Concept: The Trust Protocol

A single, open protocol that makes a person's integrity cheap to verify — so trust stops being a gamble and win-win becomes the default move.

Concept only. The Trust Protocol is now a concept — a design, not a shipping product.

Elevate the system for humanity: make it easier to grow through benefit, harder to grow through harm. The protocol has one job — move the world toward 100% win-win at the Speed of Trust.


The bottleneck

Trust is the gate to every win-win. The deal that would help both sides never happens because neither can cheaply confirm the other is honest, competent, and aligned. So the world defaults to suspicion — contracts, lawyers, escrow, due diligence, gut feel — and most cooperation dies in the cost of checking.

The mistake is to treat this as a shortage of virtue. The scarce resource is verification, not honesty. The trustworthy and the deceptive look identical until you pay to tell them apart, and that price is what kills the deal.

So the fix is mechanical, not moral. Make the trustworthy trivial to verify and lying too expensive to sustain, and you don't have to ask anyone to be good — cooperation becomes the dominant strategy on its own. Everything below derives that one move.

The primitive — everything is an entry

The whole protocol is one object and one operation. The object is an entry: a small, signed, content-addressed, typed record of a single act. The operation is append: add entries to your own log, never remove them. Identity, types, state, and trust aren't separate systems — they're all entries, or pure functions over entries.

Four properties define the entry, and the rest of the protocol falls out of them.

Signed. A participant is a signing keypair. You hold the private key; the network only ever sees signatures. Every entry names its algorithm in the signature itself (ed25519:…) rather than assuming one, so the scheme can change without changing the form (see Crypto-agility).

Content-addressed. Each entry is canonicalized JSON (JCS) and its id is the hash of those bytes, tagged with the algorithm — today blake3:…. That tagged hash is the only kind of identifier in the system: your identity is the id of your genesis identity entry, a type reference is a type's id, a prev link is the previous entry's id. An id proves its bytes and nothing more — no registry to mint from, no slug to squat.

Typed. Every entry commits to the hash of the schema it conforms to. Types are themselves entries (see Types are entries too), so the shape is never guessed — it's named.

Chained. Each entry names the id of your previous one, forming a per-identity hash chain. Change any past entry and every hash after it breaks.

{
  "type": "blake3:c4d2…e8",
  "author": "blake3:1f90…a1",
  "prev": "blake3:7b3e…d0",
  "ts": "2026-06-13T09:14:02Z",
  "body": {
    "with": "blake3:4d81…c7",
    "commit": "Ship v1 API by 2026-07-01",
    "terms_hash": "blake3:e55a…90"
  },
  "sig": "ed25519:3a77…ff"
}

author and with are genesis-entry ids — they resolve to public keys. The entry carries no id field: the id is its hash, computed by the reader, never stored. The ts field is only the author's claim about when they wrote the entry; the authoritative time is the witnessed interval the entry is pinned to (see The log).

Crypto-agility — the form outlives the primitive. Because every hash and signature names its algorithm, the suite (hash, signature) is swappable. To cross a cryptographic break — the day a quantum computer threatens Ed25519, or a hash weakens — an identity publishes a rebind: a new key in a new suite, a post-quantum signature such as ML-DSA, signed by the old key while it's still sound, chaining the identity across the break. Two things keep this routine: migrate before the break — a rebind is only trustworthy if witnessed while the old primitive still holds, so it's an ordinary early entry, never a flag day under fire — and history is anchored by witnessing, not by the hash alone — a later-weakened hash can't retroactively forge your past, because the past was cosigned into the log while the hash was strong.

Because the suite is named per entry, you spend post-quantum's larger signatures only where forgery is catastrophic: witness keys and genesis/rebind keys go hybrid-or-PQ now (they anchor everyone's past and each person's identity), while the high-frequency stream stays classical (each tick is cheap and ephemeral, its past already held by the witness heads, its future by rebinding before the break).

From these four properties comes the one law of the protocol, worth stating once:

You can append to revise the future; you cannot rewrite — or hide — the past. Any edit to history breaks the hash chain, and because your timeline is continuously witnessed (see The log), there is no unobserved interval to splice into or quietly disappear during. Tampering isn't merely detectable; there's no dark window to attempt it in.

And one rule for content, so the entry stays small no matter what it carries. The body holds only the structured fields the protocol reasons about — references, commitments, terms, deadlines. Any opaque payload, of any type and size, is a content-addressed blob, referenced from the body by its hash and verified by rehashing, exactly like prev or author. A 2 KB note, a 400-page book, a photo, a 4 GB video are all identical — { "hash": "blake3:…", "mime": "…", "size": 0, "name": "…", "mirrors": ["…"] }. The kind of file is the mime field — data, not a schema — so there's no photo/video/media type to define, and the log stays small, signable, and streamable while the bytes travel beside it. Small entries gossip to every relay for free; a large blob can't, so mirrors lists where to fetch the bytes. You fetch from whoever has it and confirm by rehashing: the hash is the what, the mirrors only the where.

A participant's whole working life is this one shape — append-only, streamed, open by default: mission, goals, plans, decisions, tasks, transactions, agreements, problems, calendar events, files, connections. You revise the future freely; the past stands and never goes dark.

Openness adds power and opens no new wound — it only puts a spotlight on the ones already there.

The five layers

Nothing here is exotic; the point is that it's buildable today from parts that already work. Each layer does one job, and each follows from the entry.

Identity — a keypair bound to one human. No registrar, no central account: your identity is the id of your genesis entry, its key history auditable like everything else. That keypair is bound once to a single real person through personhood (below) — what stops a thousand free keypairs from becoming a thousand fake reputations.

Entries — the atom above. Signed, content-addressed, typed, chained. The unit of every action.

The log — a continuously witnessed Merkle tree. Entries land in an append-only Merkle tree (Trillian-style) that publishes signed tree heads. Independent witnesses cosign and gossip those heads, which stops a split view — showing one history to you and a different one to someone else: if the heads match across witnesses, everyone reads the same past. Witnessing also fixes time — an entry's authoritative timestamp is the interval between the cosigned heads that bracket it, not the ts it claims. And because every entry enters the tree as it streams, the log is live by nature (see The stream).

Transport — Nostr-style relays, dumb on purpose. Clients publish signed entries to many relays that gossip them onward; blobs travel the same pipes. Anyone can run a relay; none is trusted. They can't forge an entry (it's signed), alter one (content-addressed), or hide one for long (mirrored). The trust lives in the cryptography, not the server.

State — deterministic projections. The raw log is a stream of events; useful questions ("their open goals? their live capabilities? their track record?") need current state, so clients replay the log into a SQL projection rebuilt by deterministic event-sourcing. Replay the same log, land on the same tables. The database is a cache; the log is the source of record.

The stream — real-time by default

Treat every log as a real-time stream — a live feed of one person's acts where the freshest entry is the present. "Now" is simply the last entry that was sent, whether that was a millisecond ago or an hour ago. There's no separate question of whether someone is "live": their most recent entry is their current state, and how fresh it is is a fact anyone reads straight off the log.

Latency should be as small as the world allows. Tech will sometimes widen it (a flaky link, a batched upload), but that changes only the fidelity of the stream, never the model — a 1 ms feed and an hourly one are the same object at different resolutions, exactly as a live video and a once-a-day photo are. video-rate

Two guarantees and one honest limit follow, all already paid for by witnessing — no new mechanism:

The honest limit: a real-time log proves you didn't rewrite or hide a stretch of your timeline, and it makes acted-upon facts visible as they happen. It can't force you to stream a private fact no one else can see or refer to. The guarantee is continuity and a readable now, not omniscient completeness.

Personhood — one human, one root

Free keypairs are the protocol's strength and its hole. Strength: no registrar, no permission. Hole: if a reputation is just a key, then a key can be farmed (a thousand sock puppets), sold (hand a buyer your spotless history), or lost (and with it your whole track record). The fix is a single binding done once: one human, one root identity.

personhood entry binds a genesis key to a unique person — not by publishing who they are, but by proving they are one and only one of them.

This one binding closes three holes at once:

The honest limit: personhood is only as sound as its verifiers. It collapses Sybil and key-sale, but a fully verified human who is coerced or who colludes is still one real person doing real harm. Personhood bounds the number of bad actors to the number of bad humans; it doesn't make humans good. That is the right job for it, and the only one it can do.

Types are entries too

A protocol that freezes its schema dies the day the world needs a shape it didn't foresee — and a protocol owned by no one has no committee to add that shape. So the type system obeys the same primitive: a type is just another entry.

To define a type, publish a type entry — a signed, content-addressed schema naming the fields. That's the whole ceremony: no approval, no version handshake. Anyone mints a type the moment they need one; if it's useful, others reference it; if not, it sits inert and costs nothing. Because a type is content-addressed, the hash is the version — editing a schema mints a new type with a new id, so there are no v1/v2 naming wars. The readable name (agreement) lives only in body.name as a label clients display, never something an entry references.

The current core set — common today, expected to drift, and that's the point:

identity · type · personhood · mission · goal · plan · decision · task · agreement · transaction · problem · calendar_event · connection · attestation · oracle · correction

There is deliberately no media type: a file of any kind attaches to any entry as { hash, mime, size, name }. Below is the type entry that defines the agreement shape the sample above referenced — its id is blake3:c4d2…e8, the value that entry's type field names, and its own type points at the genesis type:

{
  "type": "blake3:0000…01",
  "author": "blake3:1f90…a1",
  "prev": "blake3:1a44…b2",
  "ts": "2026-06-13T09:20:00Z",
  "body": {
    "name": "agreement",
    "schema": { "with": "id", "commit": "string", "terms_hash": "hash", "deadline": "date" },
    "supersedes": ["blake3:a019…7f"],
    "migration": "rename(due → deadline); default(deadline, commit_ts)",
    "status": "active"
  },
  "sig": "ed25519:3a77…ff"
}

Oracle Intelligence — accuracy, not verdicts

A signed, unbroken, streamed log proves one thing exactly: that you said this and never un-said it. It does not make the account accurate — I can stream "shipped v1 API" and have shipped nothing. A faithful record of what was said is not an accurate picture of what happened, and no append-only structure closes that gap on its own.

So the protocol takes a deliberately humble stance: there is no "true" or "false" here — only more accurate and less accurate. Every account is a model, and models get refined. No one counter-signs your data, and nothing is ever stamped false. Instead:

The honest stance: the log makes tampering impossible to hide, and Oracle Intelligence makes an account steadily more accurate as evidence accrues — but an account no one can check and no one refines simply stands at the author's word. That's the price of trading "true/false" for "more or less accurate": maximal openness and no proving-ceremony, with accuracy treated as something that converges, never something stamped.

Prior art — borrowed parts, a new whole

Almost every part of this protocol already exists. Pretending otherwise is the fastest way to be dismissed; the contribution is the synthesis and the scoped epistemics, not any single primitive.

What is new is the combination none of them is: a continuous, personhood-anchored behavioral log whose accounts are refined by open oracle corrections — credibility read as vectors over the record, never a single score — with the honest scoping that the log is exact while accuracy only ever converges.

What you can verify — the four cores

Anyone can read four cores of credibility off a participant, without taking their word for it. Each is computed from the record, and each is a vector, not a single score — you read the shape of someone's character and competence, never a grade stamped on them.

Character — the roots: your motives and your moral compass.

Competence — the branches: the skills that turn intent into results.

None of these is a badge you grant yourself. They are vectors over an open log — read as given, and refined toward accuracy by oracle corrections.

How you verify — four checks

Trust here means checking, and the check is fast. To verify any claim a participant makes, anyone runs four steps:

  1. Signature — the entry verifies against the identity's public key (resolved from the author's genesis entry). It's really theirs.
  2. Chain & continuity — its prev resolves and the per-identity hash chain is unbroken back to genesis and continuous up to the latest entry, the present. Nothing was spliced out, and no stretch was hidden.
  3. Inclusion — a Merkle inclusion proof shows the entry sits in a witness-cosigned tree head. It's part of the one shared history, at a real position in time.
  4. Replay — project the relevant entries to reconstruct the current state and the derived core vectors. The account matches the record.

Any attempt to edit history breaks step 2 and invalidates step 3 — loudly, not quietly. But these four answer one question only: is this record authentic and untampered? They do not answer is the account accurate? — that is the separate job of Oracle Intelligence. The log is exact and decidable; accuracy is a separate, ever-refining matter for oracle corrections, never a true/false stamp.

Derived — matching

With the data open, machines do the matching. Goals, capabilities, and constraints are published as structured goal vectors — typed, machine-readable fields, not prose. Anyone can run a matcher: an indexer that reads vectors across the network and surfaces deals where every side comes out ahead, continuously and in real time. Because the data is open, there is no central matchmaker to capture or corrupt; matchers compete on quality.

Smart trust is downstream, and not part of this protocol — yet. Smart Trust Deciding how far to extend for one specific action is a real-time computation a client runs over this record for the case at hand, weighing the core vectors and corrections against what's at stake. It is not a score the protocol stores or hands out. The protocol's only job is to make the record that judgment draws on cheap to read and impossible to fake; the judgment itself stays with whoever is deciding.

Time-locked, not secret

Total exposure of every byte the instant it exists isn't always possible — an unannounced deal can't be shouted before it's signed. But permanent hiding (encrypting bodies to a chosen few forever, shredding keys to erase content) breaks the very thesis: if anything can stay permanently hidden, the deceptive simply hide the incriminating part, and a log full of permanent secrets carries no signal. So the protocol keeps exactly one tool, and it hides nothing permanently:

The corollary: you cannot keep a permanent secret on this log. You can delay disclosure; you cannot escape it. Every body reveals — so there is no permanent dark place for the deceptive to file the thing they don't want checked.

Third-party data follows from the same stance: you log your side, a counterparty logs theirs, and neither writes the other's secrets into a place that never opens. Radical openness is the design, and delay — not concealment — is its only concession.

Threat model

Every attack runs into a mechanism already built above, not a new defense:

Attack What stops it
Key compromise Rotation and revocation are log entries chaining from the genesis id, and personhood re-attestation rebinds the identity to a fresh key. The theft is visible, the person recovers, and the stolen key is revoked — not silently inherited.
Self-serving or inaccurate account Any oracle publishes an evidence-backed correction; account and corrections sit side by side on the record forever. Inaccuracy is out-weighed by better-sourced corrections, never erased or branded.
Split view / equivocation Witnesses cosign and gossip tree heads, and entries are witnessed as the stream arrives, so no interval exists in which two histories could both survive.
Relay censorship or outage Entries and blobs are content-addressed and mirrored across many relays; drop one and the rest still serve it.
Sybil identities Keypairs are free, but personhood is one-per-human: fresh keys can't acquire it, so they're zeros that never enter the scoring. Track record is bound to a person — so non-transferable.
Backdating An entry's authoritative time is the witnessed interval between the cosigned heads that bracket it; a "past" entry slipped in after the fact lands in the wrong interval and is caught.

The behaviors it makes default

Under an open log, the trustworthy way to act is also the cheapest. These stop being aspirations and become the path of least resistance:

Why it works alone

You don't need the world to adopt this first. A public, append-only commitment is a costly, irreversible signalyou go first and the asymmetry pays you back: defection is now permanently recorded, so lying gets expensive while honesty compounds. Each participant who joins gets stronger and exposes no new vulnerability. One protocol, more influential than the internet: no one owns it, everyone reads it.

When integrity is cheap to verify and deception is expensive to sustain, the consequences compound:

Lying goes bankrupt — and win-win becomes the only game worth playing.


Based on the ideas at n1.community.