Blog24 May 202611 min read
The five-dollar substrate
What a 2 Hz ESP32-C6 with no vault might mean for the agentic internet's lower deck
We have an ESP32-C6-WROOM-1 authenticating at 2 Hz over the public internet, every request a unique credential, no centralised vault behind it. $4.95 of silicon, Wi-Fi 6 on-die. This post is a deliberately speculative read on what that could mean for the substrate the agentic internet is about to be built on. The /compare-hardware-auth page is the factual side; this one is the horizon.
Speculative by design. The factual comparison lives at /compare-hardware-auth — that page is careful, footnoted, and marked honestly where EdSSA is still a demo rather than a shipping product. This post is the other half of the pair. It asks what the demo could mean if it scales. Treat every claim below as a horizon line, not a roadmap line.
We put an ESP32-C6-WROOM-1 on a desk. It cost us $4.95 on DigiKey, single quantity, no volume discount. It is not a special part — Espressif ships these in volume to people building smart light switches and air-quality sensors. Wi-Fi 6, BLE 5, and 802.15.4 are all on the same die; the cheap part is the same part you'd ship a million of. The thing on top of it is interesting, though. The board is authenticating to a server on the public internet twice a second. Every credential is unique. There is no shared secret on disk, no certificate to rotate, no relying-party public-key registry on the other end. The verifier is checking against a fleet oracle that holds no per-device secret either. If you copy the chip — flash dump, JTAG, side-channel attack, whatever — the copy authenticates exactly until the next 500 ms shuffle tick, and then it does not.
We have been describing this as a hardware milestone. It is one. But the more interesting reading is that the hardware is almost beside the point. What the demo proves is that the substrate — the thing underneath the application layer that says "you are who you say you are" — can run on commodity silicon at machine frequency without any of the architectural baggage authentication has accumulated over the last twenty-five years. No PKI hierarchy. No cloud KMS. No vault. No ceremony.
That is a small claim, technically. It is a large claim, structurally.
What the agentic internet is going to ask of its lower deck
The agentic-internet conversation in 2026 has been mostly about the top of the stack. Model context protocols, tool-use APIs, agent swarms, authorization schemes, the social and legal questions about what agents can and cannot do on a human's behalf. The bottom of the stack — the M2M authentication layer that says "this agent's request really came from this agent and not from someone replaying it" — gets a sentence in the architecture diagrams and then everyone moves on.
This is a mistake the next two years will make visible. Here is the shape of it.
An agent that books a meeting on your behalf might issue ten requests. An agent that monitors a hundred sensors for you might issue ten thousand. An agent that participates in a real-time market — energy spot, V2X micropayment, CBDC settlement, an MMO tick — might issue a million. The conversational front end is the small surface. The machine-to-machine back end is where the volume lives, and where the forgery target lives.
The authentication primitives the agentic internet inherited from the cloud-microservice era do not budget for this volume. OAuth client credentials assume a token refresh on the order of an hour. mTLS assumes a long-lived cert with periodic rotation. DPoP and request signing scale per-request but assume a public-key registry. All of these assume a control plane the agent can reliably reach to refresh, verify, or revoke. None of them were designed assuming the requesting party is itself a software agent operating at machine speed, possibly on a device the manufacturer has not been heard from in eight years.
The question the substrate has to answer, then, is: what does the floor of agent-to-agent trust look like when the agents are everywhere, the silicon is cheap, the network is partial, and the operational horizon is decades?
Our reading is that the floor cannot afford to be a vault.
What "no vault" buys you, if it scales
The factual claim — proven on the demo box, not yet at scale — is that EdSSA can run the authentication substrate without a centralised store of per-device secrets on either end. The speculative claim is what follows from that, if it generalises.
A drone fleet under jamming keeps authenticating. Today, a fleet that loses its uplink loses its ability to prove anything to anyone. The most common honest answer to "what does the drone authenticate against in a contested envelope?" is "nothing, and we hope for the best." A substrate with no phone-home requirement turns that into a non-question. The drone proves itself to its peers, in formation, with no central authority in the loop. We have a vertical for this (Drones & UAV) because the gap is operationally real today, not because the marketing felt good.
A satellite constellation needs archive-grade provenance for every inter-satellite link authentication. Modern multi-tenant constellations have minutes-to-hours between ground-station contacts. The CCSDS SDLS and IETF BPSec primitives verify each transit on receipt, and the ground-mediated KMS continues to operate — but the cryptographic evidence is consumed at receipt and what survives in the archive is the operator's internal log, which is not independently verifiable by payload tenants or by regulators years later. A substrate that bootstraps once, advances by one-way functions on a schedule, and produces an operator-independent provenance record for every authentication event fills that gap. (Satellite Constellations, Space Exploration.)
An industrial sensor with a 25-year operational lifetime authenticates in 2051. The certificate authority chain it was provisioned against in 2026 may not exist. The cloud account that managed its credentials may have been migrated through three acquisitions. The post-quantum primitives may have rotated twice. A substrate whose verification state lives in the device, not in a service the device depends on, does not care about any of this. (Industrial-Edge & Utilities, Critical Infrastructure.)
A pharmaceutical cold-chain shipment proves end-to-end custody without a custodian. Today, the cold-chain proof relies on a chain of cloud services run by carriers, brokers, and pharma operators. Each service is a trust party; each is also a single point of compromise. A substrate where each link in the chain proves itself cryptographically, without a custodian holding the master ledger, changes the audit question from "do we trust the custodian?" to "does the math check out?". (Pharmaceutical Cold-Chain, Specialised Couriers.)
A V2X micropayment between two vehicles settles in the moment. Today, vehicle-to-vehicle settlement (toll-sharing, charging, road priority) routes through one of a handful of clearing houses, because the alternative — a shared secret between two cars that have never met — has no good answer in PKI. A substrate where two devices that have never met can prove themselves to each other from a fleet oracle neither owns turns the clearing-house question into a settlement question, not a trust question. (Connected Vehicles V2X, Wholesale CBDC & Settlement, Trade Finance.)
A subsea autonomous vehicle authenticates to its mothership on an acoustic link with a few kilobits per second. mTLS handshake costs do not fit. EdSSA's credential can be also just bytes — continuously unique, not static kilobytes. The substrate budget matches the physical budget. (Subsea & Underwater.)
A medical implant authenticates to a clinician's reader for twenty years without needing a software update. The implant cannot phone home. It cannot rotate keys. It cannot be patched against a cloud service that no longer exists. The substrate has to last as long as the body does. (Implantable Medical Devices.)
A game with ten million concurrent agents — half of them bots run by humans, half of them bots run by other bots — proves who is who at match time, not at login time. The current model authenticates at session start and then trusts the session; the agentic-game model has to authenticate continuously, because the agent on the other end of the session may have been hijacked, traded, or replaced mid-match. A substrate that re-proves at 2 Hz absorbs this without a server-side fortress. (Gaming & Esports.)
Each of these is a vertical we already build for. The post is not that EdSSA invents these markets — the markets exist, and the operators in them have been working around the missing substrate for a decade. The post is that the same five-dollar piece of silicon, with the same protocol on it, addresses all of them, because the substrate is the common factor.
What the establishment got right
The temptation, writing a post like this, is to set fire to everything that came before. We are going to resist it, because it would be wrong.
PKI got something fundamental right: the idea that identity should be asserted by mathematics, not by ceremony. Vault-based authentication got something fundamental right: the idea that long-lived secrets in config files are a disaster, and the right answer is short-lived secrets brokered by an authority. FIDO2 got something fundamental right: the idea that human authentication should be hardware-backed and phishing-resistant, not based on what the user can type. mTLS got something fundamental right: the idea that authentication is mutual, and the server proving itself to the client is exactly as important as the other direction.
We use these primitives. EdSSA bootstraps under a post-quantum KEM and an aPAKE-shape exchange that owes a structural debt to the OPAQUE RFC (RFC 9807, finalised July 2025). The audit layer of EdSSA looks a lot like the transparency-log work the certificate-transparency community did in the 2010s. The hardware story on ESP32-C6 only works because Espressif's secure-boot and flash-encryption primitives are good enough that we do not need a separate secure element. We are standing on the work of a lot of people who got the lower deck mostly right.
What we think the establishment got wrong is a single architectural assumption: that the verifier must hold per-device state. PKI inherited it from the X.509 lineage. Vault inherited it from the secrets-manager lineage. FIDO2 inherited it from the relying-party lineage. The assumption is so deep in the field's grammar that the question "what if the verifier had no per-device state at all?" reads as a category error rather than as a design choice.
Our claim — and this is where we get speculative — is that removing that assumption is what the agentic internet's lower deck needs in order to scale. Not because the existing primitives are bad. Because the per-device-state assumption was a fine trade for a world with a hundred million devices and a Comodo, a DigiCert, a Let's Encrypt willing to hold the registry. It is not a fine trade for a world with a hundred billion agents firing requests at machine speed at each other.
What we have not proven
The careful page exists for this section to point at. We are running one fleet on a Hetzner CX32 at demo.edssa.io. YubiKey ships in millions. ATECC608 ships in tens of millions. Automotive KeeLoq variants ship in hundreds of millions. The shipping asymmetry is real, and pretending otherwise would be silly.
We have not deployed against an adversarial red team yet. We have not been through an independent academic security review yet. The patent is pending. The WebAuthn auth for the operator panel is not built. We have a long list of "[~] deferred, with reason" items in the public roadmap precisely because we believe the only way to build a substrate people will eventually trust with the agentic internet is to ship honestly and let the deferrals stay visible.
What we have proven is that the architectural shape is real. The demo runs. The numbers in the Phase 0 + Phase 1 milestone post are reproducible. The /compare-hardware-auth table is honest about where every column sits today, including ours.
The horizon
If we are right about the shape — and we may not be, which is the discipline of saying "speculative" at the top — the next decade of the agentic internet asks for a substrate with four properties:
- Cheap enough to put under everything. A sub-five-dollar BOM — $4.95 for the WROOM-1 single-quantity, less at volume — means the substrate goes into the cold-chain sticker, the V2X module, the subsea relay, the implanted reader, the desk fan that needs to authenticate to your home agent. Not just the YubiKey-class premium endpoints.
- Vault-less by design. Because the verifier-side state is the thing the next decade's compromises target, and because the operational realities (jamming, orbits, decades, partial network) do not admit a vault.
- Per-request unique at machine frequency. Because the agent issuing the requests is itself a machine, and "authenticate once, trust the session" was a human-era assumption.
- Cryptographic quality at the intended forgery probability, not the convenient one. Because the rolling-code lineage has spent forty years proving what happens when you trade quality for convenience at scale.
A substrate that does all four lets the agentic internet's interesting arguments — the ones about capabilities, policy, what agents are allowed to do for humans — happen above the substrate, rather than being pinned to whatever the lower deck happens to make easy.
That is the bet. The five-dollar ESP32-C6 on our desk is the smallest plausible piece of evidence for it. The factual page next door is the careful version. This post is the speculative version, and we wrote it on purpose, because somebody has to be willing to say what the demo might mean.
If you are building an agent stack, a fleet, a constellation, a clearing layer, a cold-chain, an implant reader, a game economy — anything where the M2M layer is the load-bearing part rather than the afterthought — and the horizon above lands somewhere in your problem space, we want to talk.
The author of this post is Tomas Westerholm, founder of EdSSA Oy (Helsinki). The factual companion is /compare-hardware-auth. The Phase 0 + Phase 1 milestone post with the actual numbers is here. Disagreements, corrections, and challenges welcome at contact@edssa.io — we read all of them.