Glossary

A

Agent — An autonomous software entity that runs payments under Oris. Registered with an agent_id, bound to a DID, gated by a KYA level.

Agent DID — did:ethr:<chain_id>:<address>. The canonical identifier for an agent across every chain.

Anchor — A Merkle root commit on chain. Every hour the L7 audit log anchors. Every minute the L2 policy registry anchors. Every flush cycle the L5 revocation registry anchors.

Attestation — A signed assertion. Examples: Veris compliance attestation (L3), KYB attestation (L1), user delegation (L2).

B

BLS12-377 — The pairing-friendly curve used by the Veris MPC ring for L3 attestation signatures. Chosen for ZK-friendliness in the L4 v2 circuit.

Bundle — Short for Compliance Bundle. The 1.5 KB payload that ships with every agent payment.

BYOK — Bring Your Own Key. The custody model where Oris holds encrypted provider credentials but funds never leave the developer’s provider.

C

Canonical bytes — The deterministic byte encoding of a Compliance Bundle. The 196-byte public input is the prefix; the proof follows.

Compliance Bundle — See L4 Bundle.

D

DEK — Data Encryption Key. Per-developer AES-256-GCM key in the BYOK envelope encryption scheme.

Drift score — Behavioral deviation from baseline, measured in basis points. Computed by L3 Veris.

E

Ed25519 — The signature scheme used by the L4 bundle (v1), the L6 verifier, and the developer’s authenticated requests.

Envelope encryption — The two-layer encryption pattern used by BYOK custody and the sealed envelope.

F

v1 / v2 — L4 proof type phases. v1 is Ed25519 (live). v2 will introduce ZK proofs without changing the wire format.

K

KEK — Key Encryption Key. The Vault Transit key that wraps each developer’s DEK in the BYOK scheme.

KYA — Know Your Agent. The five-level identity hierarchy that gates every Oris payment.

KYB — Know Your Business. The developer’s corporate verification record. Carried as an attestation to promote agents to L1.

L

L1 through L8 — The eight architectural layers of the Oris Trust and Compliance Protocol. See protocol overview.

M

MPC ring — A threshold-signing group. Oris MPC ring signs L2/L4/L5. Veris MPC ring signs L3 attestations.

O

OTCP — Oris Trust and Compliance Protocol. The full eight-layer system.

P

Policy root — The Merkle root of all active policies for a tenant. Committed on chain to L2 every minute.

Proof type — One byte on every bundle. 0x01 Ed25519 (v1), 0x02 SP1, 0x03 Halo2 (v2 candidates).

R

Revocation witness — A non-membership proof from the L5 IMT. Proves a party is not revoked at bundle time.

S

SAR — Suspicious Activity Report. Required under BSA when amount, risk tier, or sanctions match trigger.

Sealed envelope — AGE-encrypted disclosure stored on every audit row. Unsealable only with regulator quorum.

T

Tier 1 / Tier 2 — Two revocation cadences. Tier 1 flushes every second (sanctions). Tier 2 flushes every five minutes (behavioral drift).

V

Verdict — The L6 verifier’s signed allow or deny response. Carries reason_code, bundle_hash, and verifier_signature.

Veris — The compliance engine that produces L3 attestations. Separate product, separate MPC ring.

Where to go next

• Protocol overview for the architectural ladder.
• FAQ for common questions.
• Errors for the error code catalogue.