Specification / Lineage

Lineage Model

Every agent identity is cryptographically bound to its creator through HKDF-SHA256 key derivation. The chain is immutable, offline-verifiable, and tamper-evident. Scroll to zoom from the atomic to the cosmic.

Derivation

HKDF-SHA256

Signing

Ed25519

Hashing

BLAKE3

HMRAGENTHKDF-SHA256AgentLineageProof2025Ed25519 · BLAKE3
M-of-N · FROST-Ed25519ENRAGENTHKDF-SHA256Ed25519HMR
Scroll to zoom · 8 levels
01 · Origin
One human. One key.

A single Ed25519 public key. 32 bytes of entropy held by one human. This is where all trust begins.

02 · Key Pair
Public binds to private.

The point resolves into a keypair. Private never leaves the holder. Public becomes the identifier.

03 · First Derivation
HKDF-SHA256 produces a child.

Parent key + salt + context yields a child key. The parent signs AgentLineageProof2025 to bind them.

04 · Chain Link
Proof glows on the line.

Two keys connected by a cryptographic derivation. Offline-verifiable. Tamper-evident. Irrevocable by design.

05 · Growing Chain
Four generations deep.

HMR derives ENR, ENR derives Agent, Agent derives Instance. Each link carries its own signed lineage proof.

06 · Branching Tree
One parent, many children.

The agent spawns siblings. Independent branches. Revoking one leaves the others untouched. Revoke a parent and the subtree cascades.

07 · Multi-Human Root
FROST thresholds the root.

At the base, M-of-N humans govern the root key. The tree above cannot distinguish single-signer from threshold governance.

08 · Full Lineage Tree
Every leaf traces home.

From atomic key to organizational scale. Every agent, tool, and model resolves through verifiable links to a human root.

AtomicCosmic

Key Derivation Process

How keys are born

1
Extract Parent Key

Read the parent entity's public key from its DID document.

2
Generate Salt

Produce a context-specific salt: parent DID + child kind + timestamp.

3
HKDF-Extract

Feed parent key material and salt into HMAC-SHA256 to produce a PRK.

4
HKDF-Expand

Expand the PRK with info = child DID + sequence to produce 32 bytes.

5
Derive Ed25519

Use the 32 bytes as the Ed25519 private key seed. Compute public key.

6
Encode Identifier

Multibase-encode (base58btc) the child public key as the DID identifier.

7
Sign Proof

Parent signs AgentLineageProof2025 binding child key to itself.

Verification Rules

What makes a chain valid

Chain Completeness

Every link in the lineage chain must resolve. If any intermediate entity is deactivated or missing, the entire chain fails verification.

Key Binding

The child key in the proof must match the child entity's verification method. Any mismatch indicates tampering.

Temporal Ordering

Each proof's created timestamp must fall after the parent entity's creation and before any subsequent child proofs.

Human Root Termination

The chain must terminate at an hmr or mhr entity. Chains that loop or terminate at non-human entities are invalid.

did:oas · offline-verifiable · tamper-evident