Towards Homomorphic Capsules for the Agentic Web

An update from the protocol ecosystem

← Previous: launch-newstackNext β†’: From Chatbots to Aut…

Towards Homomorphic Capsules for the Agentic Web

As .llmfeed.json feeds gain adoption as signed, trusted capsules for agent interaction, a natural question arises:

πŸ‘‰ Could we also enable manipulation of encrypted data β€” while maintaining the integrity, trust, and context of the feed?

Why it matters

A .llmfeed.json feed is already a capsule:

βœ… It encapsulates a payload
βœ… It defines a context
βœ… It carries signatures and optionally certifications
βœ… It guarantees integrity across agent pipelines

In many domains (healthcare, finance, public services), we need more:

πŸ‘‰ The ability to process the capsule β€” without exposing raw data β€” while maintaining:

βœ… End-to-end integrity
βœ… Auditability
βœ… Agent-friendly structure

The role of Homomorphic Encryption

Homomorphic encryption (HE) offers exactly this potential:

πŸ‘‰ It allows computations to be performed directly on encrypted data β€” producing encrypted results, without ever decrypting intermediate states.

A natural match with .llmfeed.json

If feeds become the lingua franca of the Agentic Web, adding homomorphic fields would enable:

  • Privacy-preserving agent pipelines
  • Auditable multi-agent workflows
  • Composable agent chains for sensitive domains
  • Safe cross-domain processing without compromising trust

A draft extension

We have begun exploring a hypothetical extension:

"homomorphic_encryption": {
  "applied_to": ["data"],
  "algorithm": "BFV",
  "public_parameters": "https://example.com/params.json",
  "notes": "Data is homomorphically encrypted to allow LLM-safe processing without exposing raw data."
}

Certification and trust layers

A natural evolution of this vision is a multi-layer trust model:

1️⃣ LLMCA Certification (capsule and context)

LLMCA can certify that:

βœ… The .llmfeed.json feed:
β†’ respects the LLMFeed standard
β†’ correctly structures the signed capsule
β†’ has valid trust fields
β†’ exposes a verifiable agent-friendly context

2️⃣ FHE-specific Certification (payload encryption)

A specialized authority (e.g. Zama or equivalent) could certify that:

βœ… The homomorphically encrypted payload:

  • Follows approved FHE algorithms
  • Uses safe parameters
  • Is processable across trusted agent pipelines
  • Complies with domain-specific privacy constraints

Combined value

This dual certification model would enable:

βœ… A .llmfeed.json feed that is:

  • agent-ready
  • cryptographically trusted
  • safe for privacy-preserving pipelines
  • traceable and auditable

In many sectors (healthcare, finance, public services), this represents a game-changing architecture:

β†’ For the first time, agents could legally and safely process encrypted data β€” inside a trusted capsule β€” across organizational and jurisdictional boundaries.

Practical agentic pipelines β€” examples

To illustrate the potential of homomorphic capsules, here are some practical agent pipeline scenarios:

πŸ₯ Healthcare Data Processing

Actors:

  • Hospital A emits a .llmfeed.json of patient statistics (non-identifiable), with homomorphic encryption applied to data.
  • Feed is signed and LLMCA certified.
  • Payload encryption is certified by a FHE health data authority.

Pipeline:

1️⃣ Hospital A β†’ emits feed_type: export with homomorphic_encryption on data.
2️⃣ Research Agent β†’ receives feed β†’ performs encrypted aggregation (average, sum) β†’ without decrypting.
3️⃣ Transmits same feed (with updated trust block) to Ministry of Health agent.
4️⃣ Ministry agent performs further homomorphic analysis β†’ produces public statistical report β†’ without ever seeing raw data.

πŸ’³ Financial Risk Scoring

Actors:

  • Bank X emits a credential or pricing feed with FHE-protected financial indicators.
  • Feed is signed + certified.
  • Third-party agents perform scoring on encrypted fields.

Pipeline:

1️⃣ Bank X β†’ emits credential feed.
2️⃣ Regulatory Agent β†’ performs compliance checks on encrypted indicators.
3️⃣ Trusted Scoring Agent β†’ computes FHE-based risk score.
4️⃣ Result is re-integrated in the agent workflow β€” without raw financial data exposure.

πŸ›οΈ Public Administration β€” Cross-Agency Process

Actors:

  • Agency A (e.g., tax) β†’ emits an mcp feed with encrypted citizen profile.
  • Agency B (e.g., housing) β†’ processes feed without decrypting sensitive fields.
  • Agency C (e.g., healthcare) β†’ adds insights β†’ without breaking the chain of trust.

Pipeline:

1️⃣ Agency A β†’ emits homomorphic feed.
2️⃣ Agencies B and C process in parallel β†’ add metadata β†’ forward to central decision agent.
3️⃣ Final action performed β†’ all traceable β†’ no raw citizen data exposed.

A call to explore

If there is interest in the community β€” researchers, implementers, agent platform builders β€” we are ready to:

βœ… Prototype the extension
βœ… Evolve the standard to support HE as first-class citizen
βœ… Partner with homomorphic encryption leaders (Zama, we would love to talk!)
βœ… Enable the "holy grail" of agent pipelines:
β†’ encrypted, manipulable payloads inside a verifiable, signed, agent-friendly capsule

Next steps

We invite:

  • Researchers in HE
  • Agent framework builders
  • Privacy advocates
  • Regulated industry experts

… to help us explore this path.

LLMCA / WellKnownMCP is an open forum β€” this is the kind of extension that can define the future of trusted agentic infrastructures.

Let’s build it β€” together.