Autheo Platform · Identity Layer
TheoID
Post-quantum sovereign identity for people, validators, devices, and AI agents. TheoID is a native component of the Autheo Layer-0 OS — not a third-party integration.
Formerly known as AutheoID. Renamed May 2026. Trademark pending.
Most blockchains do not have a native identity layer. Developers who need authentication, credential issuance, or sovereign identity for users or agents have to stitch together external services — wallet providers, third-party DID registries, centralised OAuth, or Web2 auth vendors. TheoID removes that dependency. It is built into the Autheo OS at the same layer as compute, storage, and AI inference, which means every application on Autheo can access post-quantum identity without integrating a separate stack.
What TheoID provides
Post-Quantum Key Material
Every TheoID credential uses NIST-selected algorithms — ML-KEM (Kyber), ML-DSA (Dilithium), and SLH-DSA (Falcon) — so identities remain secure against both classical and anticipated quantum attacks. Hybrid signing paths are planned for the migration window.
Self-Sovereign by Design
There is no central issuer. Users own their keys. Identity is anchored on-chain, not in a corporate directory or cloud provider. This design eliminates the single point of failure that centralised identity systems introduce.
Universal Subject Types
TheoID issues verifiable credentials for people, enterprises, validator nodes, IoT devices, and autonomous AI agents. The same credential model spans human and machine identity without requiring a different system for each.
W3C Standards Alignment
TheoID is designed to interoperate with W3C Decentralized Identifiers (DIDs) and W3C Verifiable Credentials (VCs). Existing identity tooling and compliance workflows that speak the W3C stack can integrate without starting from scratch.
THEO Token Utility
THEO is used for TheoID registration, credential management, and post-quantum identity operations. Identity is a first-class demand vector for the THEO utility token, not a free side-effect.
KYA Integration
TheoID is the anchor layer for Know Your Agent (KYA), Autheo's credential reference framework for AI agent identity, controller identity, merchant identity, and mandate credentials. As autonomous agents transact on behalf of users, TheoID gives counterparties a verifiable answer about who is acting and under what authority.
Post-quantum cryptography
Quantum computers capable of breaking elliptic-curve cryptography (ECDSA, EdDSA) are not yet operational, but credentials and long-lived identities issued today may be harvested and decrypted later. TheoID is built on NIST-selected post-quantum algorithms from day one so that identities issued on Autheo are not retroactively vulnerable.
The three algorithms in use are:
- ML-KEM (Kyber) — key encapsulation mechanism for establishing shared secrets.
- ML-DSA (Dilithium) — lattice-based digital signature algorithm for credential signing and verification.
- SLH-DSA (Falcon / SPHINCS+) — stateless hash-based signature scheme for long-lived credentials where signature size is acceptable.
Hybrid signing paths (classical + post-quantum) are planned for the transition period so existing tooling remains compatible while quantum resistance is phased in.
Who and what TheoID identifies
| Subject type | Use |
|---|---|
| Person / user | Sovereign wallet authentication, credential holder, KYC/KYB anchor |
| Enterprise / organization | Corporate identity, partner credentials, compliance anchoring |
| Validator node | Node ownership proof, on-chain TheoID binding, staking eligibility |
| IoT / device | Device identity for DePIN workloads, edge compute, sensor networks |
| AI agent | Agent credential, controller binding, KYA mandate authorization |
TheoID and AI agents: Know Your Agent
Autonomous AI agents now buy, subscribe, pay for API access, and execute mandates on behalf of users. Existing identity primitives describe people and companies. They do not describe agents. TheoID provides the anchor layer for Know Your Agent (KYA), Autheo's credential reference framework that defines agent credentials, controller credentials, merchant credentials, and mandate credentials, all verifiable by any counterparty.
This matters because as autonomous agent transactions scale, the question “who authorized this agent to spend on my behalf?” needs a cryptographically verifiable answer — not a policy document. TheoID provides that answer.
THEO token and identity
THEO is used for TheoID registration, credential management, and post-quantum identity operations. Identity is one of six demand vectors for the THEO utility token (alongside staking, compute, storage, AI inference, and transaction fees). Every application on Autheo that uses TheoID contributes to organic, usage-driven demand for THEO.
Read more about the THEO token identity utility.
About the rename
TheoID was previously called AutheoID. The rename to TheoID took effect in May 2026 and aligns the product name with the THEO token and THEO AI naming convention across the platform. All existing references to AutheoID refer to the same system under its new name. The trademark application for TheoID is pending.