For the last few months, alongside writing a new screenplay, I have been in a deep, obsessive design process developing Trust Mesh: a decentralized human-authorization network designed around an innovative insight that solves the Sybil problem without identity storage or capital.
The full vision is attached to this intro article as a book explaining the architecture and a formal specification stating the security claims as definitions, games, assumptions, constructions, lemmas, and theorems so the design can be attacked directly.
I have taken this project as far as I can on my own. The next step is expert review by cryptographers, protocol engineers, security researchers, and serious builders. If there is a fatal flaw, find it. If there is not, Trust Mesh is designed to solve a set of problems that are becoming increasingly urgent: how to give existing systems decentralized proof that a real human authorized a real action in real time, without turning that human into a surveillance record.
So this is the invitation: read it, share it, test it, and try to break it. If you work in cryptography, or are interested in decentralized networks, AI safety, identity, payments, or digital trust, this is for you. If you are an investor in this space, take the deep dive and contact me if you are interested. The world is inevitably converging on this problem, and I’m proposing Trust Mesh as the answer.
The Missing Human Layer of the Internet
Public blockchains solved one problem by refusing to trust intermediaries. They showed how open networks could coordinate money and shared state without asking a bank, platform, or government to decide what happened, which gave the internet a public settlement layer.
But they did it by making the account a key. That is what gives a crypto wallet its privacy and self-custody, and it is exactly what makes it powerful for bearer-asset settlement, but it’s also what makes it unsafe as a general human account. If the key signs, the action counts. If the key is stolen, the action still counts. If a person is deceived, coerced, deepfaked, phished, or impersonated, the system cannot tell. It sees only a valid signature and executes, with no native recourse or reversibility.
That is not a bug in blockchain. It is the trade-off. A key-based account works great for bearer finality, but it does not give our digital systems what they need: recovery when something goes wrong, rule-bound paths for dispute, correction, compliance, and institutional accountability, and verified proof that the right person authorized the transaction.
Permissionless blockchains also face another constraint. Because anyone can join, they need a way to stop one actor from becoming ten thousand. Without identity, they solve the Sybil problem with economic cost. Bitcoin answered with work. Ethereum and others answered with stake. So blockchain solves Sybil resistance with capital, which accumulates in validators and gives them power over ordering, inclusion, finality, and the truthful state of the network.
Trust Mesh starts somewhere else. It asks whether a decentralized network can verify that one real, unique, live human authorized this exact action, at this exact moment, without revealing who that human is?
That is the missing human layer. And solving it creates an entirely new type of account.
The Account That Should Not Exist
Today you have to choose between two broken account types.
A bank account gives you personhood without privacy. The institution knows who you are, which lets it protect, recover, reverse, and comply with law. But that same knowledge also lets it watch, freeze, close, report, and control.
A crypto wallet gives you privacy without personhood. No one knows who you are, but the system can’t tell whether the key is held by the owner, a thief, a bot, an agent, or one actor pretending to be many. This creates an attack surface and vulnerability to theft that makes it unsafe and inflexible for high-risk human-authorized workflows: consumer finance, account recovery, regulated actions, healthcare consent, and enterprise approvals, among others.
Trust Mesh creates a missing third type: an anonymous account backed by a unique human.
This is the shift that matters.
Trust Mesh is not merely a different validator design, a better timestamping system, or a new receipt format. It is a novel account type. A blockchain wallet is a key. A bank account is an identity record. A Trust Mesh Slot is an anonymous position backed by one unique human.
That Slot is not an identity database or a public biometric registry. This is not “sign in with Google” disguised by cryptography. It is a private human-backed position in the network that can prove authority for one bounded action at a time. Enrollment creates the Slot, which persists for continuity inside the protocol, and a real-time ceremony like Face ID generates a cryptographic receipt proving that the right live human who onboarded that Slot authorized this action.
The receipts are sent to relying parties as fresh, action-bound, and unlinkable, so they do not expose a cross-service account handle. That lets a bank, platform, enterprise, or public system require proof of live human authorization before allowing a sensitive login, approving an account change, or accepting another high-risk action. Trust Mesh does not merely prove that a credential was presented or a key signed. It proves that the right live human behind the account authorized this exact action. Privacy no longer has to mean unaccountability. Accountability no longer has to mean surveillance.
Once live human authorization becomes the acceptance condition, the tools of modern fraud lose their power to scale because they are restricted by human biological verification.
Why This Makes Fraud Unscalable
Modern fraud scales because credentials scale. A stolen password can be reused, a session can be hijacked, a voice can be cloned. An executive can be deepfake-generated, a bot farm can create infinite accounts, an AI agent can act inside someone’s environment faster than the institution can reconstruct the intent.
The system keeps asking the wrong question to gate the door: does this credential look valid?
Trust Mesh changes the question entirely: did the right live human authorize this exact action, even if they already got through the door?
The generated receipt is bound to the action: the login, the amount, the beneficiary, the document, the media release, the AI delegation, the prescription, the vote, or the consent. Each becomes verifiable at action time, gated by cryptographic proof from an anonymous account that only the verified human can authorize through the protocol.
A receipt for one action cannot authorize another, or be replayed later. A bot can’t manufacture one. A deepfake can’t produce one, and an AI agent can’t exceed the human delegation it was given if the systems it touches require receipts before acting.
Fraud does not disappear. But scalable fraud breaks economically because the attacker has to defeat the human verification on a device at the moment of transaction, and even then it is restricted to a single scoped action. That raises the marginal cost of fraud sharply and breaks the economics of credential replay, bot farms, and deepfake authorization at scale.
For an internet entering the age of AI-generated people, this becomes critical infrastructure. Institutions handling high-risk actions need a stronger primitive wherever human authorization matters, from banks, platforms, and newsrooms to marketplaces, hospitals, enterprises, and public institutions. The need for this human layer of authorization becomes urgent the moment “looks like a real human” and “sounds like a real human” stop being reliable signals because AI makes it impossible to tell the difference, which is frighteningly soon. The near-term Trust Mesh wedge is narrower than its eventual scope. It starts with content authenticity, AI-agent delegation, high-risk transactions, and security authorization. The use cases only broaden from there.
Once Sybil resistance comes from human uniqueness instead of capital or a global identifier, authority can move to the edge. Validators no longer create truth; they verify human-authorized actions. That unlocks a scalability and capture-resistance model blockchains cannot natively provide.
The Non-Intuitive Part: Permissioned Validators
Here is where Trust Mesh departs most sharply from a long-held, widespread crypto intuition that is true for blockchain but not for this design: not only can its validators be permissioned; for this authorization primitive, that is the safer choice, because validators do not have the power to create user authority, so there’s no “prize” to gain from capturing them that is worth the cost.
That sounds strange until you understand where authority lives. In a blockchain, validators or miners sit close to the source of truth: they shape ordering, inclusion, and finality. Because public blockchains solve Sybil resistance with poolable capital, authority accumulates wherever stake or hashpower accumulates. Capturing that layer does not merely disrupt infrastructure; it buys influence over what the network accepts as true, including ordering, censorship, finality, and the state history users rely on.
The Trust Mesh breakthrough is controlling Sybil resistance with a non-poolable scarce resource: verified human uniqueness without a global identifier. That changes where power lives. Capital can make validators accountable, but it cannot make them authoritative; validator bonds punish misconduct without becoming the source of user authority. Instead of concentrating truth and money in miners, validators, or token holders, Trust Mesh moves authority to the edge, where a live enrolled human authorizes one scoped action at a time.
Therefore, validator capture buys a much weaker prize. Even in a worst-case scenario where an attacker defeats the Byzantine-fault-tolerant threshold across multiple jurisdictions and captures a quorum of identified entities with reputations and legal exposure, the attacker does not obtain the blockchain-style jackpot: authority over the state of the system. It can stall, censor, or degrade traffic in the captured zone, but that is a visible denial-of-service attack. Traffic can route around it, the bonded operators can be slashed, and the system can heal without handing the attacker control. What the attacker cannot do is fabricate a live human act, forge an action-bound receipt, move an anonymous account, mint user authority, or seize a token pool because the validators don’t have that power, so capture creates an outage to recover from, not a throne to sit on.
Permissioned validators become possible because Trust Mesh solves Sybil resistance upstream, with verified human uniqueness rather than capital. There is no native token to steal, or central identity database, or biometric registry, or even an admin switch that can select an anonymous account and move its money. Validators do not hold a key that becomes authority, which means they can be admitted under institutional rules, constrained to run conforming software through hardware attestation, and prevented from concentrating control because the relevant powers are split across independent threshold committees and MPC protocols, not concentrated in any one validator, administrator, or institution.
This is the “no prize” idea at the heart of Trust Mesh: when a system is expensive to capture, and the reward is this limited, rational capture becomes so economically unattractive that the result is a security model capital-based networks cannot offer.
The book dives deep into the machinery: validator admission, jurisdictional diversity, hardware attestation, slashable bonds, public anchoring, auditors, governance thresholds, code-conformance controls, and the code-based lock on the governance of the Foundation itself. That lock ensures no one can move an anonymous account, forge a receipt, or identify a Slot, and the protocol itself can change only through supermajority approval by auditors, validators, and users, with each human holding one vote in their constituency.
Blockchain Still Matters
Trust Mesh is not an argument that blockchains are obsolete. It’s an argument that they solved a different problem. Public chains are powerful where bearer finality, open settlement, censorship resistance, and public state matter. Ethereum, in particular, is useful as a neutral substrate for anchoring records no Trust Mesh operator should be able to rewrite, which is why Trust Mesh anchors there. Trust Mesh uses blockchain where blockchain is strongest. It does not ask it to become a human-authorization layer, because that is not what blockchains were built to do natively.
An Evolution of Incentives
The current economy rewards extraction. The digital arena in particular extracts attention, identity, behavioral data, emotional volatility, and trust itself. The traditional way we made digital systems safer has been to demand more identity everywhere, which only deepens the surveillance bargain, and continues to create a data honeypot for attackers to exploit.
Trust Mesh points in the opposite direction, giving digital systems proof of human authorization without forcing people into dossiers. A newsroom or media outlet can prove their content is theirs without exposing the source; a deepfake can imitate the content, but it cannot fake cryptographic proof. An AI agent can be bound in its authority to act even if its intent evolves maliciously. A payment can be private in the middle and accountable at the KYC’d edges. A vote or claim can be verifiable one-human-one-participation without becoming a public identity trail.
The deeper shift is not only technical. It is institutional. The internet has been missing a way to trust human action without harvesting human identity for decades. Once that exists, many extractive business models stop being necessary. Some stop being defensible.
So the future is not “blockchain replaces institutions” or “institutions absorb blockchain.” The more interesting future is layered: public substrates for public commitments, specialized networks for human authorization, institutions for legal accountability, and users with greater control over the privacy of their transactions and digital identity.
Trust Mesh is the human layer in that stack.
The Invitation
Trust Mesh is proof of human authorization without surveillance identity.
That is the argument of the book. The formal specification is the adversarial object: 57 definitions, 6 security games, 18 assumptions, 65 constructions, 86 theorems, and 25 lemmas, with residuals and obligations named separately, so the claim can be attacked directly on the points that matter: uniqueness, unlinkability, receipt replay, validator capture, recovery, and coercion or device compromise.
I am not asking crypto readers, investors, engineers, or skeptics to accept Trust Mesh because the story is appealing. I am asking them to find the flaw. Try to break it. If there’s a fatal one, the work should fail. If there is not, the remaining problems are solvable, so the missing layer of the internet is closer than it seems: a system that can prove you are a real human without needing to know who you are.
That is Trust Mesh.
Download the book and specification PDFs here: Trust Mesh Book, Spec, Additional Materials
Additional review materials, including LLM-readable source and text files, are included in the same folder. The book is 276 pages (but 54 are appendices). Spec is over 900 pages - for cryptographers who are intrigued.