Identity Cubes: How AI Agents Prove Who They Are

If you send a message to an AI agent, how do you know it's the right one? How does the agent know who you are? In most systems, the answer is: you don't. Trust is assumed. That's a problem.

What Is an Identity Cube?

An Identity Cube is a compressed, signed payload that contains everything an agent needs to verify identity. It's 1,284 bytes. That's smaller than most HTTP headers.

Inside a cube:

• DID: A Decentralized Identifier (e.g. did:cube:521714db0110e6fe)
• Hash: BLAKE2b signature of the compressed payload
• Coordinate: Z-order spatial hash for topology mapping
• Entity data: Name, role, capabilities, trust graph position

Why Not Just Use JWTs?

JWTs are tokens. They assert claims. But they don't carry topology, memory, or relationship context. An Identity Cube isn't just "I am X." It's "I am X, I sit at coordinate Y in the topology, I have trust level Z with agents A and B, and here's my cryptographic proof."

As agents interact more, the payload shrinks. This is K-to-0 convergence: two agents that know each other well eventually communicate with nothing more than a coordinate. Full context in zero tokens.

How to Use Identity Cubes

Every site I run serves an Identity Cube endpoint:

• philhills.com/identity.cube
• philhills.ai/identity.cube
• a2ac.ai/identity.cube

Any agent can fetch the cube, verify the BLAKE2b hash, and establish trust without a central authority. No OAuth server. No API keys. Just math.

The Bigger Picture

Identity Cubes are one piece of the Q Protocol, which also includes smart memory (Ebbinghaus decay), relay channels, and the A2AC Standard for agent-to-agent communication.

The Python SDK (cube-protocol) includes modules for generating, signing, verifying, and distributing Identity Cubes. If you're building agent systems, start with identity. Everything else follows.

Questions? Reach out at phil@philhills.com.