Pillar 03 — Agent Authority Proof

Agent Authority Proof.

Prove an agent's authority without handing it the keys.

Give an AI agent a cryptographic proof of who it acts on behalf of and how far its scope reaches — without ever handing over a signing key. One of the four axes that make up the Lemma trust infrastructure.

Answering the questions being asked most urgently right now
We don't want to hand keys to autonomously running AI agents
We want to verify the authority chain across multi-tier agents after the fact
MAX We need a mechanism to stop over-limit and out-of-scope actions
01 · What Agent Authority Proof is

Prove delegated authority alone, without handing over a key.

Delegator, role, scope, limit, and validity are fixed in a cryptographic proof. The AI agent acts only within scope, and every action becomes verifiable.

Delegator

Person / organization

Defines the role, scope, limit, and validity period granted to the AI agent.

The private key stays with the delegator
Lemma

Issues the authority as a cryptographic proof

1Fix the authority with the delegator's signature
2Parameterize scope, limit, and validity
3Hand it to the agent as a ZK proof
The key itself is never handed over
AI agent

Acts without a key

delegatedByceo@org.jp
roleprocurement
spendLimitUSDC5000
scopevendor-2026
validUntil2026-12-31
Out-of-scope actions are impossible

Think of it like a power of attorney.

To let someone advance a contract while you're away, you draft a power of attorney that spells out "the scope of the delegated authority" and "the expiry" — have you ever done something like this? Lemma's Agent Authority Proof uses the same mechanism for AI agents. Without handing over the key itself, it carries only "within this scope, until this expiry, in this role" as a cryptographic proof.

What is disclosed

The scope of authority + the proof

  • delegatedBy (the delegator's signature)
  • role / scope (role and scope)
  • spendLimit / validUntil (limit and expiry)
  • The cryptographic proof of authority (independently verifiable)
What stays private

Keys, personal data, internal organization

  • The delegator's private key and credentials
  • The delegator's personal data and internal organizational information
  • Out-of-scope authority and other business
What happens with this mechanism
The AI agent can act on behalf within scope, without holding a key
The private key stays with the delegator, so leakage risk is structurally absent
Over-limit and out-of-scope actions are cryptographically rejected
The authority chain across multi-tier agents can be independently verified after the fact

Run autonomous agents without handing over a key.

Independently verify the chain across multi-tier agents after the fact
Stop over-limit and out-of-scope actions by construction
Key-leakage risk disappears from the structure of the work
02 · How it differs from existing approaches

How it differs from API keys, OAuth, and RBAC.

Existing authority management either "hands over a key" or "stays self-contained within a system." The era of autonomous AI agents demands "acting on behalf without handing over a key" — and that needs a different structure.

Approach
Acts on behalf within scope
Key stays with delegator
Independently verifiable
Cryptographic proof
Handing over an API key directly
OAuth token
RBAC (in-system permissions)
Lemma Agent Authority Proof
03 · Position in the trust infrastructure

P3 is one of the four axes that make up the Lemma trust infrastructure.

P1 Origin P2 AI P3 Authority P4 Attributes
See the full trust infrastructure →
04 · Use in practice

Business scenarios that use this axis.

P3 · A2A
Multi-agent workflows
 $
P3 · Treasury
Delegated treasury
P3 · Expenses
Agent expense approval
P3 · Procurement
Agent procurement
 API
P3 · Billing
Agent API billing
P3 · Settlement
A2A settlement
See all use cases →
05 · Technical reference

Proprietary cryptography to prove delegated authority without handing over a key.

Delegator signature

Cryptographically fixes the issuer of the authority. Who delegated it can be independently verified by a third party after the fact.

Parametric authority

Role, scope, limit, and validity are parameterized. Anything exceeding them is cryptographically detected and rejected before execution.

ZK authority proof

The key itself is never handed over; only the fact that "this agent may act on behalf within this scope" is passed to the agent as a ZK proof.

// your.agent.v1 — Lemma canonical schema
{
  "$schema": "your.agent.v1",
  "delegatedBy": "ceo@org.jp",
  "role": "procurement",
  "spendLimitUSDC": 5000,
  "scope": "vendor-list-2026",
  "validUntil": "2026-12-31",
  "issuer": "org.jp",
  "zk_proof": "0x9c4f...e7d2"
}
Developer guides for implementing P3

Technical documentation related to this axis.

GUIDESEncrypt Everything, Expose Nothing
GUIDESProve Facts with Zero Knowledge
GUIDESQuery Verified Attributes
GUIDESDefine Your Domain as a Schema
See all technical documentation →
06 · Next steps

See it for yourself with a business scenario.

For business teams

Discovery Call

We'll hear your business scenario in 30 minutes. No technical details, personal information, or confidential data required.

Get in touch →
For developers

Try the Schema

Try your.agent.v1 in the Lemma Dashboard in 5 minutes. Read alongside the SDK and Guides.

Dashboard →