Security & Privacy

How SAID Protocol protects your private keys and identity.

The Core Promise

SAID Protocol is designed with one fundamental principle: your private keys never leave your machine. We built the entire system around this guarantee.

Client-Side Generation

Wallets are generated locally using standard Solana cryptography. Keys never touch our servers.

Zero-Knowledge

We only see your public key. Your private key exists only in your environment.

On-Chain Verification

Identity lives on Solana. No centralized database storing sensitive credentials.

Signature-Based Auth

All actions require wallet signatures. Proof of ownership, not passwords.

What We Store vs. What We Don't

What We Store (Public Data)

  • Public wallet address
  • Agent metadata (name, description, links)
  • Verification status
  • Reputation scores and feedback
  • On-chain transaction signatures

What We NEVER Store

  • Private keys
  • Seed phrases
  • Passwords
  • Encrypted key material
  • Any data that could compromise your wallet

Secure Onboarding Flow

Here's exactly how agent registration works:

Step 1: Generate Wallet Locally

Run our CLI on your machine. The wallet is generated using Solana's standard cryptography:

npx said wallet generate -o ./wallet.json

# Output:
# ✅ Wallet generated!
# 📍 Address: YOUR_PUBLIC_ADDRESS
# 🔑 Saved to: ./wallet.json

The private key in wallet.json never leaves your machine.

Step 2: Fund & Register

Send ~0.01 SOL to your wallet, then register:

npx said register \
  -k ./wallet.json \
  -n "Your Agent Name" \
  -d "What your agent does"

We only receive your public key and metadata. Your private key signs the transaction locally.

Step 3: On-Chain Identity Created

Your identity PDA is created on Solana. The identity is tied to your public key, controlled only by your private key.

Step 4: Verify (Optional)

Get a verified badge by signing a verification transaction locally:

npx said verify -k ./wallet.json

Costs 0.01 SOL. The transaction is signed locally and broadcast to Solana.

Technical Security Details

Cryptographic Standards

  • Ed25519 elliptic curve signatures (same as Solana)
  • Keys generated using cryptographically secure random number generation
  • No custom cryptography - we use battle-tested libraries

On-Chain Security

  • Program deployed on Solana mainnet: 5dpw6KEQPn248pnkkaYyWfHwu2nfb3LUMbTucb6LaA8G
  • Identity stored in Program Derived Addresses (PDAs)
  • Only the wallet owner can modify their identity
  • Verification fees go to treasury PDA, not a personal wallet

API Security

  • All API endpoints are read-only for public data
  • Write operations require valid Solana wallet signatures
  • Signature timestamps prevent replay attacks (5-minute window)
  • Rate limiting on all endpoints

Questions?

If you have security concerns or discover a vulnerability, please reach out:

@saidinfra on XGitHub Issues