Aegis Wallet

Aegis is post-quantum infrastructure for autonomous AI agents on Ethereum. Every AI agent wallet today uses ECDSA, a signature scheme broken completely by a fault-tolerant quantum computer running Shor's algorithm. Agents cannot detect the threat, rotate their own keys, or pause operations when it happens.

Aegis solves this with three components: (1) ML-DSA-65 keypairs (NIST FIPS 204) for every agent at spawn time, (2) Groth16 ZK proofs that compress 3309-byte ML-DSA signatures to 256 bytes for on-chain verification at ~200k gas, a 76% reduction vs raw PQ verification, (3) a quantum oracle that autonomously calls deprecateECDSA() when threat signals cross a threshold, with no human intervention required.

ENS is the identity, discovery, and trust backbone. Every agent gets a subdomain under 0xaegis.eth via CCIP-Read (EIP-3668), with its full ML-DSA public key served off-chain and hash-verified on-chain. Agent capabilities, pricing, and endpoints are discoverable via ENS text records. The oracle broadcasts live threat status to threat.0xaegis.eth, a canonical feed any protocol can read.

The SDK (@0xaegis/sdk) integrates in 3 lines of TypeScript. The factory deploys agent accounts via CREATE2 for deterministic addresses. ENS registration, capability publishing, and agent-to-agent PQ handshakes are one-call operations.

Aegis is built as a TypeScript monorepo with five packages: smart contracts (Hardhat + Solidity), a ZK circuit (Circom 2.1.6 + snarkjs), an SDK, a CCIP-Read gateway server (Express), and a React/Vite landing page.

Cryptographic layer: Every agent gets an ML-DSA-65 keypair (NIST FIPS 204) generated via @noble/post-quantum. Because raw ML-DSA signatures are 3309 bytes, too expensive to verify on-chain, we compress them using a Groth16 ZK proof over BN254. The Circom circuit proves knowledge of a valid signature via a Poseidon hash commitment (Poseidon(sigHigh, sigLow, msgHash) === commitment), reducing the on-chain footprint to 256 bytes at ~200k gas vs. millions for raw lattice verification.

Smart contracts: Five contracts live on Sepolia, AegisAccount (the agent's smart wallet with dual ECDSA + ZK execution), AegisFactory (CREATE2 deployment for deterministic addresses), AegisENSResolver (CCIP-Read resolver for agent identity), ThresholdOracle (N-of-M voting to trigger ECDSA deprecation), and the auto-generated Groth16Verifier.

ENS + CCIP-Read (EIP-3668): Full 1952-byte ML-DSA public keys are too large for on-chain storage, so only a 32-byte keccak256(pubKey) lives on-chain. The full key is served off-chain via a CCIP-Read gateway and verified on-chain against the hash. This makes key rotation free, no new contract, just update the gateway and publish a new hash.

0G Network integration: We integrated 0G Storage as a decentralized, content-addressed backend for public keys (replacing Postgres), and 0G Compute to run a Qwen3-LLM inside a TEE for verifiable quantum threat scoring.

The notably hacky bit: The ZK circuit doesn't verify ML-DSA math in-circuit (full lattice verification in BN254 is prohibitively large). Instead, the off-chain AegisProver validates the signature using noble/post-quantum, then generates a Poseidon commitment proof. The contract trusts the proof but re-checks the commitment against the registered pubKeyHash, a two-layer verification that works but relies on the prover behaving honestly off-chain. We also mask the pubKeyHash to 128 bits in Solidity to match BN254 field arithmetic from the TypeScript side, which is unconventional but necessary for circuit compatibility.