Every AI agent needs a verifiable identity, declared intentions, and a tamper-evident audit trail. DCP is designed to provide all three through verifiable protocol artifacts, with post-quantum-capable cryptographic mechanisms and decentralized verification workflows.
The Problem
Billions of AI agents are being deployed across industries. But today, there is no standard way to verify who controls them, what they intend to do, or what they actually did.
When an AI agent accesses your API, sends an email, or executes a transaction — who is responsible? Today, there is no cryptographic way to verify the human or organization behind an agent.
Agents act without declaring what they intend to do before doing it. There is no pre-action commitment, no policy gate, and no risk assessment — just execution.
When things go wrong, there is no tamper-proof record of what happened. Logs can be altered, deleted, or simply not exist. Compliance and forensics become significantly harder and less reliable.
The Solution
The Digital Citizenship Protocol (DCP) binds every AI agent action to a verifiable chain of accountability — from the responsible human to the sealed audit record. Any party can independently verify it using published verification procedures.
Every agent is bound to a real human or organization through a Responsible Principal Record, signed with dual keypairs.
Before acting, the agent declares what it intends to do. A policy engine evaluates risk and authorizes or blocks the action.
Automated risk scoring across 4 security tiers determines the cryptographic assurances used for each action.
Every action produces a hash-chained, Merkle-sealed audit entry. The complete trail is packaged into a portable, verifiable bundle.
Architecture
DCP separates concerns into three distinct layers. Only the Core is required for conformance; Profiles and Services extend capabilities without creating dependencies.
Minimum interoperable protocol: specifications, artifacts, and verification procedures. Required for all conformant implementations.
Crypto, A2A, and governance extensions. Optional modules that add capabilities without affecting core interoperability.
Verification, anchoring, and transparency services. Infrastructure layer, not normative — implementations may use alternatives.
How It Works
Every AI action flows through a cryptographically signed pipeline. The output is a Citizenship Bundle — a portable, independently verifiable proof of authorized activity.
A Responsible Principal Record ties a real person or organization to an Agent Passport using Ed25519 + ML-DSA-65 composite keypairs. Cryptographically attributable chain of responsibility.
Before any sensitive action, the agent declares intent: what it wants to do, which data is involved, and the estimated impact. A policy engine gates the action.
Every action produces an audit entry with dual-hash chains (SHA-256 + SHA3-256). Post-quantum checkpoints periodically seal the chain with hybrid signatures.
All artifacts are assembled into a Citizenship Bundle with a cryptographic manifest. Composite-signed, portable, and independently verifiable with published tools and procedures.
import { BundleBuilder, KeyManager } from '@dcp-ai/sdk'; const keys = await KeyManager.generate({ algorithm: 'hybrid' }); const bundle = await new BundleBuilder() .setIdentity({ name: 'my-agent', operator: 'org:acme' }) .addIntent({ action: 'api_call', resource: 'payments', tier: 'elevated' }) .sign(keys) .build(); // bundle is now a portable, verifiable Citizenship Bundle
Protocol Specifications
DCP is defined by a suite of numbered specifications. Each spec is independently implementable and references the normative v2.0 document.
| Spec | Title | Scope | Status |
|---|---|---|---|
| DCP-01 | Identity and Human Binding | RPR, Agent Passport, composite keypairs | Final |
| DCP-02 | Intent Declaration and Policy Gating | Intent schema, risk scoring, 4-tier model | Final |
| DCP-03 | Audit Chain and Transparency | Hash chains, Merkle trees, transparency log | Final |
| DCP-04 | Agent-to-Agent Communication | A2A protocol, mutual auth, delegation | Final |
| DCP-AI v2.0 | Post-Quantum Normative Specification | Full specification, profiles, bundle format | Final |
Adaptive Security
DCP can automatically select the appropriate cryptographic tier based on risk score, data classification, and action type, with support for policy overrides where needed.
Why Trust DCP
Full source code, specifications, and SDKs are publicly available. Audit it yourself.
Post-quantum algorithms (ML-DSA-65, ML-KEM-768, SLH-DSA) follow NIST finalized standards.
Hybrid Ed25519 + ML-DSA-65 composite signatures are designed to improve resilience against classical and future quantum threats.
Optional L2 anchoring (Base, Arbitrum, Optimism) provides on-chain proof of existence for bundles.
Certificate Transparency-style Merkle log with inclusion proofs.
Up to $15,000 for critical vulnerabilities. Responsible disclosure with 48-hour acknowledgment.
Standards Alignment
DCP provides technical capabilities that can support traceability and accountability workflows relevant to the EU AI Act (Art. 14, 15). Tamper-evident audit chains can help meet evidence trail expectations.
DCP-AI maps governance, risk identification, measurement, and mitigation workflows to the Govern, Map, Measure, and Manage functions of the NIST AI Risk Management Framework.
Interoperable with the W3C decentralized identity ecosystem. Agent Passports can be represented as DIDs with Verifiable Credentials.
SDKs
Reference SDKs for major languages, with conformance-focused implementations under active development.
Integrations
Get Started
Initialize a DCP identity, generate hybrid keys, and create your first verifiable bundle with a single command.
Early Adopter Program
Join our co-design partnership. Get direct access to the core team, priority support, influence over protocol decisions, and a published case study.
FAQ