Tethered Identity System

In the iuth ecosystem, robots are not treated as independent financial entities. Instead, they operate under a Tethered Identity model. This means a robot's digital identity is cryptographically subordinate to the human owner's master identity.

This structure allows for "Sovereign Ownership"—the robot acts on your behalf, but its existence and permissions are entirely derived from your root authority.

1. Hierarchical Key Derivation (HD Structure)

We utilize the BIP-32 and BIP-44 standards to generate a tree of keys from a single Master Seed (the user's iuth wallet).

  • Master Node (User): The root private key held securely on the user's mobile device.

  • Child Nodes (Robots): Each robot is assigned a unique derivation path.

The Derivation Path

We propose a custom derivation path structure for iuth-managed devices:

m / 44' / 501' / {Account}' / {Change} / {Index}

  • 501': Coin type for Solana.

  • {Account}': Represents the "Device Category" (e.g., 0 = Humanoids, 1 = Drones, 2 = Vehicles).

  • {Index}: The specific ID of the robot (e.g., Robot #1, Robot #2).

Why this matters:

If a robot is physically compromised or stolen, the owner does not need to move their entire asset portfolio. They simply "prune" that specific branch of the key tree (Revocation) without affecting other devices or the master wallet.

2. On-Chain Registry (Solana PDA)

While the key derivation happens off-chain (locally), the permissions and relationships are enforced on-chain using Program Derived Addresses (PDAs).

A PDA acts as the "Passport" for the robot, storing its metadata and current status on the Solana blockchain.

PDA Seed Structure

The Robot's Identity Account is derived deterministically on-chain:

// Pseudocode for PDA Derivation
let (robot_pda, bump) = Pubkey::find_program_address(
    &[
        b"robot_identity",       // Seed Prefix
        owner_pubkey.as_ref(),   // The Human Owner's Public Key
        robot_device_id.as_ref() // Unique Hardware ID (e.g., Serial/UUID)
    ],
    &program_id
);

Data Stored in the PDA

The RobotIdentity account stores the following critical information:

Field

Type

Description

owner

Pubkey

The wallet address of the human controller.

status

Enum

Active, Paused, Stolen (Blocks all txs).

permissions

Bitmask

Allowed actions (e.g., CAN_PAY, CAN_ACCESS).

spending_limit

u64

Daily/Weekly spending cap (e.g., 5 SOL).

expiry

i64

Timestamp for temporary access (rental scenarios).

3. The Authentication Handshake

When a robot attempts to interact with the iuth network, the following check occurs:

  1. Verification: The smart contract checks if the signer (Robot's Child Key) matches the registered robot_pda.

  2. Ownership Check: It verifies that the robot_pda is linked to a valid owner.

  3. Status Check: If the status is Stolen or Paused, the transaction is strictly reverted, regardless of the signature validity.

PreviousArchitectureNextThe "Human-in-the-loop" Protocol

Last updated