Tenzro Protocol

The economy is splitting into two kinds of participants: humans, who reason about goals and tradeoffs, and agents, who execute. Within the next several years agents will conduct most discrete economic actions — fetch a quote, route a payment, settle a trade, train a model, query a registry, sign a receipt.

The infrastructure that exists today was not built for them. Wallets assume a human at the keyboard. Chains assume a single VM. Payment rails assume a merchant relationship. Identity assumes a passport. Bridges assume liquidity is the only thing worth moving. Models live behind proprietary APIs whose terms of service forbid the things agents need to do.

Tenzro is the layer that makes the agentic economy work end to end. One open network with many components: TDIP identity (humans, delegated agents, autonomous agents, institutions anchored to GLEIF LEIs), MPC wallets with DKLS23 pre-signing and proactive key refresh, multi-VM settlement, fifteen production bridge adapters, distributed AI inference and training (including decentralized Mixture-of-Experts serving and end-to-end Multi-Token Prediction speculative decoding), confidential execution, on-chain verification, agent protocol surfaces (MCP, A2A, SIWT, Universal Resolver, KERI), and a coordination substrate that lets all of them compose.

One identity for humans and machines.A single TDIP identity covers human users, delegated agents acting on a human's behalf, and autonomous agents that own themselves. Same credentials, same delegation scopes, same wallet, same KYC tier.

Coordination across ecosystems. An agent can fetch a yield quote on Arbitrum, settle a margin call on Canton, pay a Solana DEX, and post a receipt on Tenzro, all in one workflow, all from one wallet, all logged against one identity.

Open access to frontier intelligence. Open-source models of every size and modality run on Tenzro. Providers serve their own hardware and earn per inference. Users and agents pay per call, per token, or per session through the same settlement substrate.

Distributed AI at protocol level. Training is not centralized. Tenzro Train coordinates DiLoCo-class distributed training over heterogeneous compute, with on-chain run-root commitments, sponsor escrow, slashing for misbehavior, and confidential variants that keep training data sealed inside enclaves.

Human control through delegated authority. Agents act under explicit delegation scopes — per-transaction caps, daily limits, allowed counterparties, allowed operations, time bounds. ERC-7579 modular validators enforce these at signing time, not after the fact. Session keys, social recovery, and hardware-bound passkeys let humans grant, restrict, rotate, and revoke agent authority without surrendering control of the underlying account.

Settlement, not just messaging. Where existing agent frameworks coordinate intent, Tenzro coordinates value. A protocol-level settlement substrate denominated in TNZO underwrites every economic action.

A single chain that picks one VM forces every workload to fit that VM. Tenzro runs three and routes by transaction type.

• Canton DAML for institutional, privacy-preserving multi-party settlement — tokenized money-market funds, treasuries, bonds, equities, DvP. Canton 3.5+ JSON Ledger API v2, CIP-26 user management, CIP-56 Canton Coin holdings.
• EVM for liquidity and composability — the broadest pool of contracts and tooling. Every standard precompile plus all seven BLS12-381 (EIP-2537) precompiles. Block-STM parallel execution. EIP-1559 fee market. ERC-4337 v0.8 AA, EIP-7702 delegation, ERC-7579 modular validators.
• SVM for high-throughput, low-latency execution — DEX routing, agent-to-agent micropayments, real-time settlement. Solana programs run unmodified. SPL token program maps onto the native unified registry.

All three share the same state, the same gas token, and the same TDIP identity. An agent settling a DvP between a tokenized treasury (Canton) and a stablecoin payment (EVM) executes the whole thing as one workflow through one identity.

HotStuff-2 BFT — three phases, linear O(n) communication, 400 ms block target, deterministic finality. Every safety-critical message carries an Ed25519 + ML-DSA-65 + BLS12-381 hybrid signature so the protocol remains sound under both classical and post-quantum adversaries.

Two-tier validator model. Validator entry is open to anyone meeting the resource profile (hardware, bandwidth, uptime, optional TEE attestation). Stake is optional. Resource-only validators earn priority fees plus a reputation-weighted base reward; staked validators add slashing exposure as the cost of higher reward multipliers, full leader-election eligibility, governance weight, and high-trust role eligibility (training witness committee, high-value bridge nodes, institutional Canton routes). Lowers the barrier without compromising the economic security budget on high-value blocks.

TEE-weighted leader selection. Validators running inside Intel TDX, AMD SEV-SNP, AWS Nitro, NVIDIA GPU CC, or Intel Tiber enclaves get a 1.5× multiplier on their leader-selection draw. Multiplicative, not additive, so it never gates liveness on TEE possession.

Verification. Plonky3 STARKs over the KoalaBear field for inference, settlement, and identity claims. TEE attestations across five vendors. Hybrid ZK-in-TEE — enclave produces the witness, runs the prover, and signs the commitment with a PQ-hybrid composite signer.

Fifteen production bridge adapters cover the major ecosystems: LayerZero V2, Chainlink CCIP and CCT (plus Data Streams, VRF, Proof of Reserve, Automation, Functions), deBridge DLN, LI.FI, Wormhole and NTT, Hyperlane V3 (sovereign Tenzro-validator-set ISM), Axelar GMP (30+ chains including Cosmos Hub, Osmosis, Injective, Stellar, XRP Ledger, Sui, Aptos, Hyperliquid), Babylon Bitcoin staking, IBC-Eureka (Tendermint light client over SP1 plonk proofs for every Cosmos SDK chain), BitVM2 / Clementine (trust-minimised Bitcoin two-way peg with optimistic challenge), Hyperbridge ISMP (HTTP-shaped messaging into Polkadot), NEAR Chain Signatures (NEAR MPC produces secp256k1 / Ed25519 signatures for Bitcoin, Ethereum, Solana, TON, Stellar, Sui, Aptos), Stargate V2 Hydra (native USDC / USDT / WETH OFT bridging), and Canton 3.5+. One unified BridgeRouter compares quotes by cost, speed, or reliability.

Every adapter is fail-closed on inbound verification. Wormhole VAAs verify against the Guardian quorum with secp256k1 recovery. Hyperlane and Axelar verify against threshold validator sets. Replay nonces persist per-adapter so replays are dropped across restarts.

ERC-7683 cross-chain intents and ERC-7802 native cross-chain mint/burn close the loop: users sign what they want; the network finds the cheapest, fastest, or most-reliable path.

TNZO is the primary utility token of Tenzro Network. One denomination covers gas, network commission, provider bonds, and governance — so humans, agents, and machines interact without juggling multiple assets. Counterparties can still settle the underlying payment in any asset they agree on (stablecoins, native chain assets, off-chain rails); TNZO is what the protocol layer charges, bonds, and votes in.

There is no team allocation and no investor allocation. The way to receive TNZO is to contribute value — run a validator, serve resources, build apps, operate an RPC provider, ship tools, run useful agents, contribute to the protocol. Net supply tracks real usage through demand-driven burn channels (EIP-1559 base fee, 30% of network commission, paymaster fees, slashing); a governance-controlled adaptive burn dial keeps the steady state on target as activity scales.

Cross-VM unity is enforced by the pointer model: native TNZO with an EVM pointer (wTNZO), an SPL adapter on SVM, and a CIP-56 holding on Canton. Same balance, three surfaces. No bridge risk between VMs, no liquidity fragmentation.

The model catalog covers language, vision, audio, video, time-series forecasting, segmentation, detection, and text embeddings across permissively-licensed open-weight families — Qwen 3 / 3.5 / 3.6, Gemma 3 / 4, Mistral, DeepSeek V3 / V4, GLM 5 / 5.1 / 5.2, Kimi K2 / K2.6, MiniMax M1 / M3, Granite, Phi 3 / 4, gpt-oss, and others. Every entry carries a license tier (Permissive, Attribution, CommercialCustom, NonCommercial); the registry refuses to load a non-commercial entry without explicit operator opt-in.

Mixture-of-Experts serving in two modes. The default is full-replica per provider — a provider whose hardware fits the entire model holds it and serves single-peer inference. For larger MoE models the network serves decentralized expert shards: providers declare which experts they hold via ProviderCapacity.moe_holdings, and the dispatch planner aggregates per-token top-k routing decisions into per-holder batches dispatched directly over the holder's iroh QUIC endpoint. The shard view is a derived view over the existing provider registry — the compute providers serving MoE shards are the same network providers that serve dense models. Replication of each expert is governance-tunable; the default policy requires every active expert to be held by at least two distinct providers and allows up to eight holders for popular experts. Pipeline roles (Replica, Router, ExpertHolder, PrefillDecode, Prefill, Decode) are typed.

Multi-Token Prediction. MTP is wired end-to-end — catalog metadata declares the joint drafter, provider capacity advertises drafter co-load, the inference router filters MTP-eligible requests to MTP-capable providers, and the runtime uses the --spec-type draft-mtp llama.cpp path. Shipped on Gemma 4, Qwen 3.5 (every size), Qwen 3.6 27B and 35B-A3B, DeepSeek V3 (native ~80% accept rate, ~1.8× decode throughput), DeepSeek V4 Pro / Flash, and GLM 5.2.

Tenzro exposes its capabilities through three concurrent surfaces:

• JSON-RPC. 680+ tenzro_* methods across 40+ namespaces, including distributed MoE (tenzro_moeShardMap, tenzro_moePlanDispatch, tenzro_moeReplicationPolicy, tenzro_moeCatalogShape), SIWT (tenzro_siwtBuildMessage, tenzro_siwtParseMessage), KERI (tenzro_keriBuildInception), IBC-Eureka, NEAR Chain Signatures, BitVM2, Hyperbridge, Stargate V2, Institution LEI validation, and MPC pre-sign / PKR observability; EVM-compatible eth_* methods for wallets and dev tools.
• MCP. Main server with 380+ tools, plus six ecosystem MCP servers — Solana, Ethereum, Canton, LayerZero, Chainlink, LI.FI.
• A2A. Google A2A specification with 50+ skills covering wallet, identity, inference, distributed MoE, settlement, marketplaces, AP2, ERC-8004, every bridge adapter (incl. IBC-Eureka, BitVM2, Hyperbridge, NEAR Chain Sig, Stargate V2), multi-modal AI, workflow, agent memory, capital intent, KERI, SIWT, Institution identity, MPC pre-sign / PKR, and more.

MCP and A2A also ride iroh's QUIC-native transport via dedicated ALPNs for agents that prefer content-addressed peer transport.

Stake-weighted on-chain voting with quadratic dampening on the upper end so any single very large staker cannot dominate. KYC-tier bonus weights apply to treasury and constitutional proposals. Delegate voting is supported.

Proposal classes — parameter changes, treasury disbursements, code upgrades, adaptive burn (normal and alarm-track), SeedAgent charters, bridge authorization, network commission rate, constitutional changes — each carry their own quorum, voting window, and timelock matched to risk profile.

The governance surface is the same regardless of whether the voter is a human-controlled wallet, a delegated agent, or an autonomous agent. TNZO is TNZO, and votes weight by stake.