AT1C: Sovereign Identity and Verifiable Authorization for AI Systems One Human. One Identity. Infinite Agents. Abstract
AI systems increasingly act on behalf of users, yet lack verifiable mechanisms to prove that actions were explicitly authorized. Existing identity systems are custodial, revocable, and insufficient for regulatory compliance.
The EU AI Act (2026) mandates human oversight for high-risk AI systems. However, current implementations rely on logs and implicit consent, which are not cryptographically verifiable.
AT1C introduces a non-custodial identity protocol where:
Identity is a user-owned cryptographic asset Actions are bound to explicit, signed authorization policies AI agents operate within mathematically enforceable limits Digital identity persists beyond the user lifecycle
This enables provable compliance with human oversight requirements.
- Introduction
Digital identity systems today are platform-controlled.
Users authenticate via credentials but do not own their identity. Actions taken by software agents are inferred from session control rather than explicitly authorized intent. This creates ambiguity in accountability and regulatory exposure.
Simultaneously, digital identity lacks persistence:
Accounts can be revoked Data can be lost Assets may become inaccessible upon death
A new model is required where identity is:
Owned by the individual Cryptographically verifiable Persistent across time and systems
AT1C provides such a model.
- Regulatory Context: EU AI Act (Article 14)
The EU AI Act requires that high-risk AI systems implement effective human oversight.
This includes the ability to:
Ensure humans can intervene or override decisions Demonstrate that actions are subject to human control Provide evidence of oversight in case of audit or dispute Limitation of Current Systems
Current approaches rely on:
UI confirmations (“Approve” buttons) Server-side logs Terms of service agreements
These methods:
Are not cryptographically binding Can be disputed Do not prove parameter-specific consent AT1C Approach
AT1C replaces implicit consent with explicit, signed authorization policies.
Each action performed by an AI agent must:
Conform to a user-defined policy Be validated against a cryptographic signature Produce a verifiable receipt
This creates a direct, auditable link between:
User Intent → Policy → Agent Action
- The Problem 3.1 Custodial Identity
Identity is controlled by platforms, not users.
3.2 Non-Verifiable Authorization
Actions are not explicitly signed by users at the parameter level.
3.3 Lack of Persistence
Digital identity and assets do not reliably survive user death.
- The AT1C Model
AT1C defines identity as a sovereign cryptographic object anchored on-chain.
Each identity consists of three composable profiles:
Public Profile — verified identity and credentials Anonymous Profile — pseudonymous interactions Life-Cycle Profile — recovery and inheritance logic
All profiles are bound to a single root identity controlled by the user’s keys.
- Architecture 5.1 Logic Anchor (QRL Blockchain)
Identity is represented as a native asset on the QRL blockchain.
Properties:
Ownership enforced by hash-based signatures (XMSS) Resistant to quantum attacks Minimal on-chain footprint (keys, hashes, state) 5.2 Secret Vault (Distributed MPC)
Sensitive data is fragmented across multiple nodes using multi-party computation.
Properties:
No single point of compromise Data is never reconstructed in one location Access requires threshold participation 5.3 Public Data Layer
Non-sensitive data is stored in distributed systems optimized for availability and redundancy.
5.4 Archival Layer
Critical identity commitments may be encoded into durable physical media (e.g., optical glass) for long-term persistence.
- Authorization Framework
AT1C enforces policy-bound authorization.
A policy defines:
Allowed action(s) Parameter constraints Time validity
A valid authorization is:
AUTH = Sign_user(policy)
An agent execution is valid only if:
Verify(AUTH, action_parameters) == true Properties: Actions outside policy are invalid Enforcement occurs before execution Authorization is non-repudiable 7. AI Agent Oversight
AT1C enables deterministic human oversight.
For each agent action:
A policy is defined by the user The policy is cryptographically signed The agent executes within those constraints A receipt is generated
This provides:
Ex-ante control (before execution) Ex-post verification (after execution) Compliance Mapping (EU AI Act Article 14) Requirement AT1C Mechanism Human control User-defined policy Oversight Pre-execution validation Intervention Policy revocation / expiry Auditability Cryptographic receipts 8. Inheritance Mechanism
AT1C implements a dual-condition activation model.
Condition A: Time-Lock
User inactivity beyond a defined interval.
Condition B: Attestation
Confirmation by designated guardians or verifiable sources.
Execution occurs only if:
Condition_A && Condition_B == true Properties: Prevents premature activation Protects against coercion Enables deterministic transfer of assets 9. Cryptographic Design
AT1C uses hybrid signatures:
SIG = SIG_classical || SIG_post_quantum Classical: Ed25519 Post-Quantum: XMSS / Dilithium
Security is preserved if at least one scheme remains secure.
- Security Model
AT1C assumes:
Adversaries may control networks or storage nodes Cryptographic primitives remain secure Users retain control of private keys
Security is achieved through:
Decentralization Data fragmentation Cryptographic enforcement 11. Applications AI agents with provable authorization Financial transactions with bounded risk Digital inheritance systems Cross-platform identity 12. Conclusion
Digital identity must evolve from access control to ownership.
Without ownership:
Users depend on platforms
Without verifiable authorization:
Systems lack accountability
Without persistence:
Digital assets are transient
AT1C defines identity as:
User-owned Cryptographically enforced Persistently transferable References QRL (Quantum Resistant Ledger) XMSS (Hash-Based Signatures) CRYSTALS-Dilithium Multi-Party Computation (MPC) EU AI Act (Article 14: Human Oversight) AT1C
Choose Freedom.
