Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Binding Agent ID: Unleashing the Power of AI Agents with accountability and credibility

Zibin Lin, Shengli Zhang, Guofu Liao, Dacheng Tao, Taotao Wang

TL;DR

BAID presents a unified Binding Agent ID framework that binds human operators to autonomous AI agents using three orthogonal mechanisms: local biometric binding, on-chain identity management, and zkVM-based code-level authentication with recursive proofs. By combining biometric verification, zkKYC-enabled on-chain agent identities, and verifiable execution with zkTLS data provenance, BAID achieves cryptographic guarantees for operator legitimacy, configuration integrity, and full execution provenance, addressing code-substitution and accountability gaps. The authors implement a prototype with identity contracts, zkKYC workflows, and a complete zkVM-based authentication protocol, and demonstrate practical performance in gas costs and verification latency. This approach enables trustworthy, cross-domain agent collaboration with auditable liability while maintaining privacy and scalability in decentralized environments.

Abstract

Autonomous AI agents lack traceable accountability mechanisms, creating a fundamental dilemma where systems must either operate as ``downgraded tools'' or risk real-world abuse. This vulnerability stems from the limitations of traditional key-based authentication, which guarantees neither the operator's physical identity nor the agent's code integrity. To bridge this gap, we propose BAID (Binding Agent ID), a comprehensive identity infrastructure establishing verifiable user-code binding. BAID integrates three orthogonal mechanisms: local binding via biometric authentication, decentralized on-chain identity management, and a novel zkVM-based Code-Level Authentication protocol. By leveraging recursive proofs to treat the program binary as the identity, this protocol provides cryptographic guarantees for operator identity, agent configuration integrity, and complete execution provenance, thereby effectively preventing unauthorized operation and code substitution. We implement and evaluate a complete prototype system, demonstrating the practical feasibility of blockchain-based identity management and zkVM-based authentication protocol.

Binding Agent ID: Unleashing the Power of AI Agents with accountability and credibility

TL;DR

BAID presents a unified Binding Agent ID framework that binds human operators to autonomous AI agents using three orthogonal mechanisms: local biometric binding, on-chain identity management, and zkVM-based code-level authentication with recursive proofs. By combining biometric verification, zkKYC-enabled on-chain agent identities, and verifiable execution with zkTLS data provenance, BAID achieves cryptographic guarantees for operator legitimacy, configuration integrity, and full execution provenance, addressing code-substitution and accountability gaps. The authors implement a prototype with identity contracts, zkKYC workflows, and a complete zkVM-based authentication protocol, and demonstrate practical performance in gas costs and verification latency. This approach enables trustworthy, cross-domain agent collaboration with auditable liability while maintaining privacy and scalability in decentralized environments.

Abstract

Autonomous AI agents lack traceable accountability mechanisms, creating a fundamental dilemma where systems must either operate as ``downgraded tools'' or risk real-world abuse. This vulnerability stems from the limitations of traditional key-based authentication, which guarantees neither the operator's physical identity nor the agent's code integrity. To bridge this gap, we propose BAID (Binding Agent ID), a comprehensive identity infrastructure establishing verifiable user-code binding. BAID integrates three orthogonal mechanisms: local binding via biometric authentication, decentralized on-chain identity management, and a novel zkVM-based Code-Level Authentication protocol. By leveraging recursive proofs to treat the program binary as the identity, this protocol provides cryptographic guarantees for operator identity, agent configuration integrity, and complete execution provenance, thereby effectively preventing unauthorized operation and code substitution. We implement and evaluate a complete prototype system, demonstrating the practical feasibility of blockchain-based identity management and zkVM-based authentication protocol.

Paper Structure

This paper contains 45 sections, 16 equations, 6 figures, 4 tables.

Table of Contents

  1. Introduction
  2. Motivating Example: E-commerce Procurement
  3. The Gap: Autonomous Capabilities Without Identity Infrastructure
  4. Our Contributions
  5. Technical Preliminaries
  6. Blockchain
  7. Zero-Knowledge Virtual Machine
  8. Verifiable Credentials
  9. BAID System Overview
  10. BAID System Designs
  11. Local User-Agent Binding via Biometric Authentication
  12. Agent Architecture
  13. Biometric Template Registration and Verification
  14. On-Chain Identity Management
  15. Identity Management Smart Contract Framework
  16. ...and 30 more sections

Figures (6)

  • Figure 1: E-commerce laptop procurement workflow with security and accountability challenges across phases.
  • Figure 2: BAID system architecture: 1. Local User-Agent Binding mechanism; 2. On-Chain Identity Management; 3. Agents Authentication and Authorization Protocol.
  • Figure 3: Extended agent architecture with Identity module: integrating biometric authentication, cryptographic operations, and identity binding capabilities into the standard agent framework (Profile, Memory, Planning, Action).
  • Figure 4: Local binding registration workflow: biometric template generation and configuration document binding.
  • Figure 5: Registration and binding workflow showing UserID registration via zkKYC, AgentID generation, and on-chain AgentID registration.
  • ...and 1 more figures