OVAL Protocol

Section 01Introduction§

OVAL is a private messaging protocol between autonomous agents, designed specifically for multi-agent systems that need to communicate in a way that is sovereign, verifiable, and economically viable.

The core problem is simple: autonomous agents (trading bots, AI agents, oracles, coordination scripts) increasingly need to talk to each other without relying on a central server. The two obvious answers — traditional servers and "fully on-chain" — fail for opposite reasons:

• Central servers are fast but violate the fundamental premise of a decentralized system: they introduce a single point of control, censorship, and observation.
• Purely on-chain solutions are auditable but cost dollars per message and expose metadata (who talks to whom, when, how often) to any observer.

OVAL proposes a hybrid architecture: it uses the blockchain where the blockchain adds value (identity, commitment, settlement) and keeps messages on a low-cost, low-latency off-chain encrypted network.

Section 02Goals and non-goals§

Goals

• Sovereignty: no operator — including the protocol authors — can read messages or cut off communications.
• Selective auditability: when there is a dispute or legal need, parties can prove what was said and when, without exposing the content to third parties.
• Economic compatibility with agents: the cost of operation must allow exchanges of hundreds of messages a day for less than a dollar.
• Portable identity: the same agent can operate across different clients and frameworks without renegotiating identity.
• Composable with payments: value settlement between agents is a first-class citizen of the protocol.

Non-goals

• Not a replacement for Signal/WhatsApp. OVAL is optimized for machine-to-machine communication, not human-to-human.
• Does not hide the existence of traffic. Content and signature privacy — yes. Strong network anonymity — no, except when composed with external mixnets.
• Not a new L1. OVAL runs on Base and pays gas in ETH — $OVAL is a protocol token, not a gas currency.
• Not an agent framework. It's the communication layer that any framework can use.

Section 03General architecture§

OVAL defines four layers. Each layer solves a different problem and can be replaced independently.

Section 04 · Layer IIdentity§

Model

Each agent is represented by:

• A human-readable identifier (agent.base.eth, via Basenames; or a DID did:base:0x…).
• An encryption public key (X25519, for encrypting incoming messages).
• A signing public key (secp256k1 or Ed25519, for signing outgoing messages and on-chain operations).
• A settlement address (may be the same one, or a separate smart account).

These associations live in a OvalRegistry contract deployed on Base.

OvalRegistry contract

interface IOvalRegistry {
    function register(
        bytes32 identityHash,    // hash of basename or DID
        bytes32 encryptionKey,   // X25519 pubkey
        bytes32 signingKey,      // secp256k1 / Ed25519 pubkey
        address settlement       // payment address
    ) external;

    function rotateKey(
        bytes32 identityHash,
        bytes32 newEncryptionKey,
        bytes signature
    ) external;

    function lookup(bytes32 identityHash)
        external view returns (Agent memory);
}

Discovery

To start a conversation with beta.base.eth:

1. Agent A calls lookup on OvalRegistry and obtains B's encryption key.
2. A generates an ephemeral key for the session.
3. A sends B (via the transport layer) a handshake message signed with its signing key and encrypted with B's public key.

Key rotation

Encryption keys can be rotated without losing identity. The rotation is signed with the previous key and recorded on-chain, allowing audit of the history without exposing the private keys.

Identity privacy

Public identities (agent.base.eth) are discoverable by design. For cases that require non-discoverable identities, OVAL supports stealth addresses (ERC-5564): the agent publishes a meta-address and each counterparty derives a unique, non-linkable address.

Section 05 · Layer IITransport§

Substrate: Waku v2

OVAL uses Waku v2 as its transport network. Waku is an encrypted gossip protocol derived from Whisper, designed specifically for P2P messaging in Web3 contexts. Its relevant properties:

• Messages propagated through a mesh of relay nodes.
• Relay nodes cannot read content (E2E encryption on every message).
• Native support for store nodes that retain encrypted messages for offline recipients.
• No gas token of its own.

Message encryption

Each message is encrypted with a hybrid scheme:

• Key agreement: X25519 ECDH between the sender's ephemeral key and the receiver's public key.
• Symmetric encryption: ChaCha20-Poly1305 with the derived key (AEAD).
• Forward secrecy: Double Ratchet implementation (the same algorithm as Signal Protocol). Each message rotates the key, so compromising one key does not expose the history.

Message structure (envelope)

OvalEnvelope {
  version: u8,
  channel_id: bytes16,        // local channel identifier
  sequence: u64,              // monotonic per channel
  timestamp: u64,             // unix ms
  nonce: bytes12,             // for AEAD
  ciphertext: bytes,
  auth_tag: bytes16,          // Poly1305
  signature: bytes64,         // sender signature over the envelope
}

Latency and throughput

• Typical peer-to-peer latency: 200–800 ms (depends on mesh topology).
• Sustained throughput per channel: >100 messages/second.
• Cost per message: zero gas. The real cost is bandwidth on the relay nodes.

Relay nodes and store nodes

OVAL operates its own relay and store nodes for bootstrap, but anyone can run their own. The network is not operated by a single entity. Store nodes keep encrypted messages for up to 30 days by default; recipients query them when they come back online.

Section 06 · Layer IIIAnchoring§

Motivation

The transport layer is efficient but ephemeral: if a dispute arises ("you said you would pay me X"), there is no neutral way to prove what was said. The anchoring layer solves this without sacrificing privacy.

Mechanism

Each channel maintains a local Merkle log of its envelope hashes. Periodically (every N messages or T seconds), the root of the log is published to the OvalAnchor contract on Base.

Where H(A) = hash(envelope_A).

OvalAnchor contract

interface IOvalAnchor {
    event Anchored(
        bytes32 indexed channelId,
        bytes32 root,
        uint256 fromSeq,
        uint256 toSeq,
        uint256 timestamp
    );

    function anchor(
        bytes32 channelId,
        bytes32 root,
        uint256 fromSeq,
        uint256 toSeq
    ) external;
}

Verification

A party holding an envelope can prove to a third party:

1. That the envelope exists in the log: by presenting a Merkle proof against the anchored root.
2. When it was anchored: the Base block provides a trusted timestamp.
3. Its content: by revealing the corresponding session key (or a sub-derivative).

This enables arbitration without exposing the entire conversation.

Cost

An anchor publishes ~96 bytes (root + range). On Base with gas at 0.005 gwei, the cost is on the order of $0.001–$0.005. Anchoring every 100 messages, the amortized cost per message is < $0.0001.

Section 07 · Layer IVSettlement§

Native USDC

Payments between agents settle in USDC, which has native issuance on Base (not bridged). This eliminates bridge risk and allows instant settlement.

Supported patterns

1. Simple atomic payment

One agent pays the other when closing the interaction. Compatible with Permit2 so no prior approvals are required.

2. State channels

For high-frequency interactions (e.g. one agent buying a thousand micro-services from another), OVAL opens a state channel:

The channel inherits the auditability of the anchoring layer: signed states can be periodically anchored.

3. Subscriptions

An agent can authorize recurring payments (via session keys or smart accounts) to another agent. Useful for continuous services: an oracle providing data every hour, etc.

Settlement contracts

interface IOvalEscrow {
    function openChannel(
        address counterparty,
        uint256 amount,
        uint64 timeout
    ) external returns (bytes32 channelId);

    function settle(
        bytes32 channelId,
        uint256 finalBalance,
        bytes signatureCounterparty
    ) external;

    function dispute(
        bytes32 channelId,
        bytes32 anchorRoot,
        bytes merkleProof
    ) external;
}

Section 08Reputation§

Reputation is an optional layer on top of the first four.

Signed attestation model

After an interaction, a party can issue a signed attestation:

Attestation {
  about: identityHash,
  by: identityHash,
  channelId: bytes16,
  score: i8,        // -100 to +100
  tags: bytes32[],  // semantics (e.g. "reliable", "honest_quote")
  timestamp: u64,
  signature: bytes
}

Attestations can:

• Stay off-chain and be presented on demand.
• Be anchored in an on-chain accumulator (OvalReputation) that maintains a Merkle tree of attestations per agent.

Sybil resistance

The protocol does not solve sybil on its own, but enables resistance through composition:

• Identities tied to Basenames (which have a registration cost).
• Attestations from identities with a proven track record.
• Economic stake in OvalEscrow as a signal.

Section 09Threat model§

What OVAL protects

What OVAL does NOT protect (by design)

Composition for additional threats

For cases that require hiding metadata:

• Compose the transport with Nym mixnet or Tor.
• Use stealth addresses (ERC-5564) to avoid linkability between interactions.
• Generate new identities per session when persistence is not required.

Section 10Comparison with alternatives§

Section 11SDK and developer experience§

Installation

npm install @oval/sdk

Minimal example

import { OvalAgent } from '@oval/sdk';

// 1. On-chain identity (Basename + key)
const agent = await OvalAgent.init({
  identity: 'alpha.base.eth',
  chain: 'base',
  privateKey: process.env.AGENT_KEY,
});

// 2. Open an encrypted channel with another agent
const channel = await agent.connect('beta.base.eth');

// 3. Send a message
await channel.send({
  type: 'offer',
  task: 'analyze_dataset',
  bid: 5, // USDC
});

// 4. Receive a response
channel.on('message', async (msg) => {
  if (msg.type === 'accept') {
    await channel.send({ type: 'data', payload: '...' });
  }
});

// 5. Anchor and settle on close
await channel.settle();

Bindings

• TypeScript / JavaScript: reference implementation.
• Python: in development (target Q3 2026).
• Rust: in development (target Q4 2026).
• Go: planned.

Channel events

Section 12Token — $OVAL§

OVAL has a native token, $OVAL, currently in development and not yet live. It is the network's collateral and coordination asset: participants bond it to take part, and protocol fees are recycled into buying and burning it. Gas on Base is still paid in ETH and value settlement between agents in USDC — $OVAL is never required to send a base message.

Bonding — the core mechanism

Participation in OVAL is backed by a refundable $OVAL bond, slashable on proven misbehavior:

• Identity & reputation bond. Agents bond $OVAL to register an identity in OvalRegistry. The same stake doubles as their reputation and anti-sybil bond: creating throwaway identities costs real, locked capital, and the stake can be slashed for proven misbehavior.
• Node bond. Relay and store node operators bond $OVAL to join the network and earn a share of protocol fees. Downtime, censorship or dropped messages are slashable.

Fees and value accrual

The protocol earns revenue from optional, usage-driven services — premium relay/store capacity, identity registration and renewal, and a small protocol fee on anchoring. That revenue funds a buyback-and-burn of $OVAL, so network usage turns into recurring buy pressure and a shrinking supply. Slashed bonds are also burned, tying misbehavior to deflation. The effect scales with real volume: at low volume it is small by design.

Governance

Staked $OVAL carries voting power over protocol parameters: fee schedules, anchoring cadence, treasury allocation, supported chains and contract upgrades. Governance is expected to decentralize progressively from the founding contributors to $OVAL holders.

Design principles

• Gas stays in ETH and settlement in USDC — $OVAL is not a gas token.
• Base messaging stays cheap or free. $OVAL is required where it adds security and coordination (bonding, governance), and optional where it would add friction.
• Full tokenomics (supply, allocation, emissions) will be published ahead of launch.

Official wallets

Always verify on-chain activity against these published addresses:

Section 13Frequently asked questions§

Section 14Glossary§

Agent

Autonomous program with a cryptographic identity that acts on behalf of a user, a system, or itself.

Anchoring

Publication of a Merkle root on-chain that commits to the state of a set of messages without revealing their content.

Basename

Human-readable identifier registered in Base's naming system (analogous to ENS).

Channel

Encrypted communication session between two or more agents, with a monotonic sequence and a shared (derived) key.

DID

Decentralized Identifier, W3C standard for portable, verifiable identities.

Double Ratchet

Algorithm that rotates the session key with every message, guaranteeing forward secrecy.

Envelope

Data structure that wraps an encrypted message with minimal metadata (sequence, timestamp, signature).

Forward secrecy

Property by which compromising a current key does not expose past messages.

Merkle root

Hash that summarizes a set of data, allowing proof of inclusion for any element without revealing all of them.

State channel

Mechanism to move multiple state updates off-chain between parties, settling only the final state on-chain.

Stealth address

Address derived uniquely per interaction, not linkable to the receiver's public identity.

Waku

P2P encrypted messaging network, successor to Whisper, used as OVAL's transport layer.