How Ed25519 Signed Records Make AI Accountable

When your AI agent executes an action, how do you prove it was that specific agent that did it? How do you prove the record has not been altered since it was created? And how do you prove this to someone who does not trust you? The answer is digital signatures — specifically Ed25519, the same signature scheme used by SSH, Signal, and the Tor network. Here is how Elydora uses Ed25519 to make AI agents accountable.

Digital Signatures in 60 Seconds

A digital signature scheme has three operations: Key generation creates a private key (kept secret) and a public key (shared openly). Signing uses the private key to produce a signature over a message — only the key holder can create this signature. Verification allows anyone with the public key to confirm the signature is valid.

If even a single bit of the signed message changes, the signature becomes invalid. This is not a policy — it is mathematics.

Why Ed25519

Elydora chose Ed25519 (defined in RFC 8032) over alternatives like RSA or ECDSA for specific technical reasons.

Speed and Efficiency

Ed25519 signature generation takes approximately 50 microseconds. Verification takes approximately 120 microseconds. For AI agents that may produce hundreds of operation records per minute, signature overhead must be negligible. Ed25519 signatures are 64 bytes compared to RSA-2048 at 256 bytes — a 4x size difference that matters when storing millions of records.

Security Properties

Unlike ECDSA, Ed25519 does not require a random nonce for each signature, eliminating an entire class of implementation vulnerabilities. The Ed25519 curve has no known weak key classes, unlike some RSA key sizes or certain elliptic curves with suspected backdoors. It is widely audited and implemented in OpenSSL, libsodium, Go's standard library, and Python's cryptography package.

How Elydora Uses Ed25519

Every AI agent registered with Elydora receives an Ed25519 keypair. When an agent performs an operation, the SDK constructs an Elydora Operation Record containing the agent ID, operation type, payload hash, timestamp, nonce, and previous chain hash.

Canonical Serialization

The record is serialized using JSON Canonicalization Scheme (JCS, RFC 8785). This ensures that the same record always produces the exact same byte sequence, regardless of JSON key ordering or whitespace. Deterministic serialization is critical — without it, the same logical record could produce different signatures.

Signing and Verification

The Ed25519 private key signs the canonical byte sequence, producing a 64-byte signature. Anyone with the agent's public key can verify authenticity (the record was created by this specific agent), integrity (the record has not been modified since signing), and non-repudiation (the agent or its operator cannot deny producing the record).

Chain Hashing: Signatures Are Not Enough

A signed record proves who created it and that it has not changed. But it does not prove ordering or completeness. An adversary could delete records while keeping remaining signatures valid, reorder records since each signature is independent, or insert fabricated records signed with a compromised key.

Elydora addresses this with hash chaining. Each operation record includes the SHA-256 hash of the previous record. Deleting a record breaks the chain. Reordering records invalidates the hash links. Inserting a record requires re-signing every subsequent record, which the attacker cannot do without the private key.

Epoch Anchoring: External Proof

Chain hashing proves integrity within the system. But what if the entire system is compromised? Elydora addresses this with epoch anchoring: periodically, all recent operation records are aggregated into a Merkle tree, the Merkle root is submitted to an independent RFC 3161 Timestamp Authority, and the timestamp authority signs the root with their own key.

This creates an external, independent proof that a specific set of records existed at a specific time. Even if Elydora's infrastructure were fully compromised, the timestamp authority's attestation remains valid.

What This Means for Your Agents

With Ed25519 signed records, your AI agents produce evidence that auditors can verify without trusting your infrastructure, regulators can inspect with standard cryptographic tools, courts can admit as tamper-evident digital evidence, and customers can trust because the math — not your promise — guarantees integrity.

The overhead is minimal — microseconds per operation, 64 bytes per signature. The protection is maximal — mathematical certainty that records are authentic, unmodified, and properly ordered.

Try It

Elydora's SDKs handle all of this automatically. You do not need to implement Ed25519, hash chaining, or epoch anchoring yourself. Install the SDK, register your agent, and every operation produces a signed, chained, and anchored record automatically.