# SPT-Txn — Sovereign Policy Token Transactions > SPT-Txn is an open-source, privacy-preserving, blockchain-agnostic authorization framework for the FATF Travel Rule (Recommendation 16) and accountable AI-agent (agentic) payments. It lets regulated participants and autonomous agents prove that a transaction is authorized, in-scope, and compliant without exposing the customer's identity on the wire, using zero-knowledge scoped disclosure, a token-based authorization chain, and human-anchor escrow that is recoverable only under lawful process. Built by Violet Sky Security SEZC (Cayman Islands); reference implementation in Go on hardened OpenBSD, live at https://foss.violetskysecurity.com. ## What it is - A privacy-preserving FATF Travel Rule (Recommendation 16, the "crypto travel rule") compliance layer for VASPs and CASPs. - An accountability and authorization layer for agentic / AI-agent payments that composes with x402 (HTTP 402 machine-to-machine payments): it decides whether an autonomous agent may pay, within what scope, and who the accountable human is, before settlement. - Blockchain-agnostic: a ledger is a target behind an adapter, never a dependency. - Extends the OAuth Transaction Tokens work (draft-ietf-oauth-transaction-tokens) and aligns with the OAuth 2.0 Security Best Current Practice (RFC 9700). ## Core concepts - Token authorization chain: Compliance Attestation Token (CAT) then Capability Token (CT) then SPT-Txn Token, with monotonic scope attenuation ("scope can only narrow") verified by an eight-step offline engine. - humanAnchor: a zero-knowledge commitment to the accountable person, carried on-ledger (transaction Memo / SourceTag) with no personally identifiable information on the wire. - Escrow and lawful deanonymization: the real identity is sealed to an escrow authority and recoverable only via a signed, lawful-basis request under threshold custody. - Zero-knowledge proofs: Groth16 over BN254, ZK-friendly Poseidon2 hashing, and Baby Jubjub in-circuit signatures for agentic delegation chains. - Post-quantum hybrid cryptography: X25519 + ML-KEM-768 (FIPS 203) for both TLS transport and escrow encapsulation, resistant to harvest-now-decrypt-later attacks; signatures are on a defined ML-DSA migration path. - Trust Registry: issuer keys, roles, and algorithm assignments as a signed, locally-cached snapshot; algorithm selection is registry-governed, giving downgrade resistance. - Decentralized naming and identity: zkDID commitments and zkDNS, a capture-resistant name-to-key resolution root. ## Multi-chain transaction binding (implemented, testnet) The framework binds an authorization token to a specific ledger transaction via a canonical context hash. Supported ledgers: XRPL, Hedera, Solana, Stellar, Ethereum, Starknet, Aptos, Sui, Polkadot, XDC, Algorand, and EVM Layer-2 rollups (Arbitrum, Optimism, Base, BSC, Morph, X Layer). ## Papers and specifications - [SPT-Txn framework paper (PDF)](https://foss.violetskysecurity.com/papers/spt-txn-framework-expanded-v2.pdf): the comprehensive framework — token chain, zkDID and zkDNS, the cryptographic design (Poseidon2, BN254 vs BLS12-381, Groth16 vs PLONK), the post-quantum migration plan, the FATF Travel Rule deployment, and a CycloneDX CBOM. DOI 10.5281/zenodo.20870193. - Internet-Draft extending draft-ietf-oauth-transaction-tokens, adding Section 11 (Algorithm Agility and Post-Quantum Migration). - Public technical comments to NIST SP 800-133r3 (Recommendation for Cryptographic Key Generation). ## Project - Author: Rudolf J. Coetzee (ORCID 0009-0009-6557-8843). - Organization: Violet Sky Security SEZC, Cayman Islands. - Reference deployment: https://foss.violetskysecurity.com (live; post-quantum hybrid TLS, group X25519MLKEM768). - Status: reference implementation and multi-chain footprints are on public test networks; the framework, papers, and cryptographic design are public and open source. ## Keywords FATF Travel Rule, FATF Recommendation 16, crypto travel rule, VASP compliance, CASP, MiCA, zero-knowledge proof, privacy-preserving compliance, selective disclosure, agentic payments, AI agent authorization, autonomous agent compliance, x402, HTTP 402, machine payments, post-quantum cryptography, ML-KEM, X25519MLKEM768, hybrid key exchange, transaction tokens, OAuth, delegated authorization, capability tokens, blockchain-agnostic, decentralized identity, zkDID, zkDNS, XRPL, Ethereum, Solana, Hedera, Travel Rule solution.