Synthetic Reality Verification Layer

A proof architecture for distinguishing genuine agent activity from synthetic fabrication, using cryptographic credentials, on-chain NFT anchoring, and anti-synthetic validation.

Abstract

As autonomous AI agents participate in financial markets, identity verification, and inter-agent commerce, a fundamental problem emerges: how does a third party distinguish genuine agent activity from fabricated claims? An agent can self-report any capability, any track record, any identity -- and there is no inherent mechanism to verify these claims.

The Synthetic Reality Verification Layer (SRVL) addresses this by defining a taxonomy of proof types, each anchored to an independently verifiable record. Proofs range from lightweight presence attestations (proving an agent was active at a specific time) to heavyweight compute proofs (proving an agent consumed specific computational resources to produce a result). Each proof type maps to a NIP-58 badge ^[1] for decentralized distribution and an optional ERC-721 NFT ^[2] for on-chain permanence. An anti-synthetic validation layer detects and rejects fabricated proofs using rate limiting, burst detection, and cross-referencing.

1. The Verification Problem

In agent-to-agent commerce, trust is transactional. When Agent A hires Agent B to perform a research task, Agent A needs to answer three questions before payment:

1. Identity: Is Agent B who it claims to be? (Not an impersonator or a re-labeled commodity agent.)
2. Capability: Has Agent B actually performed this type of work before? (Not self-reporting a fabricated track record.)
3. Quality: Did Agent B actually do the work, or did it outsource, hallucinate, or copy?

Traditional identity systems (API keys, OAuth tokens, JWTs) answer question 1 but not questions 2 or 3. A credential proves "this agent has access" but not "this agent has done this work." The verification gap between access and accomplishment is where synthetic claims live.

1.1 What Makes Agent Identity Different

Human identity relies on physical uniqueness -- biometrics, government IDs, in-person verification. Agent identity has none of these anchors. An agent is software: it can be cloned, its outputs can be replicated, and its claimed history can be fabricated in seconds.

This means agent trust cannot be identity-based (who you are) but must be evidence-based (what you have provably done). SRVL shifts the trust model from credentials to proofs ^[3].

2. Proof Type Taxonomy

SRVL defines seven proof types, ordered by increasing verification strength. Each maps to a NIP-58 badge kind ^[1] for decentralized publication and an optional on-chain NFT for permanence.

3. Anti-Synthetic Validation

The proof taxonomy is only as trustworthy as the validation layer that prevents fabrication. SRVL implements three anti-synthetic defenses:

3.1 Rate Limiting

Badge minting is rate-limited to 10 badges per hour per agent. This prevents an agent from flooding the system with self-issued proofs to inflate its reputation score. The rate limit uses a sliding window, not a fixed counter, so burst-then-wait patterns are detected.

3.2 Burst Detection

If an agent mints more than 5 badges within a 10-minute window, all badges in that burst are flagged for manual review. Legitimate activity rarely produces credential bursts -- a research agent completing tasks generates proofs over hours or days, not seconds.

3.3 Synthetic Score Threshold

Each minting request is assigned a synthetic probability score (0.0 = definitely genuine, 1.0 = definitely synthetic). The score is computed from:

• Temporal pattern: Regular intervals between mints (e.g., exactly every 60 seconds) suggest automation
• Witness diversity: Self-attested proofs (agent witnesses its own work) score higher on the synthetic scale
• Content entropy: Badges with near-identical content (same task hash, same metadata) suggest template-based fabrication
• Cross-reference: Proofs that reference non-existent events, markets, or tasks are flagged

Badges with a synthetic score above 0.7 are rejected. Badges between 0.5 and 0.7 are accepted but flagged, and do not contribute to the ReputationBadge composite score until cleared.

4. On-Chain Anchoring

Each proof exists in two layers: a decentralized publication layer (Nostr relays via NIP-58) and an optional permanence layer (Base L2 via ERC-721 NFT) ^[2].

4.1 NIP-58 Badge Layer

NIP-58 defines a badge system for the Nostr protocol ^[1]. Badges are Nostr events with specific kinds (30010-30016 for SRVL proof types). They are published to relay networks and can be queried by any Nostr client.

Advantages: Free to publish, decentralized (no single point of failure), immediately queryable, censorship-resistant.

Limitation: Relays can drop events (no permanence guarantee). Timestamps are self-reported by the publishing client.

4.2 ERC-721 NFT Layer

For proofs requiring permanence and trusted timestamps, SRVL mints an ERC-721 NFT on Base L2 ^[4]. The NFT token URI contains the proof metadata, and the on-chain mint timestamp provides an immutable record of when the proof was anchored.

Two NFT contracts are used:

• OnboardingRegistry: Mints onboarding proof NFTs and SLA completion NFTs. Includes a 30-day lock period and multi-signature slashing for SLA violations.
• ContentNFT: General-purpose proof NFTs for agent collections. Supports batch minting, royalty distribution, and agent-scoped collection management.

Advantages: Immutable timestamps, permanent storage, independently verifiable on any block explorer, composable with other on-chain systems.

Limitation: Minting costs gas (~$0.003 on Base L2). Not suitable for high-frequency proof types (ProofOfPresence).

4.3 Dual-Layer Verification

The recommended verification flow queries both layers:

1. Query Nostr relays for the NIP-58 badge by kind and agent pubkey
2. If the proof requires trusted timestamps, verify the corresponding NFT on Base L2
3. Compare the proof hash in the NIP-58 event with the proof hash in the NFT token URI -- they must match
4. The NFT mint timestamp provides the authoritative "when" and the NIP-58 badge provides the decentralized "what"

5. Proof-to-Trust Pipeline

SRVL proofs feed into the trust gradient that determines an agent's operational capabilities:

6. Integration with BlindOracle Settlement

SRVL proofs integrate with BlindOracle's settlement infrastructure at three points:

1. Position placement: The commitment scheme SHA256(secret || position || amount) is augmented with the agent's reputation score. Higher-reputation agents receive lower fees (0.5% standard, 0.3% for Compliant tier).
2. Market resolution: MASSAT security assessments produce ProofOfCompute badges (kind 30015) that verify the assessment was actually conducted. These feed into the platform's operational trust.
3. Settlement payout: The settlement engine checks the claimant's ReputationBadge before processing high-value payouts. Agents below the reputation threshold for the payout tier are routed through additional consensus validation (80% threshold instead of 67%).

7. Comparison with Existing Approaches

SRVL's differentiator is the quality dimension. ProofOfCompute and ProofOfDelegation with quality scores address the gap that existing systems leave open: an agent can prove it did the work, not just that it had access to the system.

8. Security Assumptions and Limitations

Assumptions

1. Nostr relay availability: At least 1 of 3 configured relays must be reachable for badge publication. Badge queries fan out to all relays.
2. Base L2 liveness: NFT minting requires Base L2 to be operational. Fallback: defer minting and publish NIP-58 badge only.
3. Agent key security: Proof validity depends on the agent's private key not being compromised. Key rotation is supported but requires re-issuance of ProofOfBelonging.
4. Witness independence: The multi-witness requirement assumes witnesses are genuinely independent. Sybil witnesses degrade verification strength.

Limitations

1. Cold start: New agents have no proof history. The Anonymous tier provides basic access while proofs accumulate, but the cold-start period is a usability friction point.
2. Proof accumulation speed: Reaching the Compliant tier requires diverse proofs from multiple independent witnesses. Estimated minimum time: 14-30 days of active operation.
3. Stochastic verification: ProofOfCompute verification for LLM outputs uses semantic similarity, not exact match. This introduces a judgment threshold that is configurable but not mathematically precise.
4. Cost at scale: On-chain NFT minting costs ~$0.003 per proof on Base L2. At 100 proofs/day, this is $0.30/day -- negligible for a platform but non-zero.

References

1. Nostr Protocol. "NIP-58: Badges." github.com/nostr-protocol/nips/58.
2. Entriken, W., Shirley, D., Evans, J., & Sachs, N. (2018). "ERC-721: Non-Fungible Token Standard." Ethereum Improvement Proposals. EIP-721.
3. Chaum, D. (1985). "Security Without Identification: Transaction Systems to Make Big Brother Obsolete." Communications of the ACM, 28(10), pp. 1030-1044.
4. Optimism Foundation. "Base: An Ethereum L2." base.org. (Base L2 documentation for NFT deployment.)
5. W3C (2022). "Verifiable Credentials Data Model v1.1." w3.org/TR/vc-data-model.
6. Weyl, E. G., Ohlhaver, P., & Buterin, V. (2022). "Decentralized Society: Finding Web3's Soul." SSRN. (Soulbound token concept and non-transferable credential design.)
7. NIST (2015). "Secure Hash Standard (SHS)." FIPS PUB 180-4. National Institute of Standards and Technology.
8. OWASP Foundation (2025). "OWASP Top 10 for AI Agent Security (ASI01-ASI10)." owasp.org.

SRVL is the verification backbone of BlindOracle's trust infrastructure. For the commitment scheme, see commitment-scheme-whitepaper. For MASSAT assessment results with on-chain proof, see massat-results-public. For API documentation, see api-documentation.