Intent-Evaluated MPC requires signing nodes to independently verify the policy authorization hash before contributing partial signatures, adding a second cryptographic verification layer.
Intent-Evaluated MPC requires signing nodes to independently verify the policy authorisation hash before contributing partial signatures, adding a second cryptographic verification layer.
Standard multi-party computation distributes key shares across a node network and uses threshold mathematics to produce a valid signature — but nodes in a standard MPC setup execute signing when a threshold of partial signatures is reached, without independently checking whether the request is policy-authorised. Intent-Evaluated MPC changes this constraint: each signing node verifies the policy authorisation hash against the request before contributing its partial signature, introducing a verification layer that is independent of the orchestrator.
DeAgenticAI’s Agentic Control Plane [/glossary/agentic-control-plane/] enforces cryptographic policy over AI agent authority — separating what an agent can do from what it is authorized to do — in Web3 and enterprise financial environments. Intent-Evaluated MPC is Layer 7 of that stack, the MPC Distributed Execution layer, and is the component that transforms standard threshold signing into governance-grade signing where each node is an independent verification point — not just a key-share holder.
The Policy DSL [/glossary/policy-dsl/] rules governing the agent compile to a cryptographic authorisation hash — a deterministic output encoding the governance state at authorisation time. This hash travels with the signing request through the ACP stack.
The proposal passes through Layers 1–6 in sequence: agent identity is established (KYA [/glossary/kya-know-your-agent/]), prompt injection is blocked (Intent Sanitization [/glossary/intent-sanitization/]), governance rules are evaluated (Policy DSL), behavioural anomalies are checked (Fraud Detection), pre-authorised transactions are routed on session keys (Fast-Path Execution), and one key share is anchored to physical hardware (Hardware-Hybrid Custody [/glossary/hardware-hybrid-custody/]). A signing request that reaches Layer 7 carries the policy authorisation hash and has passed all six upstream gates.
The signing request is distributed to the t-of-n MPC node network. Each node holds one key share. A threshold of t partial signatures is required to reconstruct the final signature — no single node can produce a valid signature independently.
Each signing node independently verifies the policy authorisation hash and the signing request before contributing its partial signature, using its own local policy state — not a value supplied by the orchestrator. Per Whitepaper §9.2: "Each signing node independently verifies the policy hash and the signing request before contributing its partial signature." A hash mismatch causes the node to withhold its partial signature.
Nodes that pass verification contribute their partial signatures. When t-of-n nodes have contributed, the final signature is reconstructed and the transaction proceeds to chain broadcast. If a mismatch reduces contributing nodes below threshold, the signing ceremony fails and the action is blocked at the cryptographic layer — not at the application layer.
Standard MPC protects against key theft: an attacker needs t-of-n key shares to reconstruct the signing key. What it does not protect against is a compromised orchestrator. If the system issuing signing requests is manipulated, a standard MPC network will sign whatever request it receives once the threshold is met — no node independently checks whether the request is policy-authorised.
Intent-Evaluated MPC closes this gap. Each node's independent policy hash verification means a compromised orchestrator cannot fabricate a policy-authorised signing request without nodes detecting the mismatch and withholding their partial signatures. For autonomous AI agents executing on-chain at speed and scale — where a compromised agent could issue signing requests faster than any human review process — this is the architectural guarantee that governance holds even when the application layer fails.
Intent-Evaluated MPC is DeAgenticAI's core security primitive in which MPC signing nodes independently verify the policy authorisation hash before contributing partial signatures — adding a second cryptographic verification layer independent of the orchestrator. It is Layer 7 of the Agentic Control Plane stack (MPC Distributed Execution), and ensures governance rules are enforced at the node level, not just at the application layer.
Standard threshold MPC protects against key theft by distributing key shares — t-of-n nodes must contribute to reconstruct the signing key. It does not verify at the node level whether the request is policy-authorised. Intent-Evaluated MPC adds this check: each node verifies the policy authorisation hash before contributing. A compromised orchestrator submitting a policy-violating request will be rejected by nodes detecting the hash mismatch.
Hardware-Hybrid Custody (Layer 6) and Intent-Evaluated MPC (Layer 7) operate in sequence and address two distinct attack surfaces. Layer 6 anchors one key share to physical hardware, preventing cloud-based key theft. Layer 7 requires each node — including the hardware-anchored node — to independently verify the policy authorisation hash before contributing a partial signature, preventing governance bypass via orchestrator compromise. Layer 6 secures key material; Layer 7 enforces policy at signing time.
The node withholds its partial signature. Because threshold reconstruction requires t-of-n partial signatures, a node withholding drops the count below threshold, preventing the final signature from being assembled. The signing request fails without producing a valid signature, and the action is blocked at the cryptographic layer — not at the application layer. No valid signature means no chain broadcast.
Note: DefinedTerm + FAQPage deployed together per seo-geo-aeo-rules §5 Week 2.
Our early access is invite-only. Join the design partner waitlist to track DeAgenticAI's progress and shape governed autonomous execution with our team. No marketing fluff-just infrastructure updates.
By joining, you agree to receive updates about our platform. No spam, ever.