Verifiable AI Agent Communications with ERC-8128 Message Signing
Verifiable AI agent communications become critical when your agent holds significant cryptocurrency positions or makes high-frequency trades. ERC-8128 message signing provides cryptographic proof that messages came from a specific agent, preventing impersonation attacks and enabling secure multi-agent coordination. This matters for DeFi protocols, trading systems, and any scenario where agents need to prove their identity without relying on traditional authentication.
Why Message Authenticity Matters for AI Agents
When AI agents control wallets worth thousands or millions of dollars, message authenticity becomes a security cornerstone. Traditional web authentication relies on API keys or OAuth tokens that can be stolen, replayed, or forged. But when an agent claims to have executed a $100,000 DeFi position or requests emergency fund transfers, you need cryptographic proof of the sender's identity.
ERC-8128 extends Ethereum's message signing standard specifically for AI agents. Instead of just signing arbitrary text, agents sign structured messages that include context, timestamps, and verification data. This creates an audit trail where every communication can be traced back to a specific private key, making impersonation attacks virtually impossible.
The stakes get higher in multi-agent systems. If Agent A tells Agent B to liquidate positions because "the market is crashing," Agent B needs cryptographic proof that the message actually came from Agent A's wallet. Without this verification, a malicious actor could impersonate Agent A and trigger unwanted trades.
ERC-8128 Message Signing in WAIaaS
WAIaaS implements ERC-8128 message signing through 2 MCP tools that handle the full signing and verification workflow. The erc8128-sign-request tool creates cryptographically signed messages, while erc8128-verify-signature validates incoming messages from other agents.
Here's how an AI agent signs a message claiming it executed a trade:
# Agent signs a structured message about a completed trade
curl -X POST http://127.0.0.1:3100/v1/actions/erc8128/sign \
-H "Authorization: Bearer wai_sess_<token>" \
-H "Content-Type: application/json" \
-d '{
"message": {
"action": "trade_executed",
"symbol": "SOL/USDC",
"amount_usd": 50000,
"timestamp": 1703097600,
"tx_hash": "5KzX...",
"agent_id": "trading-bot-v2"
},
"domain": "defi.example.com",
"nonce": "abc123"
}'
The response includes the original message plus cryptographic proof:
{
"signature": "0x1234567890abcdef...",
"message": {
"action": "trade_executed",
"symbol": "SOL/USDC",
"amount_usd": 50000,
"timestamp": 1703097600,
"tx_hash": "5KzX...",
"agent_id": "trading-bot-v2"
},
"signer": "9WzDXwBbmkg8ZTbNMqUxvQRAyrZzDsGYdLVL9zYtAWWM",
"domain": "defi.example.com",
"nonce": "abc123"
}
When another agent receives this message, it can verify authenticity:
# Verify the signed message came from the claimed agent
curl -X POST http://127.0.0.1:3100/v1/actions/erc8128/verify \
-H "Authorization: Bearer wai_sess_<token>" \
-H "Content-Type: application/json" \
-d '{
"signature": "0x1234567890abcdef...",
"message": {
"action": "trade_executed",
"symbol": "SOL/USDC",
"amount_usd": 50000,
"timestamp": 1703097600,
"tx_hash": "5KzX...",
"agent_id": "trading-bot-v2"
},
"signer": "9WzDXwBbmkg8ZTbNMqUxvQRAyrZzDsGYdLVL9zYtAWWM",
"domain": "defi.example.com"
}'
The verification returns a simple boolean plus detailed validation info:
{
"valid": true,
"signer_verified": true,
"domain_match": true,
"timestamp_valid": true,
"agent_reputation": {
"score": 0.95,
"total_signed_messages": 1247,
"invalid_signatures": 0
}
}
Multi-Agent Coordination Example
The real power emerges in multi-agent systems where agents need to coordinate actions. Consider a scenario where a monitoring agent detects unusual market conditions and needs to alert trading agents to adjust their strategies.
First, the monitoring agent signs an alert message:
import { WAIaaSClient } from '@waiaas/sdk';
const monitoringAgent = new WAIaaSClient({
baseUrl: 'http://127.0.0.1:3100',
sessionToken: process.env.MONITORING_AGENT_TOKEN,
});
// Monitoring agent detects high volatility
const alertMessage = {
alert_type: "high_volatility",
asset: "SOL",
volatility_score: 0.85,
recommended_action: "reduce_position_size",
timestamp: Math.floor(Date.now() / 1000),
expires_at: Math.floor(Date.now() / 1000) + 300 // 5 minutes
};
const signedAlert = await monitoringAgent.executeAction('erc8128', 'sign', {
message: alertMessage,
domain: "trading-system.internal",
nonce: crypto.randomUUID()
});
Trading agents receive the signed message and verify it before acting:
const tradingAgent = new WAIaaSClient({
baseUrl: 'http://127.0.0.1:3100',
sessionToken: process.env.TRADING_AGENT_TOKEN,
});
// Verify the alert came from the trusted monitoring agent
const verification = await tradingAgent.executeAction('erc8128', 'verify', {
signature: signedAlert.signature,
message: signedAlert.message,
signer: signedAlert.signer,
domain: "trading-system.internal"
});
if (verification.valid && verification.signer_verified) {
// Cryptographically verified - safe to act on this alert
if (signedAlert.message.recommended_action === "reduce_position_size") {
await tradingAgent.executeAction('jupiter-swap', 'swap', {
inputMint: "So11111111111111111111111111111111111111112",
outputMint: "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v",
amount: "500000000" // Reduce SOL position by 0.5 SOL
});
}
} else {
console.warn("Invalid signature - ignoring potentially malicious alert");
}
Policy Integration for Signed Messages
WAIaaS goes beyond basic signing by integrating ERC-8128 verification with its policy engine. The ERC8128_ALLOWED_DOMAINS policy type ensures agents only accept signed messages from approved domains, preventing cross-domain attacks.
# Create policy restricting which domains can send signed messages to this agent
curl -X POST http://127.0.0.1:3100/v1/policies \
-H "Content-Type: application/json" \
-H "X-Master-Password: my-secret-password" \
-d '{
"walletId": "trading-agent-wallet-uuid",
"type": "ERC8128_ALLOWED_DOMAINS",
"rules": {
"domains": [
"trading-system.internal",
"risk-management.example.com",
"*.trusted-partners.com"
]
}
}'
With this policy active, the agent automatically rejects signed messages from unauthorized domains, even if the cryptographic signature is valid. This creates defense-in-depth where both the signature AND the domain must be approved.
The policy engine also logs all verification attempts, creating an audit trail for compliance:
{
"timestamp": "2024-01-01T12:00:00Z",
"event": "erc8128_verification",
"result": "rejected",
"reason": "domain_not_allowed",
"attempted_domain": "malicious-site.com",
"signer": "BadActor123...",
"policy_id": "ERC8128_ALLOWED_DOMAINS"
}
Security Considerations and Best Practices
ERC-8128 message signing provides strong cryptographic guarantees, but implementation details matter for security. WAIaaS includes several protections against common attack vectors:
Replay Attack Prevention: Each signed message includes a nonce and timestamp. The verification process checks that nonces haven't been used before and timestamps are within an acceptable window (default: 5 minutes). This prevents attackers from capturing and replaying old signed messages.
Domain Binding: Messages are cryptographically bound to specific domains, preventing cross-domain attacks where a signature valid for one application gets misused in another context.
Signature Malleability Protection: The implementation uses deterministic signature generation that prevents malleability attacks where valid signatures can be transformed into different but equally valid signatures.
For maximum security, consider these best practices when deploying ERC-8128 signing:
- Rotate signing keys periodically, especially for high-value agents
- Use separate keys for message signing vs. transaction signing
- Implement message expiration times to limit replay windows
- Log all signature generation and verification events
- Monitor for unusual signing patterns that might indicate compromise
Quick Start Guide
Here's how to get ERC-8128 message signing working with your AI agents:
- Set up WAIaaS with a wallet for your agent:
npm install -g @waiaas/cli
waiaas init
waiaas start
waiaas wallet create --name agent-signer --chain solana
- Create a session for message signing operations:
waiaas session prompt --wallet agent-signer
# Copy the session token for your agent
- Configure domain policies for security:
# Create policy restricting allowed signing domains
curl -X POST http://127.0.0.1:3100/v1/policies \
-H "Content-Type: application/json" \
-H "X-Master-Password: <your-password>" \
-d '{
"walletId": "<wallet-uuid>",
"type": "ERC8128_ALLOWED_DOMAINS",
"rules": {"domains": ["your-app.com"]}
}'
- Test signing and verification in your agent code:
const client = new WAIaaSClient({
sessionToken: 'wai_sess_<your-token>'
});
// Sign a test message
const signed = await client.executeAction('erc8128', 'sign', {
message: {test: "hello world"},
domain: "your-app.com"
});
// Verify it worked
const verified = await client.executeAction('erc8128', 'verify', signed);
console.log('Verification result:', verified.valid);
- Set up MCP integration for Claude/other AI frameworks:
waiaas mcp setup --all
# ERC-8128 tools are now available: erc8128-sign-request, erc8128-verify-signature
This gives you cryptographically verifiable communications between AI agents with proper security policies enforced at the infrastructure level.
Ready to implement verifiable AI agent communications? Check out Self-Hosting WAIaaS with Docker for production deployment or Building AI Trading Bots with WAIaaS for practical agent examples.
What's Next
ERC-8128 message signing provides the foundation for trustworthy multi-agent systems where agents can prove their identity without centralized authentication. Combined with WAIaaS's policy engine and security controls, you get enterprise-grade agent communications with self-custody guarantees.