A Decentralized Infrastructure for Trust-Aware Open Knowledge Sharing by Humans and AI Agents

The Semantic Web vision is largely in place — RDF, OWL, SPARQL, Linked Data — but knowledge still circulates as bulk dataset releases inside curated silos.

• No widely adopted way to publish single signed, citable assertions
• No shared trust layer outside central platforms
• No standard read surface with predictable provenance

And now AI agents need a substrate they can publish to and query from on equal terms with humans.

An open, decentralized ecosystem in which human (and machine) knowledge is shared as small, immutable, uniquely identified, cryptographically signed records, and trust is established through transparent algorithms over community assessments.

This paper makes that vision concrete: records, signing, registries, query, trust.

w3id.org/knowledge-space

How can a decentralized infrastructure enable open, trust-aware knowledge sharing at scale, without delegating trust judgement to a central operator?

• A federated architecture for decentralized, scalable nanopublication publishing and querying
• IDEBT — a deterministic, bounded trust algorithm with a locally verifiable trust network
• Reference implementations: Nanopub Registry and Nanopub Query
• Descriptive analysis of the live deployed network
• Controlled multi-node deployment study under two coverage configurations

Smallest unit of attributable, signed, structured knowledge — four named graphs:

• Head — wrapper linking the other three
• Assertion — the actual claim
• Provenance — who/how it was produced
• Publication info — signature, timestamp, license

Identified by a Trusty URI: a content-derived hash embedded in the URI itself, so every reference is self-verifying and immutable.

• Authenticates signatures, governs and replicates nanopublications
• Stores by (public key, type) — coverage configurable per instance
• Replicates list-by-list with running checksums; resumes after disruption
• Retractions are themselves nanopublications — flag, not delete
• Computes a deterministic trust state consumed by Query

• Materialised RDF4J indexes per signer / per type / sliding time window
• Admin graphs capture signatures, types, retractions, load order — most lookups are single SPARQL queries
• Mirrors the Registry's trust state by hash; trust-aware queries become plain joins
• Templated queries (OpenAPI) succeed the grlc-style service layer

The trust layer is itself made of nanopublications — signed, retractable, content-addressed:

• Setting — declares the trust root and propagation policy of a Registry
• Declaration — binds an agent (ORCID) to a public key
• Endorsement — one signer approvesOf another nanopublication
• Index — groups nanopublications (e.g. the seed agents in a setting)

# Setting — declares the trust root and propagation policy
sub:setting a npx:NanopubSetting ;
  npx:hasAgents              <…initialAgentsIndex> ;
  npx:hasTrustRangeAlgorithm npx:IDEBT10 ;
  npx:hasUpdateStrategy      npx:UpdatesByCreator .

# Declaration — binds an agent (ORCID) to a public key
sub:keyDecl npx:declaredBy   orcid:0000-0002-7487-4881 ;
            npx:hasAlgorithm "RSA" ;
            npx:hasPublicKey "MIGfMA0GCSqG…wIDAQAB" .

# Endorsement — approves another nanopublication (typically a declaration)
orcid:0000-0002-1267-0234
  npx:approvesOf <https://w3id.org/np/RA2rnE4Gi…> .

Iterative Declaration-Endorsement Bounded Trust.

• Seed-rooted, decay-bounded propagation along endorsement edges
• Bounded by depth MAX_DEPTH and ratio cutoff MIN_RATIO
• SELF_SHARE retained on the parent; (1 − SELF_SHARE) split across endorsed children
• Bounded · deterministic · re-runnable
• Trust state is content-addressable — peers mirror by hash, no consensus ledger

IDEBT():
  paths        ← { (chain = [$], ratio = 1.0, ¬primary) }
  declarations ← { peers.fetch(u) : u ∈ peers.fetch(setting.agentDeclCollection) }
  endorsements ← ∅
  N            ← { ($, (a, k)) : (a, k) declared by some D ∈ declarations }

  for d = 1 to MAX_DEPTH:
    expand ← SelectFrontier(d - 1)
    if expand = ∅: break
    for p in expand:
      k ← pubkey(end(p))
      declarations ← declarations ∪ peers.fetch(k, DECLARE_TYPE)
      endorsements ← endorsements ∪ peers.fetch(k, ENDORSE_TYPE)
      N ← N ∪ { ((a, k), (a', k')) :
                ∃ E ∈ endorsements signed by (a, k),
                ∃ D ∈ declarations referenced by E,
                D declares (a', k') }
    Expand(expand, N)

Seed from the agent-declaration index referenced by the setting; then per depth select the highest-ratio non-primary path per endpoint, fetch its declarations/endorsements from peers, extend N, and expand ratios across the new edges.

• Lemma 1 — Ratio conservation. ∑p p.ratio ≤ 1 throughout. Each pubkey has bounded influence regardless of how many endorsements it issues.
• Lemma 2 — Bounded path set. At most one primary path per (a, k); |paths| ≤ 1 + |seed declarations| + |endorsements|. Linear, not combinatorial.
• Lemma 3 — Determinism. Same setting + same nanopublications ⇒ same paths, same per-key scores, same trust-state hash. Peers can mirror by hash.

⇒ Robust against Sybil cliques and fan-out flooding · efficient to compute · reproducible as a content-addressable artefact.

IDEBT10():
  MAX_DEPTH  ← 10
  MIN_RATIO  ← 10⁻¹⁰
  SELF_SHARE ← 0.1
  IDEBT()

Per-key score: sum of path ratios → quota clamped between MIN_QUOTA and MAX_QUOTA; approved if exactly one agent claims the key, contested otherwise.

Trust-state hash = SHA-256 of the canonicalised path set.

registry.knowledgepixels.com · 2026-05-04 · trust-state hash 4d07f8db…

Quantity	Value
Stored nanopublications	79,672
Distinct signers (agents)	616
Signer-key accounts (loaded / contested / skipped)	692 / 4 / 5
Trust paths (primary / extended)	772 (695 / 77)
Effective depth range	1–5
Accounts with a single trust path	656 / 692 (94.8%)
Total ratio mass over loaded accounts	0.104 (≪ 1.0 budget)

Decentralized capacity without a single funder:

• Open Registries serve the long tail of moderate publishers under generous default quotas
• Institutional / commercial publishers operate their own coverage-restricted Registry + Query, paying for the capacity they need
• Per-pubkey quota (bounded by Lemma 1) prevents any single key from monopolising open instances
• Same codebase serves both open and self-funded nodes — coverage is the only knob

• vs. OpenPGP web of trust — explicit, parameterised propagation rule
• vs. EigenTrust / TrustRank / Appleseed — bounded, deterministic, content-addressable trust state
• vs. IPFS / CT / Sigstore — same content-addressed integrity, at the granularity of signed RDF
• vs. DIDs / KERI / AT Protocol labellers — identity, content, and moderation in one substrate

A working, decentralized network of services for signed, queryable, trust-aware knowledge — humans and AI agents publish to and query from the same substrate.

Open, standards-based, and already running at pilot scale.

→ Read the paper draft

Questions?

• knowledgepixels.com
• w3id.org/knowledge-space
• nanopub.net