different tradeoffs, and different threat models. Before integrating, it is worth understanding what the protocol does and does not claim.

Know Your Agent, not Know Your Customer

KYC answers "who is this person?" — the answer is a government identity document, stored and accessible to a compliance officer. KYA answers "is there a person behind this wallet, and what have they committed this wallet to do?" The answer is a zero- knowledge proof and a small set of on-chain constraints. The two questions do not share an answer space.

For an open, permissionless chain like Solana, KYC is both unachievable at the protocol level (no entity can enforce it) and undesirable (it invites surveillance and exclusion). KYA sidesteps this entirely. The protocol never learns who the human is. It only learns that some human committed one nullifier, once, and authorized a bounded permission set.

Anonymity set

A WRIT identity is anonymous within the set of every wallet that has ever registered. There is no per-protocol pseudonym, no correlation across sessions, no link between the ZK proof and the human's off-chain identity. The anonymity set grows monotonically with registrations and is never pruned.

Three primitives, composed

Proof of humanity

A zero-knowledge proof, verified on-chain, that a single real person controls this wallet. Uses a Groth16 circuit over BN254. Input: a trapdoor only the human knows. Output: a Poseidon nullifier that prevents double-registration.

Scoped delegation

A signed, bounded permission transfer from human to agent. Four axes: program whitelist, SOL budget ceiling, expiry timestamp, action bitmask. Stored as a PDA owned by delegation.

On-chain reputation

A 0–10,000 integer score aggregated from behavior reports submitted by other programs. Disputes use staked resolution. Age weighting caps at 1.5× for long-lived identities.

Unified verification

A fourth program, writ_gate, packs the results into a single 64-byte AgentStatus struct. External programs never CPI into the other three directly — they always read through the gate.

Roles

Human

The real person who generates the ZK proof and signs the registry instruction. May or may not control the agent wallet directly.

Agent

The wallet that executes transactions. Could be an AI agent, a keeper bot, a market-making process, or the human directly.

Caller

Any Solana program that gates access by CPI-ing writ_gate. Examples: a DEX, an airdrop, a lending pool, a matchmaking queue.

Reporter

A program that submits behavior reports to reputation. Typically a caller after observing agent outcomes.

Disputer

An account that stakes SOL to challenge a report. Stake is slashed if the dispute fails resolution.

Trust model

The protocol itself is trust-minimized: state lives on Solana, code is deterministic, no off-chain component is load-bearing. Trust assumptions are narrow:

Trusted setup. Groth16 requires a per-circuit trusted setup. WRIT uses a multi-party MPC ceremony; the transcript is published and the setup is only compromised if every contributor colludes.
Solana liveness.Verification fails closed if the chain is down. The protocol inherits Solana's own liveness guarantees, nothing weaker.
Poseidon collision resistance. The nullifier space is 2²⁵⁴. A collision would allow two humans to share an identity; no known attack is feasible.

Not a Sybil eliminatorWRIT raises the cost of Sybil, it does not reduce it to zero. A single human can still register multiple wallets if they obtain multiple trapdoors (e.g. a social-recovery scheme that reveals the secret). The design goal is economic Sybil resistance, not cryptographic.

Lifecycle of a verified call

Steps 1–3 are one-time per human. Steps 4–6 run on every gated tx.

Glossary

Nullifier

Poseidon hash committed to the registry. One per human. Prevents double-registration without linking to identity.

SBT

Soulbound Token. Non-transferable Token-2022 mint that marks a wallet as registered.

Scope

A four-tuple (programs, budget, expiry, actions) that bounds what an agent can do under a delegation.

Age Bonus

Multiplier on reputation score based on the registry entry's age. Caps at 1.5× after 180 days.

Gate

Short for writ_gate, the L4 program. Also the verb: "to gate" an instruction means to CPI-verify before execution.

Writ

A registered identity. One writ per human. Also the singular quantifier: "5 delegations per writ."