arxiv: 2605.08922 · v1 · submitted 2026-05-09 · 💻 cs.CR

Recognition: 1 theorem link

· Lean Theorem

Toward Web 4.0: Bidirectional Trust between AI Agents and Blockchain

Yunfeng Xia , Chao Li , Lei Li , Chenhao Zhang , Li Duan , Runhua Xu , Wei Wang

Authors on Pith no claims yet

Pith reviewed 2026-05-12 02:22 UTC · model grok-4.3

classification 💻 cs.CR

keywords AI agentsblockchainbidirectional trustWeb 4.0intent-centric executionverifiable computationsystematization of knowledge

0 comments

The pith

Blockchain supplies trust primitives for AI agents while agents can audit and govern blockchain operations, yet standards remain immature.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper organizes existing work into a bidirectional trust framework for AI agents operating on blockchains. In one direction, blockchain supplies identity, delegation, and intent mechanisms to agents; in the other, agents contribute to auditing, consensus, and governance. It introduces the Agent-Blockchain Interaction Model to structure these exchanges, surveys dozens of Ethereum standards and projects plus over a hundred papers, and applies a five-criterion lens to expose that agent-specific standards are underdeveloped, intent systems lack formal proofs, and no unified protocol-level security model yet treats AI as a core participant.

Core claim

The authors formalize the Agent-Blockchain Interaction Model (ABIM) to capture how verifiable computation underpins trust in both directions, catalog existing primitives, and conclude that the ecosystem lacks maturity in agent-specific standards, formal analysis of intents, and a protocol-layer security framing that treats AI agents as first-class actors.

What carries the argument

The bidirectional trust framework together with the Agent-Blockchain Interaction Model (ABIM) that classifies interactions across identity, permission, intent execution, tokenized economies, auditing, consensus, and governance.

If this is right

New Ethereum standards should target agent identity and delegation primitives to raise maturity scores.
Intent-centric architectures require formal verification techniques before they can be trusted at scale.
Research on AI participation in consensus must be folded into a single security model rather than isolated studies.
Tokenized agent economies can be compared directly on the five dimensions of verifiability, trust minimality, expressiveness, composability, and maturity.
The proposed taxonomy can be used to prioritize which of the nine open problems to address first.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

Designers of future decentralized applications could use the five-dimensional framework to score proposed agent integrations before deployment.
A unified security model treating AI as a protocol participant might reduce the attack surface where agents control significant on-chain value.
Extending the taxonomy to include cross-chain or multi-agent coordination patterns would be a natural next step the survey leaves open.

Load-bearing premise

The assumption that the collected standards, projects, and papers form a representative sample that has not missed major interaction patterns or alternative ways to organize the trust space.

What would settle it

Discovery of a previously unexamined interaction pattern or a complete alternative taxonomy that reorders the reported gaps would show the three-dimensional taxonomy and nine open problems are incomplete.

Figures

Figures reproduced from arXiv: 2605.08922 by Chao Li, Chenhao Zhang, Lei Li, Li Duan, Runhua Xu, Wei Wang, Yunfeng Xia.

**Figure 1.** Figure 1: Bidirectional Trust Framework for autonomous AI agents on blockchain. The B → A direction (left): blockchain provides trust infrastructure for agents across four layers. The A→ B direction (right): agents participate in core blockchain mechanisms across three layers. The Trust Foundation of verifiable computation underpins both directions, with varying necessity depending on agent autonomy and application … view at source ↗

**Figure 2.** Figure 2: Evolution of blockchain account models: EOA (Gen 1), Account Abstraction proposals (Gen 2), and agent-specific identity standards (Gen 3). a standard EOA transfer (21,000 gas). More recently, EIP-7702 [14] (2024, Final), introduced in the Pectra upgrade, allows EOAs to set contract code, blurring the boundary between the two account types. However, security analysis by Qi et al. [33] reveals that the inte… view at source ↗

**Figure 3.** Figure 3: Five-dimensional radar chart comparing verification approaches. zkML achieves the highest verifiability and trust minimality but lags in expressiveness and maturity. TEE excels in expressiveness and maturity but requires hardware trust. opML provides a balanced middle ground. Scores range from 1 (worst) to 5 (best). a critical gap: no existing work connects proofs of training to proofs of inference into a … view at source ↗

**Figure 4.** Figure 4: Dependency graph of 20 key EIPs/ERCs from §4.. Solid arrows: direct dependency or extension; dashed: complementary relationship. Node shading encodes the framework layer; maturity of the full 70 standards is shown in [PITH_FULL_IMAGE:figures/full_fig_p035_4.png] view at source ↗

**Figure 5.** Figure 5: Maturity distribution of the 70 EIPs/ERCs catalogued in Tables 10 and 11, by category (rows) and status (columns). Darker cells indicate higher counts. 6.4. ABIM Security Property Compliance The five-dimensional evaluation framework (§2.4.) measures how well current mechanisms are designed; the ABIM security properties (§2.3.2.) specify what each layer must guarantee [PITH_FULL_IMAGE:figures/full_fig_p035… view at source ↗

**Figure 6.** Figure 6: Taxonomy space (Autonomy × Trust Model). Blue/orange dots: B→A / A→B projects; cluster dot counts are illustrative, not proportional to actual project numbers. Red dashed ellipses (Gap 1–3) mark under-explored regions [PITH_FULL_IMAGE:figures/full_fig_p039_6.png] view at source ↗

**Figure 7.** Figure 7: Research gap map of the nine open problems by estimated difficulty and impact. Bubble color encodes ABIM property type: red = assurance bounds, blue = protocol invariants, orange = mechanism design objectives. gaps that remain. Several findings stand out. On the standards side, the agent-specific EIP ecosystem is overwhelmingly immature: only 2 of 13 direct AI/agent standards have reached Final, and no del… view at source ↗

read the original abstract

Autonomous AI agents are increasingly deployed on blockchain platforms, yet the design space that governs their interaction remains poorly understood. This convergence, where autonomous agents operate on and within decentralized systems, is a defining feature of the emerging Web~4.0 paradigm. This paper presents a Systematization of Knowledge organized around a bidirectional trust framework. In the B $\boldsymbol{\rightarrow}$ A direction, we examine how blockchain provides trust infrastructure for agents, spanning identity and account abstraction, permission and delegation, intent-centric execution, and tokenized agent economies. In the A $\boldsymbol{\rightarrow}$ B direction, we examine the reverse: how AI agents participate in core blockchain mechanisms including security auditing, consensus, and governance. A Trust Foundation of verifiable computation underpins both directions, with each primitive offering different trade-offs between trust minimality, computational overhead, and deployment readiness. We formalize the interaction as an Agent-Blockchain Interaction Model (ABIM), catalog 70 Ethereum EIPs/ERCs, examine 20 representative industry projects, and review 118 academic papers, applying a five-dimensional framework assessing Verifiability, Minimality of Trust, Expressiveness, Composability, and Maturity. Our analysis uncovers significant gaps: the agent-specific standards ecosystem is overwhelmingly immature, intent architectures lack formal analysis, and while isolated works have begun to explore AI participation in consensus and governance, a unified security framing that treats AI as a first-class actor at the protocol layer remains absent. We propose a three-dimensional taxonomy, identify nine concrete open problems, and highlight the sharpest research opportunities at this intersection.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

This SoK maps the AI-agent and blockchain intersection with a bidirectional trust lens and a new taxonomy, but its gap claims rest on how complete the 70 EIPs and 118 papers actually are.

read the letter

The paper's main contribution is the bidirectional framing itself. It treats blockchain as trust infrastructure for agents (identity, intents, tokenized economies) and agents as participants in blockchain (auditing, consensus, governance), then ties both to a verifiable computation foundation. The Agent-Blockchain Interaction Model and three-dimensional taxonomy organize work that had been scattered across separate papers and EIPs. That structure is new and useful for anyone trying to see the whole space at once. The catalog of 70 EIPs/ERCs, 20 projects, and 118 papers, scored on the five dimensions of verifiability, trust minimality, expressiveness, composability, and maturity, gives concrete comparisons and surfaces nine specific open problems. The immaturity of agent-specific standards and the absence of a unified security framing for AI at the protocol layer come directly from that review. The soft spot is coverage. The stress-test concern about selection criteria is fair: without an explicit inclusion protocol or checks for non-Ethereum chains and very recent agent-consensus work, the claims of absence or overwhelming immaturity could be incomplete rather than definitive. No empirical validation or formal completeness proof is offered, which is normal for an SoK but leaves the gaps as observations. This paper is for researchers and engineers already working at the AI-blockchain boundary who need a map and a problem list. A reader who knows one side well will pick up the connections quickly. It deserves peer review because the organizational work is substantive and the open problems are stated concretely enough to guide follow-on research.

Referee Report

3 major / 3 minor

Summary. The paper conducts a Systematization of Knowledge (SoK) on bidirectional trust between AI agents and blockchain platforms as a feature of Web 4.0. It introduces an Agent-Blockchain Interaction Model (ABIM), catalogs 70 Ethereum EIPs/ERCs, 20 industry projects, and 118 academic papers, applies a five-dimensional evaluation framework (Verifiability, Minimality of Trust, Expressiveness, Composability, Maturity), proposes a three-dimensional taxonomy, and identifies nine open problems, concluding that agent-specific standards are immature, intent architectures lack formal analysis, and no unified security framing treats AI as a first-class protocol actor.

Significance. If the catalog proves representative, the work provides a useful structured baseline for an emerging interdisciplinary area by quantifying coverage, surfacing concrete gaps, and outlining research opportunities at the AI-blockchain intersection. The explicit counts and multi-dimensional framework could serve as a reference point for subsequent reviews or implementations.

major comments (3)

[Literature review and cataloging sections (methodology for EIPs, projects, and papers)] The central claims of 'overwhelmingly immature' agent-specific standards and an 'absent' unified security framing rest on the completeness of the 70 EIPs/ERCs + 118 papers catalog. However, no explicit search protocol, inclusion/exclusion criteria, or inter-rater process is described for selecting these items, which directly affects whether the nine open problems and gap assertions are definitive rather than partial.
[ABIM definition and formalization] The Agent-Blockchain Interaction Model (ABIM) is introduced to formalize bidirectional interactions but receives no precise definition, diagram, or set of equations showing how the B→A and A→B directions map onto the five-dimensional framework or the proposed taxonomy.
[Evaluation framework application] The five-dimensional evaluation framework is applied across the catalog, yet the paper provides no justification for the choice of dimensions, no scoring rubric, and no discussion of how Maturity or other scores were assigned consistently, weakening the comparative analysis that underpins the taxonomy and open problems.

minor comments (3)

[Abstract] The abstract uses LaTeX-style bidirectional arrows (B → A) that may render inconsistently; plain-text or Unicode equivalents would improve readability.
[Introduction and catalog description] The scope is limited to Ethereum EIPs/ERCs; this should be explicitly stated as a boundary condition in the introduction or methodology, given that the title refers to the broader Web 4.0 paradigm.
[Open problems section] A consolidated table listing the nine open problems with cross-references to the taxonomy and framework would aid navigation.

Simulated Author's Rebuttal

3 responses · 0 unresolved

We thank the referee for their thorough review and valuable suggestions. We have carefully considered each major comment and provide our responses below, along with planned revisions to the manuscript.

read point-by-point responses

Referee: [Literature review and cataloging sections (methodology for EIPs, projects, and papers)] The central claims of 'overwhelmingly immature' agent-specific standards and an 'absent' unified security framing rest on the completeness of the 70 EIPs/ERCs + 118 papers catalog. However, no explicit search protocol, inclusion/exclusion criteria, or inter-rater process is described for selecting these items, which directly affects whether the nine open problems and gap assertions are definitive rather than partial.

Authors: We acknowledge the importance of methodological transparency in a systematization of knowledge paper. The catalog was compiled through systematic searches on the Ethereum EIP repository, academic databases such as Google Scholar and arXiv, and industry reports, with inclusion criteria focused on relevance to AI agents and blockchain interactions. However, we agree that these details were not sufficiently documented in the manuscript. In the revised version, we will add a new subsection detailing the search protocol, inclusion/exclusion criteria, and any steps taken to ensure comprehensive coverage. This will better support our claims regarding the immaturity of standards and the absence of unified security framings. revision: yes
Referee: [ABIM definition and formalization] The Agent-Blockchain Interaction Model (ABIM) is introduced to formalize bidirectional interactions but receives no precise definition, diagram, or set of equations showing how the B→A and A→B directions map onto the five-dimensional framework or the proposed taxonomy.

Authors: The ABIM is presented in Section 3 as a conceptual model capturing the bidirectional trust flows. We recognize that a more formal treatment would strengthen the paper. We will revise the manuscript to include a precise textual definition, a diagram illustrating the interaction flows in both directions, and explicit mappings to the five-dimensional evaluation framework and the three-dimensional taxonomy. Where appropriate, we will introduce simple formal notations or equations to describe the trust primitives and their trade-offs. revision: yes
Referee: [Evaluation framework application] The five-dimensional evaluation framework is applied across the catalog, yet the paper provides no justification for the choice of dimensions, no scoring rubric, and no discussion of how Maturity or other scores were assigned consistently, weakening the comparative analysis that underpins the taxonomy and open problems.

Authors: The five dimensions were selected to comprehensively assess trust-related aspects in agent-blockchain systems, informed by literature on verifiable computation, trust minimization in blockchains, and system composability. We agree that explicit justification and a scoring rubric are necessary for reproducibility. In the revision, we will add a dedicated section justifying the choice of each dimension with references to prior work, provide a clear scoring rubric (e.g., low/medium/high with criteria), and describe the process for consistent scoring, including any calibration among authors. revision: yes

Circularity Check

0 steps flagged

No circularity: literature systematization without derivations or self-referential reductions

full rationale

This is a Systematization of Knowledge paper that catalogs 70 EIPs/ERCs, 20 industry projects, and 118 external academic papers, then applies a five-dimensional evaluation framework to identify gaps and propose an ABIM model plus three-dimensional taxonomy. No equations, fitted parameters, or predictions appear that reduce by construction to quantities defined within the paper itself. All central claims about immaturity of standards, lack of formal analysis, and absence of unified security framing are grounded in the reviewed external sources rather than self-citation chains or self-definitional loops. The selection of the catalog is a methodological choice whose completeness can be critiqued on representativeness grounds, but it does not create circularity under the specified criteria because the results do not equate to the inputs by definition.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 2 invented entities

The paper relies on standard assumptions from decentralized systems research about what constitutes trust minimality and verifiability; it introduces new conceptual structures for organization but does not postulate new physical entities or fit numerical parameters.

axioms (1)

domain assumption The five dimensions of Verifiability, Minimality of Trust, Expressiveness, Composability, and Maturity provide a sufficient lens for evaluating agent-blockchain primitives.
Invoked when applying the framework to cataloged EIPs, projects, and papers.

invented entities (2)

Agent-Blockchain Interaction Model (ABIM) no independent evidence
purpose: Formal model to capture bidirectional interactions between agents and blockchain.
Newly defined structure for organizing the surveyed material.
Three-dimensional taxonomy no independent evidence
purpose: To classify approaches along additional axes beyond the five-dimensional framework.
Proposed as part of the systematization output.

pith-pipeline@v0.9.0 · 5599 in / 1697 out tokens · 88087 ms · 2026-05-12T02:22:20.210289+00:00 · methodology

discussion (0)

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

IndisputableMonolith/Foundation/RealityFromDistinction.lean reality_from_one_distinction unclear

?

unclear
Relation between the paper passage and the cited Recognition theorem.

We formalize the interaction as an Agent-Blockchain Interaction Model (ABIM)... five-dimensional evaluation framework assessing Verifiability, Minimality of Trust, Expressiveness, Composability, and Maturity.

What do these tags mean?

matches: The paper's claim is directly supported by a theorem in the formal canon.
supports: The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends: The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses: The paper appears to rely on the theorem as machinery.
contradicts: The paper's claim conflicts with a theorem or certificate in the canon.
unclear: Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Reference graph

Works this paper leans on

197 extracted references · 197 canonical work pages

[1]

AI Agents Meet Blockchain: A Survey on Secure and Scalable Collaboration for Multi-Agents.Future Internet2025 17(2)

Karim MM, Van DH, Khan S, Qu Q, Kholodov Y . AI Agents Meet Blockchain: A Survey on Secure and Scalable Collaboration for Multi-Agents.Future Internet2025 17(2). doi:10.3390/fi17020057

work page doi:10.3390/fi17020057
[2]

In Proceedings of the 4th ACM Conference on Advances in Financial Technolo- gies

Werner S, Perez D, Gudgeon L, Klages-Mundt A, Harz D,et al.SoK: Decentralized Fi- nance (DeFi). In Proceedings of the 4th ACM Conference on Advances in Financial Technolo- gies. New York, NY , USA: Association for Computing Machinery, 2023, AFT ’22 p. 30–46. doi:10.1145/3558535.3559780

work page doi:10.1145/3558535.3559780 2023
[3]

T-Watch: Towards Timed Execution of Private Transaction in Blockchains.IEEE Transactions on Services Computing2024 17(3):1279–1292

Li C, Palanisamy B. T-Watch: Towards Timed Execution of Private Transaction in Blockchains.IEEE Transactions on Services Computing2024 17(3):1279–1292. doi:10.1109/TSC.2024.3402163

work page doi:10.1109/tsc.2024.3402163 2024
[4]

In Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security

Li C, Palanisamy B, Xu R, Duan L, Liu J,et al.How Hard is Takeover in DPoS Blockchains? Understanding the Security of Coin-based V oting Governance. In Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security. New York, NY , USA: Association for Computing Machinery, 2023, CCS ’23 p. 150–164. doi:10.1145/3576915.3623171

work page doi:10.1145/3576915.3623171 2023
[5]

Web2025 19(2)

Li C, Xu R, Palanisamy B, Duan L, Shen M,et al.Blockchain Takeovers in Web 3.0: An Empirical Study on the TRON-Steem Incident.ACM Trans. Web2025 19(2). doi:10.1145/3689431

work page doi:10.1145/3689431
[6]

doi:10.1109/JIOT.2025.3583969

Duan L, Wang Y , Liu J, Ni W, Li C,et al.Secure and Fine-Grained Data Sharing in Internet of Things: Integration of Interplanetary File System and Cross-Blockchain for Access Control.IEEE Internet of Things Journal2025 12(18):37301–37308. doi:10.1109/JIOT.2025.3583969

work page doi:10.1109/jiot.2025.3583969 2025
[7]

The Promise vs

Wu Y , Chen S, Li C, Weng Y , Wang W. The Promise vs. Reality of NFT Decentralization: An Empirical Study of Storage Strategies and Defects. In Proceedings of the ACM Web Conference

work page
[8]

2858–2869

New York, NY , USA: Association for Computing Machinery, 2026, WWW ’26 p. 2858–2869. doi:10.1145/3774904.3792338

work page doi:10.1145/3774904.3792338 2026
[9]

Wang B, Liu T, Wang W, Weng Y , Li C,et al.The Illusion of Anonymity: Uncovering the Impact of User Actions on Privacy in Web3 Social Ecosystems, 2024

work page 2024
[10]

Towards web 4.0: Frameworks for autonomous AI agents and decentralized enterprise coordination.Frontiers in Blockchain2025 8:1591907

Gürpinar T. Towards web 4.0: Frameworks for autonomous AI agents and decentralized enterprise coordination.Frontiers in Blockchain2025 8:1591907

work page
[11]

Autonomous AI agents in decentralized finance: Market dynamics, application areas, and theoretical implications.Technological Forecasting and Social Change2026 228:124669

Ante L. Autonomous AI agents in decentralized finance: Market dynamics, application areas, and theoretical implications.Technological Forecasting and Social Change2026 228:124669. doi:https://doi.org/10.1016/j.techfore.2026.124669

work page doi:10.1016/j.techfore.2026.124669 2026
[12]

MIP-X43 cbETH Oracle Incident Summary - Updates

Moonwell Governance Forum. MIP-X43 cbETH Oracle Incident Summary - Updates. https: //forum.moonwell.fi/t/mip-x43-cbeth-oracle-incident-summary/2068, 2026. Accessed: 2026-04-07

work page 2068
[13]

An analysis of intent-based markets.arXiv preprint arXiv:2403.025252024

Chitra T, Kulkarni K, Pai M, Diamandis T. An analysis of intent-based markets.arXiv preprint arXiv:2403.025252024

work page arXiv
[14]

Ethereum Request for Comments, 2021

Buterin V , Weiss Y , Tirosh D, Nacson S, Forshtat A,et al.ERC-4337: Account Abstraction Using Alt Mempool. Ethereum Request for Comments, 2021. https://eips.ethereum.org/EIPS/eip-4337. 41 Journal Paper type Accessed: 2026

work page 2021
[15]

EIP-7702: Set Code for EOAs

Buterin V , Wilson S, Dietrichs A, lightclient. EIP-7702: Set Code for EOAs. Ethereum Improvement Proposals, 2024. https://eips.ethereum.org/EIPS/eip-7702. Accessed: 2026

work page 2024
[16]

ERC-8004: Trustless Agents

Rossi MD, Crapis D, Ellis J, Reppel E. ERC-8004: Trustless Agents. Ethereum Request for Comments, 2025. https://eips.ethereum.org/EIPS/eip-8004. Accessed: 2026

work page 2025
[17]

ERC-8126: AI Agent Registration and Verification

Cronian L. ERC-8126: AI Agent Registration and Verification. Ethereum Request for Comments,

work page
[18]

Accessed: 2026

https://eips.ethereum.org/EIPS/eip-8126. Accessed: 2026

work page 2026
[19]

ERC-7992: Verifiable ML Model Inference (ZKML)

Aryaethn. ERC-7992: Verifiable ML Model Inference (ZKML). Ethereum Request for Comments,

work page
[20]

Accessed: 2026

https://eips.ethereum.org/EIPS/eip-7992. Accessed: 2026

work page 2026
[21]

ERC-7007: Verifiable AI-Generated Content Token

So C, Yu X, Conway, Ting LT, Kartin. ERC-7007: Verifiable AI-Generated Content Token. Ethereum Request for Comments, 2023. https://eips.ethereum.org/EIPS/eip-7007. Accessed: 2026

work page 2023
[22]

ERC-7521: General Intents for Smart Contract Wallets

Monn S, Bengisu B. ERC-7521: General Intents for Smart Contract Wallets. Ethereum Request for Comments, 2023. https://eips.ethereum.org/EIPS/eip-7521. Accessed: 2026

work page 2023
[23]

ERC-7683: Cross Chain Intents

Toda M, Rice M, Pai N. ERC-7683: Cross Chain Intents. Ethereum Request for Comments, 2024. https://eips.ethereum.org/EIPS/eip-7683. Accessed: 2026

work page 2024
[24]

ERC-7710: Smart Contract Delegation

McPeck R, Finlay D, Dawson R, Chiang D. ERC-7710: Smart Contract Delegation. Ethereum Request for Comments, 2024. https://eips.ethereum.org/EIPS/eip-7710. Accessed: 2026

work page 2024
[25]

ERC-7662: AI Agent NFTs

Marlin G. ERC-7662: AI Agent NFTs. Ethereum Request for Comments, 2024. https://eips.ether eum.org/EIPS/eip-7662. Accessed: 2026

work page 2024
[26]

ERC-7857: AI Agents NFT with Private Metadata

Wu M, Zeng J, Wu W, Heinrich M. ERC-7857: AI Agents NFT with Private Metadata. Ethereum Request for Comments, 2025. https://eips.ethereum.org/EIPS/eip-7857. Accessed: 2026

work page 2025
[27]

In Proceedings of the 2021 Network and Distributed System Security Symposium (NDSS)

Hou C, Zhou M, Ji Y , Daian P, Tramèr F,et al.SquirRL: Automating Attack Analysis on Blockchain Incentive Mechanisms with Deep Reinforcement Learning. In Proceedings of the 2021 Network and Distributed System Security Symposium (NDSS). 2021

work page 2021
[28]

AgentDAO: Synthesis of Proposal Transactions Via Abstract DAO Semantics.arXiv preprint arXiv:2503.100992025

Ao L, Liu H, Zhang H. AgentDAO: Synthesis of Proposal Transactions Via Abstract DAO Semantics.arXiv preprint arXiv:2503.100992025

work page arXiv
[29]

SoK: Security and Privacy of AI Agents for Blockchain

Romandini N, Mazzocca C, Otsuki K, Montanari R. SoK: Security and Privacy of AI Agents for Blockchain. In 2025 7th International Conference on Blockchain Computing and Applications (BCCA). 2025 pp. 708–720. doi:10.1109/BCCA66705.2025.11229689

work page doi:10.1109/bcca66705.2025.11229689 2025
[30]

Autonomous agents on blockchains: Standards, execution models, and trust boundaries.arXiv preprint arXiv:2601.04583, 2026

Alqithami S. Autonomous Agents on Blockchains: Standards, Execution Models, and Trust Boundaries.arXiv preprint arXiv:2601.045832026

work page arXiv
[31]

Ethereum Improvement Proposals,

Becze M, Jameson H,et al.EIP-1: EIP Purpose and Guidelines. Ethereum Improvement Proposals,

work page
[32]

Accessed: 2026

https://eips.ethereum.org/EIPS/eip-1. Accessed: 2026

work page 2026
[33]

EIP-86: Abstraction of Transaction Origin and Signature

Buterin V . EIP-86: Abstraction of Transaction Origin and Signature. Ethereum Improvement Proposals, 2017. https://eips.ethereum.org/EIPS/eip-86. Accessed: 2026

work page 2017
[34]

EIP-2938: Account Abstraction

Buterin V , Dietrichs A, Garnett M, Villanueva W, Wilson S. EIP-2938: Account Abstraction. Ethereum Improvement Proposals, 2020. https://eips.ethereum.org/EIPS/eip-2938. Accessed: 2026

work page 2020
[35]

Account Abstraction, Analysed

Wang Q, Chen S. Account Abstraction, Analysed. In 2023 IEEE International Conference on Blockchain (Blockchain). 2023 pp. 323–331. doi:10.1109/Blockchain60715.2023.00057. 42 Journal Paper type

work page doi:10.1109/blockchain60715.2023.00057 2023
[36]

In 2024 International Conference on Computing, Networking and Communications (ICNC)

Lin Z, Wang T, Zhao C, Zhang S, Yang Q,et al.A Measurement Investigation of ERC-4337 Smart Contracts on Ethereum Blockchain. In 2024 International Conference on Computing, Networking and Communications (ICNC). 2024 pp. 1164–1170. doi:10.1109/ICNC59896.2024.10556301

work page doi:10.1109/icnc59896.2024.10556301 2024
[37]

EIP-7702 Phishing Attack.arXiv preprint arXiv:2512.12174 2025

Qi M, Wang Q, Li R, Zhu T, Chen S. EIP-7702 Phishing Attack.arXiv preprint arXiv:2512.12174 2025

work page arXiv 2025
[38]

https://pan.network/home, 2026

PAN Network: On-chain AI Payment Protocol. https://pan.network/home, 2026. Accessed: 2026-02-12

work page 2026
[39]

https://www.deagent.ai/, 2026

DeAgentAI: Decentralized AI Agent Infrastructure. https://www.deagent.ai/, 2026. Accessed: 2026-02-12

work page 2026
[40]

ERC-7517: Content Consent for AI/ML Data Mining

Chen B, Yang T. ERC-7517: Content Consent for AI/ML Data Mining. Ethereum Request for Comments, 2023. https://eips.ethereum.org/EIPS/eip-7517. Accessed: 2026

work page 2023
[41]

ERC-8033: Agent Council Oracles

Parikh R, Ross JM. ERC-8033: Agent Council Oracles. Ethereum Request for Comments, 2025. https://eips.ethereum.org/EIPS/eip-8033. Accessed: 2026

work page 2025
[42]

ERC-7913: Signature Verifiers

Croubois H, García E, Giordano F, Greenberg A. ERC-7913: Signature Verifiers. Ethereum Request for Comments, 2025. https://eips.ethereum.org/EIPS/eip-7913. Accessed: 2026

work page 2025
[43]

Interoperable Architecture for Digital Identity Delegation for AI Agents with Blockchain Integration.arXiv preprint arXiv:2601.149822026

Saavedra DR. Interoperable Architecture for Digital Identity Delegation for AI Agents with Blockchain Integration.arXiv preprint arXiv:2601.149822026

work page arXiv
[44]

Garzon SR, Vaziry A, Kuzu EM, Gehrmann DE, Varkan B,et al.AI Agents with Decentralized Identifiers and Verifiable Credentials.arXiv preprint arXiv:2511.028412025

work page arXiv
[45]

Fostering AI alignment through blockchain, proof of personhood and zero knowledge proofs.Cluster Computing2025 28(15):983

Neulinger A, Sparer L. Fostering AI alignment through blockchain, proof of personhood and zero knowledge proofs.Cluster Computing2025 28(15):983

work page
[46]

Vulnerability Detection in Smart Contracts: A Comprehensive Survey.arXiv preprint arXiv:2407.079222024 doi:10.48550/arXiv.2407.07922

De Baets C, Suleiman B, Chitizadeh A, Razzak I. Vulnerability Detection in Smart Contracts: A Comprehensive Survey.arXiv preprint arXiv:2407.079222024 doi:10.48550/arXiv.2407.07922

work page doi:10.48550/arxiv.2407.07922
[47]

BlockScan: Detecting Anomalies in Blockchain Transactions

Yu J, Wu X, Liu H, Guo W, Xing X. BlockScan: Detecting Anomalies in Blockchain Transactions. In Advances in Neural Information Processing Systems (NeurIPS). 2025

work page 2025
[48]

Zkcnn: Zero knowledge proofs for convolutional neural network pre- dictions and accuracy

Liu T, Xie X, Zhang Y . Zkcnn: Zero knowledge proofs for convolutional neural network pre- dictions and accuracy. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security. 2021 pp. 2968–2985

work page 2021
[49]

Mystique: Efficient conversions for{Zero-Knowledge} proofs with applications to machine learning

Weng C, Yang K, Xie X, Katz J, Wang X. Mystique: Efficient conversions for{Zero-Knowledge} proofs with applications to machine learning. In 30th USENIX Security Symposium (USENIX Security 21). 2021 pp. 501–518

work page 2021
[50]

zkLLM: Zero Knowledge Proofs for Large Language Models

Sun H, Li J, Zhang H. zkLLM: Zero Knowledge Proofs for Large Language Models. In Pro- ceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security. New York, NY , USA: Association for Computing Machinery, 2024, CCS ’24 p. 4405–4419. doi:10.1145/3658644.3670334

work page doi:10.1145/3658644.3670334 2024
[51]

ZKML: An Optimizing System for ML Inference in Zero-Knowledge Proofs

Chen BJ, Waiwitlikhit S, Stoica I, Kang D. ZKML: An Optimizing System for ML Inference in Zero-Knowledge Proofs. In Proceedings of the Nineteenth European Conference on Computer Systems. New York, NY , USA: Association for Computing Machinery, 2024, EuroSys ’24 p. 560–574. doi:10.1145/3627703.3650088

work page doi:10.1145/3627703.3650088 2024
[52]

Zen: An optimizing compiler for verifiable, zero- 43 Journal Paper type knowledge neural network inferences.Cryptology ePrint Archive2021

Feng B, Qin L, Zhang Z, Ding Y , Chu S. Zen: An optimizing compiler for verifiable, zero- 43 Journal Paper type knowledge neural network inferences.Cryptology ePrint Archive2021

work page
[53]

Xie T, Lu T, Fang Z, Wang S, Zhang Z,et al.zkpytorch: A hierarchical optimized compiler for zero-knowledge machine learning.Cryptology ePrint Archive2025

work page
[54]

Zarinjouei F, Abdolmaleki B, Zarezadeh M, Mohee B, Abidin A,et al.zkRNN: Zero-Knowledge Proofs for Recurrent Neural Network Inference.Cryptology ePrint Archive2026

work page
[55]

Zero-Knowledge Proofs of Training for Deep Neural Networks

Abbaszadeh K, Pappas C, Katz J, Papadopoulos D. Zero-Knowledge Proofs of Training for Deep Neural Networks. In Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security. New York, NY , USA: Association for Computing Machinery, 2024, CCS ’24 p. 4316–4330. doi:10.1145/3658644.3670316

work page doi:10.1145/3658644.3670316 2024
[56]

In Proceedings of the 2023 ACM SIGSAC conference on computer and communications security

Garg S, Goel A, Jha S, Mahloujifar S, Mahmoody M,et al.Experimenting with zero-knowledge proofs of training. In Proceedings of the 2023 ACM SIGSAC conference on computer and communications security. 2023 pp. 1880–1894

work page 2023
[57]

On-chain zero-knowledge machine learning: An overview and comparison.Journal of King Saud University - Computer and Information Sciences2024 36(9):102207

Keršiˇc V , Karakatiˇc S, Turkanovi´c M. On-chain zero-knowledge machine learning: An overview and comparison.Journal of King Saud University - Computer and Information Sciences2024 36(9):102207. doi:https://doi.org/10.1016/j.jksuci.2024.102207

work page doi:10.1016/j.jksuci.2024.102207 2024
[58]

Peng Z, Wang T, Zhao C, Liao G, Lin Z,et al.A survey of zero-knowledge proof based verifiable machine learning.arXiv preprint arXiv:2502.185352025

work page arXiv
[59]

doi:10.1109/COMST.2025.3561657

Xing Z, Zhang Z, Zhang Z, Li Z, Li M,et al.Zero-Knowledge Proof-Based Verifiable Decentralized Machine Learning in Communication Network: A Comprehensive Survey.IEEE Communications Surveys & Tutorials2026 28:985–1024. doi:10.1109/COMST.2025.3561657

work page doi:10.1109/comst.2025.3561657 2025
[60]

opML: Optimistic Machine Learning on Blockchain 2024

Conway K, So C, Yu X, Wong K. opML: Optimistic Machine Learning on Blockchain 2024

work page 2024
[61]

opp/ai: Optimistic privacy-preserving ai on blockchain

So C, Conway K, Yu X, Yao S, Wong K. opp/ai: Optimistic privacy-preserving ai on blockchain. arXiv preprint arXiv:2402.150062024

work page arXiv
[62]

Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware

Tramèr F, Boneh D. Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware.arXiv preprint arXiv:1806.032872019

work page Pith review arXiv
[63]

Memory-Efficient Deep Learning Inference in Trusted Execution Environments

Truong JB, Gallagher W, Guo T, Walls RJ. Memory-Efficient Deep Learning Inference in Trusted Execution Environments. In 2021 IEEE International Conference on Cloud Engineering (IC2E). 2021 pp. 161–167. doi:10.1109/IC2E52221.2021.00031

work page doi:10.1109/ic2e52221.2021.00031 2021
[64]

InferONNX: Practical and privacy-preserving machine learning inference using trusted execution environments

Papafragkaki K, Vasiliadis G. InferONNX: Practical and privacy-preserving machine learning inference using trusted execution environments. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, 2025 pp. 25–43

work page 2025
[65]

Secured and Privacy-Preserving GPU- Based Machine Learning Inference in Trusted Execution Environment: A Comprehensive Survey

Chaudhuri A, Shukla S, Bhattacharya S, Mukhopadhyay D. Secured and Privacy-Preserving GPU- Based Machine Learning Inference in Trusted Execution Environment: A Comprehensive Survey. In 2025 17th International Conference on COMmunication Systems and NETworks (COMSNETS). 2025 pp. 207–216. doi:10.1109/COMSNETS63942.2025.10885734

work page doi:10.1109/comsnets63942.2025.10885734 2025
[66]

https://baifund.io/, 2026

bAI Fund: TEE-Executed On-chain Agent Fund. https://baifund.io/, 2026. Accessed: 2026-02-12

work page 2026
[67]

https://mindnetwork.xyz, 2026

Mind Network: HTTPZ Protocol for Fully Encrypted AI. https://mindnetwork.xyz, 2026. Accessed: 2026-02-12

work page 2026
[68]

A Framework for Cryptographic Verifiability of End-to-End AI Pipelines

Balan K, Learney R, Wood T. A Framework for Cryptographic Verifiability of End-to-End AI Pipelines. In Proceedings of the 10th ACM International Workshop on Security and Privacy 44 Journal Paper type Analytics. New York, NY , USA: Association for Computing Machinery, 2025, IWSPA ’25 p. 49–59. doi:10.1145/3716815.3729011

work page doi:10.1145/3716815.3729011 2025
[69]

SoK: Verifiable Federated Learning.Cryptology ePrint Archive2025

Bruschi F, Esposito M, Gagliardoni T, Rizzini A. SoK: Verifiable Federated Learning.Cryptology ePrint Archive2025

work page
[70]

Privacy-Preserving LLM Inference in Practice: A Comparative Survey of Techniques, Trade-Offs, and Deployability.Cryptology ePrint Archive 2026

Andreoletti D, Rudi A, Carpanzano E, Leidi T. Privacy-Preserving LLM Inference in Practice: A Comparative Survey of Techniques, Trade-Offs, and Deployability.Cryptology ePrint Archive 2026

work page 2026
[71]

Ethereum Request for Comments, 2020

Sandford R, Siri L, Tirosh D, Weiss Y , Forshtat A,et al.ERC-2771: Secure Protocol for Native Meta Transactions. Ethereum Request for Comments, 2020. https://eips.ethereum.org/EIPS/eip-2771. Accessed: 2026

work page 2020
[72]

EIP-3074: AUTH and AUTHCALL Opcodes

Wilson S, Dietrichs A, Garnett M, Zoltu M. EIP-3074: AUTH and AUTHCALL Opcodes. Ethereum Improvement Proposals, 2020. https://eips.ethereum.org/EIPS/eip-3074. Accessed: 2026

work page 2020
[73]

ERC-7562: Account Abstraction Validation Scope Rules

Weiss Y , Tirosh D, Forshtat A, Nacson S. ERC-7562: Account Abstraction Validation Scope Rules. Ethereum Request for Comments, 2023. https://eips.ethereum.org/EIPS/eip-7562. Accessed: 2026

work page 2023
[74]

Ethereum Improvement Proposal, 2022

Salem M, Rosario L, Cusack W, Tirosh D, Moxey J,et al.EIP-5792: Wallet Call API. Ethereum Improvement Proposal, 2022. https://eips.ethereum.org/EIPS/eip-5792. Accessed: 2026

work page 2022
[75]

ERC-7821: Minimal Batch Executor Interface

Vectorized, Moxey J, Croubois H. ERC-7821: Minimal Batch Executor Interface. Ethereum Request for Comments, 2024. https://eips.ethereum.org/EIPS/eip-7821. Accessed: 2026

work page 2024
[76]

ERC-7766: Signature Aggregation for ERC-4337

Buterin V , Weiss Y , Tirosh D, Nacson S, Forshtat A. ERC-7766: Signature Aggregation for ERC-4337. Ethereum Request for Comments, 2024. https://eips.ethereum.org/EIPS/eip-7766. Accessed: 2026

work page 2024
[77]

ERC-7836: Wallet Call Preparation API

Rosario L, Swenberg C, Hodges A, Bhandari P, Moxey J. ERC-7836: Wallet Call Preparation API. Ethereum Request for Comments, 2024. https://eips.ethereum.org/EIPS/eip-7836. Accessed: 2026

work page 2024
[78]

ERC-7677: Paymaster Web Service Capability

Rosario L, Tirosh D, Cusack W, Gazso K, Jumali H. ERC-7677: Paymaster Web Service Capability. Ethereum Request for Comments, 2024. https://eips.ethereum.org/EIPS/eip-7677. Accessed: 2026

work page 2024
[79]

SoK: Design, vulnerabilities, and security measures of cryptocurrency wallets.Computer Networks2025 p

Erinle Y , Kethepalli Y , Feng Y , Xu J. SoK: Design, vulnerabilities, and security measures of cryptocurrency wallets.Computer Networks2025 p. 111691

work page
[80]

Security Evaluation of Smart Contract-Based On-chain Ethereum Wallets

Praitheeshan P, Pan L, Doss R. Security Evaluation of Smart Contract-Based On-chain Ethereum Wallets. In Network and System Security, Kutyłowski M, Zhang J, Chen C, eds. Cham: Springer International Publishing, 2020 pp. 22–41

work page 2020

Showing first 80 references.