When LF Decentralized Trust held its first annual Member Summit in October 2024, Linux Foundation CEO Jim Zemlin issued a challenge to the members: LF itself needs decentralized trust solutions—starting with the Linux kernel project.
Jim explained the infamous XZ attack—where a fictitious developer (most likely a state actor) took two years to gain maintainer status for a popular Linux utility—came perilously close to being the worst malware attack in the history of the Internet.
Jim wanted a privacy-preserving solution that could protect any open source project by enabling developers to prove they were real persons with real first-person trust relationships—without requiring a centralized identity database.
In fact, the Linux kernel project already has a basic form of this protection: it implements the classic PGP web of trust model as explained in this article by LF Projects IT Director Konstantin Ryabitsev. Each kernel developer must have their PGP keys signed by two other kernel developers to join this web of trust. Figure 1 is the classic illustration of this model from Wikipedia:
Figure 1: The classic PGP web of trust model (source: Wikipedia)
There are two major challenges with the web of trust model. The first is privacy: the model is only useful if the graph of key signing relationships is publicly accessible, yet there are often many reasons for some relationships to be kept private.
Secondly, this model depends on manual key signing operations that do not scale. For example, Konstantin currently maintains all of the kernel developer keys in a special git repo. While this level of manual effort is necessary to secure the Linux kernel, it is hard to justify for the hundreds of other LF open source projects—let alone the tens of thousands of other open source projects around the world.
Proving a developer is a real and trusted person is a specific case of proof of personhood—proving that anyone online is a real, unique person and not a bot or AI agent. As it happens, the jaw-dropping speed of AI adoption has thrust proof of personhood to the very forefront of the AI agenda. No less an AI luminary than Sam Altman co-founded World (formerly Worldcoin) to attempt to solve the problem with a specialized hardware biometric device called the Orb.
Needless to say, any Internet–scale solution to proof of personhood that requires a biometric database is an invitation to privacy disaster. So a group of architects at Trust Over IP (ToIP), an open standards project under LF Decentralized Trust, proposed a decentralized solution based on personhood credentials. To quote from the August 2024 paper of that name:
…personhood credentials (PHCs) empower holders to demonstrate to providers of digital services that they are a person without revealing anything further. Building on related concepts like proof-of-personhood and anonymous credentials, these credentials can be stored digitally on holders’ devices and verified through zero-knowledge proofs.
_____________________________________________________________________________________________________________________________________________
Zero-knowledge proofs (ZKP) play a special role in protecting the privacy of personhood credentials. LF Decentralized Trust CTO Hart Montgomery and a team of cryptographers led by Berkeley professor Dr. Sanjam Garg have been developing a ZKP architecture specifically optimized for this purpose. See their article, Proving Personhood Without Handing Over the Keys, and this new Cryptology Archive paper: A Cryptographic Framework for Proof of Personhood.
_______________________________________________________________________________________________________________________________________
Based on their five years of work on the ToIP stack, the ToIP architects realized that personhood credentials could be combined with another new type of digital credential called a verifiable relationship credential (VRC) to build a decentralized trust graph (DTG). This DTG model could solve both the automation and scalability challenges of the web of trust model.
First, every node in the DTG is identified not with a cryptographic key, but with a decentralized identifier (DID). DIDs are a W3C standard for cryptographically verifiable identifiers that do not require a centralized database. Every DID resolves to a DID document that contains the cryptographic key(s) and network service endpoint(s) bound to the DID. This means both keys and endpoints can be rotated—for the lifetime of a relationship—without changing the identifier.
Second, every node in the DTG is represented by a verifiable trust agent (VTA). This is a software agent (optionally an AI agent) that issues and accepts DTG credentials and performs other standard DTG trust tasks on behalf of its principal using a standard DID-to-DID protocol such as DIDComm or the ToIP Trust Spanning Protocol (TSP).
Figure 2 shows how each actor in the web of trust of Figure 1 can use a VTA to: 1) exchange pairwise private DIDs and DID documents to create a private channel, and 2) exchange pairwise signed VRCs containing the DID pair.
Figure 2: Using VTAs to exchange DIDs and VRCs to create verifiable peer-to-peer trust relationships
When it comes to scaling, however, the biggest difference between the web of trust model and the DTG model is that the former has only one type of node—a peer—while the DTG has four node types:
All four of these node types can instantiate direct peer-to-peer trust relationships using VRCs. However, only verifiable trust communities (VTCs) can issue verifiable membership credentials (VMCs). And only VMCs that meet the issuer requirements defined in the Personhood Credentials paper (i.e., one per unique person) can qualify as PHCs.
Figure 3 illustrates how a classic peer-to-peer web of trust—such as the Linux kernel project—can be turned into a VTC.
Figure 3: Adding a VTC node with a VTA issuing VMCs to the members of a trust community.
VTCs and VMCs enable trust relationships to be verified not just within trust communities, but across trust communities. For example, a developer who is a member of one open source project—such as the Linux kernel—could use that VMC to prove their credentials to a different open source project.
In fact, because every VTC is addressable using its own DID, the DTG model can scale to millions of VTCs the same way the web scales to millions of websites. Furthermore, VTCs can join together under common governance to form verifiable trust networks (VTNs) of any size. Membership of a VTC in a VTN can be verified using the ToIP Trust Registry Query Protocol (TRQP) within a trust registry network such as the Ayra Trust Network.
One of the newest LF Decentralized Trust members, the First Person Cooperative, was formed last October with a mission to use the DTG model to build and govern a VTN called the First Person Network (FPN)—the first global network designed to provide universally interoperable personhood credentials. See the First Person white paper for more details.
After Jim Zemlin announced the decentralized trust initiative in his keynote address at the March 2025 LF Member Summit, ToIP formed the Decentralized Trust Graph Working Group to standardize all the basic building blocks. A few months later, Affinidi CEO Glenn Gore and DTGWG member Geoff Turk began implementing these components in Rust. Last week at the 2026 LF Member Summit, LF Decentralized Trust Executive Director Daniela Barbosa announced they had contributed three new LFDT Labs:
Once the DTGWG completes the rest of its specifications followed by these reference implementations, the Linux kernel and other LF projects can begin standing up and testing their own instances of OpenVTC. The goal is for the kernel project instance to be ready for maintainers to review at the Linux Kernel Maintainer Summit October 8 in Prague.
Of course, the DTG model is not limited to open source projects. It can be adopted by any size or type of trust community, from a family to a church to a university to a corporation to a nation state. In fact, every in-person event is a type of trust community. Many event attendees come for the express purpose of discovering new relationships. And most attendees want to carry those relationships forward afterwards—as do the event organizers.
The new model for a live event—building personal trust graphs and community trust graphs together at the same event—was put to the test for the first time last Monday at the H2H Summit on Human Agency, the day before LF Member Summit.
Focused on proof of personhood for individuals and proof of control for AI agents, the event featured a mobile app called H2H Connect developed by Affinidi. It enabled the 200 attendees to form first-person connections and instantly exchange VRCs, electronic business cards, and private end-to-end encrypted messages. Attendees could also connect to the H2H matchmaking agent to discover new relationships, as well as talk to AI agents representing H2H, Affinidi, Google, FaceTec, LF Decentralized Trust, and the First Person Cooperative.
Over 650 new human-to-human connections were formed; over 250 human-to-agent connections were made; and over 30,000 encrypted messages were exchanged in just one day.
It was an auspicious start to the Internet of Trust—powered by open standards and open source code from LF Decentralized Trust.