SIGNET
signed in silicon.

a hardware root of trust for robots. the private key is born in the chip and never leaves it.

sign. anchor. verify.
status · concept · hardware bring-up
// WHAT IT IS

a secure element on a usb-cdc dongle. it plugs into a robot's onboard compute (jetson, raspberry pi) and signs every execution payload in hardware. the key is generated inside the element and never leaves the chip. the host never holds it.

// THE PRIMITIVE
// SIGNET — HARDWARE ROOT OF TRUSTRANGE · BASE · ERC-7777REV · 00 · CONCEPT@RESEARCHSYNTH · RSYNTH.AIUSB-CDC0x…SIG0x…TXPAYLOADrobot action+ outcomeCANONICAL BYTESSIGNeip-191secp256k1NXP SE050EANCHORExecutionLogon baseBASE L2VERIFYrecover signer= agent_idERC-8004

robot action → hardware signature → on-chain anchor → verifiable proof.

erc-7777 specs a robot secure element: on-chain pubkey, challenge-response. drafted. unshipped in hardware. this is that hardware.

// VERIFY
recover the signer of a signed execution record. in your browser. no server, no chain call.
payloadrobot.move · ep#4417 · ok
signature0x2271…461c
schemeeip-191 · secp256k1

sample record · pre-silicon. the production signer is the on-chip key — this proves the verify path, not the hardware.

// BRING-UP · BENCH V0

bench v0. the chip-independent leg is closed — the host signs byte-for-byte with the sdk today. the secure element is the last mile before the dongle.

hostesp32-s3 devkit · n16r8on hand
secure elementnxp se050e · om-se050ard-ein transit · eta 06-30
interfacei2c · secp256k1 native
host paritybyte-for-byte vs python sdkclosed
softwareplug-and-trust vendoredzero blockers
nextwire · flash · provenancefirst on-chip signature
// REF.SPEC
designation
signet.0
class
secure element
form
usb-cdc dongle
element
nxp se050e
curve
secp256k1
scheme
eip-191
host
jetson · pi
network
base mainnet
standard
erc-7777 (draft)
// SAMPLE
signed execution record (schematic)
{
  "payload":  "robot.move · ep#4417 · ok",
  "hash":     "0x1582…8343",
  "curve":    "secp256k1",
  "scheme":   "eip-191",
  "sig":      "0x2271…461c",
  "signer":   "0x19E7…ff2A",
  "anchor":   "0xd5A9…1a1c",
  "tx":       "0x0b27…cae7",
  "ts":       "2026-06-02T08:14:55Z"
}
erc-7777 challenge-response (schematic)
host    → challenge   nonce  = 0x7af3…91d0
signet  → attest      sig    = 0x9c4e…2b71
signet  → present     pub    = 0x04c1…be22
host    → recover     signer = 0x19E7…ff2A
host    → resolve      erc-8004 → agent_id #10311
──────────────────────────────────────────────
ok. on-chip key. matches on-chain pubkey.
// SCOPE
closes · key custody
the key signed it, and the key never left the chip. the signature proves which key signed.
open · data provenance
nothing here proves the payload matches what physically happened. that is the oracle problem.

the signature attests the signer, not the truth of the claim. the oracle problem is out of scope.