Key Management for Autonomous AI Agents with Crypto Wallets
2025-01-13 11:43:58

From ethresearch by jieyilong

Autonomous AI Agents equipped with crypto wallets are attracting growing attention due to their capability to interact directly with blockchains and smart contracts. These agents can perform a variety of tasks, including sending and receiving tokens, calling smart contracts, and even writing and deploying smart contracts on-chain. Unlike traditional systems, these autonomous AI agents are proactive, capable of making independent decisions without direct human intervention. An example is an autonomous crypto trading agent which leverages sophisticated deep learning algorithms to execute trades by interacting with on-chain DEXes. In this scenario, a user might provide the agent with an initial fund and delegate trading decisions entirely to the agent, aiming for long-term profitability. This hands-off approach, powered by the agent’s ability to analyze market trends and execute trades autonomously, exemplifies the transformative potential of combining AI and crypto in decentralized finance (DeFi) and beyond.

To enable these promising capabilities, an AI Agent needs to possess a private key to initiate blockchain transactions. If the agent runs in a local device, such as a smartphone or a laptop, managing the private key becomes relatively straightforward. However, AI Agents often require substantial computational resources — for example, to run advanced large language models (LLMs) — making this simple design impractical for many use cases. To help address this challenge, below we informally define the problem:

Problem definition: A user seeks to deploy an autonomous AI Agent that proactively acts on their behalf. The user provides the Agent with a private key which enables direct or indirect access to valuable on-chain crypto assets. Due to the significant computational demands of the Agent — such as running advanced deep learning models or performing resource-intensive tasks — it may need to operate in a potentially adversarial environment, such as a remote server. The challenge is to design a system such that, even in the event of a server compromise, the crypto assets accessible through the private key remain secure.

Below we sketch a few possible approaches to tackle to the above problem:

  1. TEE based: The first approach involves the user securely storing the Agent’s private key within a Trusted Execution Environment (TEE) and executing the entire AI Agent code inside the TEE. Provided the TEE remains uncompromised, adversaries would be unable to either alter the Agent’s code or extract the private key. However, while TEEs are designed to be secure, they could still be susceptible to sophisticated attacks targeting specific vulnerabilities in their implementation. Additionally, the use of TEEs may introduce performance overhead, as running code within the protected environment can be slower compared to execution outside of it.