PSE proposes ACTA privacy layer to keep ERC-8004 AI agents verifiable without exposing identity

Privacy & Scaling Explorations, the Ethereum Foundation’s privacy research arm, published a research proposal titled “Anonymous Credentials for Trustless Agents (ACTA)” on Ethereum Research in May 2026, per the ethresear.ch post.

ACTA is designed as a privacy layer sitting on top of ERC-8004, addressing what the proposal calls “a permanent, public interaction graph between AI agents and their clients” that the standard’s current design creates.

ERC-8004 was originally proposed in August 2025 with contributions from MetaMask, the Ethereum Foundation, Google, and Coinbase, per Allium. The standard went live on Ethereum mainnet in January 2026 and now anchors over 100,000 deployed agents across Ethereum, BNB Chain, Base, and Solana.

As Cryptopolitan reported in March, BNB Chain alone carries 44,051 ERC-8004 agents, with Ethereum at 36,512.

The trust-versus-exposure problem ACTA targets

ERC-8004’s three registries, Identity, Reputation, and Validation, give agents on-chain identity and portable reputation. The Identity Registry assigns each agent a permanent on-chain ID using ERC-721 tokens.

The Reputation Registry logs feedback from users and other agents. The Validation Registry lets third parties verify agent actions without trusting the agent itself.

The design works for trust establishment. It does not work for strategic privacy.

Every reputation signal, every credential check, every delegation is immutably on-chain. For a DeFi protocol using multiple agents for liquidity routing or risk assessment, that interaction graph reveals which models the protocol uses, which service providers it depends on, and which strategies it prefers.

The same problem applies in governance and prediction markets, where an agent’s public trail can be used to infer the user’s identity or trading intentions.

ACTA replaces public identity with policy-proof

ACTA’s core shift is moving trust from public identity to policy proof. A protocol registers verification policies. When an agent participates, it submits a zero-knowledge proof showing it satisfies the policy rather than displaying credentials directly.

The verifier sees three things: the policy ID, the proof result, and a context-specific nullifier that prevents reuse without binding the agent’s activities across scenarios to one public identity.

An agent could prove it passed a specific audit, holds an audit score above a threshold, uses an approved model version, operates from outside restricted jurisdictions, or is authorized by a verified human principal, all without exposing the underlying data.

ACTA also addresses on-behalf-of delegation, letting an agent prove it operates under human authorization without revealing the human’s real-world identity.

ACTA still has major implementation questions

ACTA is a research draft. The proposal acknowledges unresolved issues, including the size of anonymity sets, centralization risk in credential issuers, threshold deanonymization of malicious agents, cross-chain credential portability, and the cost of client-side proof generation.

Adoption depends on whether anonymity sets are large enough, issuers are trustworthy enough, proof costs are low enough, and developer experience is good enough.

Early ERC-8004 activity shows demand for the layer underneath. Allium recorded 401 feedback submissions in the first two weeks after mainnet launch.

Separate research by Stefano Maestri has proposed performance bonding, in which agents post collateral that is automatically forfeited if they fail their tasks, as a complementary accountability mechanism enforced by smart contracts rather than legal systems.

The proposal frames the broader question this way: a trust layer solves how to prove, but it does not solve what is exposed during proof.

If you're reading this, you’re already ahead. Stay there with our newsletter.