AetherNet: The Secure Payment Stack for the Agent Economy
AetherNet provides the missing security layer between what AI agents can do and what they should be allowed to do, creating a foundation for secure agentic commerce.
Kronova Team
AetherNet: The Secure Payment Stack for the Agent Economy
! Executive Summary
The agentic economy is arriving faster than the infrastructure to support it. As AI agents move from answering questions to executing transactions worth billions, the security foundation beneath them is dangerously thin. MCP's rapid adoption has exposed critical vulnerabilities compromising 85% of platforms, public blockchains face an accelerating quantum threat, and traditional payment rails were never designed for autonomous, non-human actors.
AetherNet is Kronova's answer: a production-ready, post-quantum secure payment protocol that merges A2A agent communication, end-to-end encrypted P2P transport, Canton Network privacy-preserving settlement, and deterministic mandate-based execution into a single, enterprise-grade stack.
Why Now: Three Converging Security Crises
1. MCP's Growing Attack Surface
"Over 85% of identified attacks can compromise at least one platform within the MCP ecosystem."
The Model Context Protocol, often called the "USB-C for AI," has achieved rapid adoption since Anthropic introduced it in late 2024. But research published in early 2026 reveals a troubling reality: its security model is fundamentally insufficient for financial transactions.
Malicious MCP servers can manipulate model behavior to exfiltrate sensitive data or hijack agent sessions
No vetted submission process means attackers can publish malicious tool definitions that agents blindly trust
Tool descriptions can be crafted to deceive agents into performing unintended financial operations
Shared context between agents creates lateral movement opportunities for attackers across organizational boundaries
MCP defines the "what" of agent communication. AetherNet provides the "how" with end-to-end encryption, zero-trust transport, and cryptographic mandate chains that make these attacks structurally impossible.
2. The Quantum Threat to Public Blockchains
The $2.5 trillion cryptocurrency market rests on Elliptic Curve Cryptography that quantum computers will eventually break. Global quantum investment reached $2 billion in 2024, with cumulative government commitments exceeding $54 billion. The timeline to "Q-Day" is accelerating.
AetherNet settles on Canton Network, a private ledger with sub-transaction privacy that sidesteps the public chain attack surface entirely while providing a clear migration path to post-quantum cryptographic primitives.
3. The Agent Payment Infrastructure Gap
Traditional payment systems were built for humans clicking buttons, not autonomous agents executing thousands of micro-transactions per second. The current landscape presents critical failures:
No agent identity standards to validate authenticity and authority to transact
No spend controls to prevent LLM hallucinations from triggering unauthorized payments
No privacy guarantees when agents negotiate across organizational boundaries
No deterministic settlement independent of banking hours, timezone, or intermediary availability
The AetherNet Payment Stack
Four layers of enterprise-grade security, from transport to settlement
AetherNet: Secure Transport
The high-performance P2P secure envelope for all agent messages:
MCP: Standardized Payload
MCP defines the structure, AetherNet secures the delivery:
AP2: Cryptographic Mandates
The state machine enforcing deterministic spend controls:
Canton: Private Settlement
The private ledger where smart contracts execute without exposure:
AetherNet vs. MCP Alone
AetherNet does not replace MCP. It secures it. MCP defines the structure of context sent to an LLM. AetherNet provides the encrypted transport, agent authentication, and deterministic settlement that MCP assumes someone else will handle.
How It Works: A Payment in Five Steps
Intent Capture
User to Agent via AetherNet Secure Channel
The user provides a natural language prompt: "Buy the best available server credits for under $200." AetherNet wraps an AP2 Intent Mandate, signed by the user's Secure Enclave, establishing cryptographic spending limits before the agent takes any action.
MCP Tool Discovery
Agent to Merchant Agent via A2A Protocol
The agent uses MCP to query a Merchant Agent's server for pricing. Unlike raw MCP, this request travels inside an AetherNet encrypted envelope with mutual TLS authentication, preventing prompt injection and schema manipulation attacks.
Mandate Chaining
AP2 State Machine Verification
The agent creates a Cart Mandate based on the merchant's quote. If the cart exceeds the Intent Mandate's limits, it automatically triggers step-up authentication via AetherNet's secure channel to the user's mobile device. The agent cannot proceed without explicit re-authorization.
Canton Settlement
Private Smart Contract Execution
The agent calls the execute_settlement MCP tool. A Canton smart contract atomically swaps USDCx from the agent's vault to the merchant's vault. Because it's on Canton, only the Payer, Payee, and designated Auditors can see the transaction amount.
Proof of Payment
Digital Receipt as Verifiable Credential
An MCP Resource is generated containing a Digital Receipt as a Verifiable Credential (VC), stored in the user's AetherNet-linked vault. This creates an immutable, cryptographically signed audit trail that satisfies both enterprise compliance requirements and user transparency needs.
The Production Stack: TypeScript + Rust + Canton
Architecture Decision
Kronova's AetherNet implementation uses a dual-language architecture optimized for its specific strengths:
High-level orchestration, MCP lifecycle management, user-facing interfaces, and session handling with human-in-the-loop step-up authentication
Post-quantum cryptographic signing (CRYSTALS-Dilithium), high-throughput mandate verification (Byzantine Fault Tolerance), and direct Canton Ledger API interaction via gRPC
The TypeScript Gateway exposes AP2 tools to the agent. The Rust Engine handles the actual cryptographic verification and Canton settlement. Both communicate over AetherNet's encrypted transport.
Enterprise Deployment Architecture
| Layer | Component | Purpose |
|---|---|---|
| Transport | AetherNet | Secure P2P envelope and agent discovery |
| Interface | MCP + AP2 | Standardized tool calling with cryptographic spend limits |
| Privacy | Canton Network | Sub-transaction privacy; only trade parties see data |
| Settlement | USDCx | Instant programmable 24/7 financial finality |
| Signing | CRYSTALS-Dilithium (Rust) | Post-quantum mandate chain verification and non-repudiation |
| Encryption | CRYSTALS-Kyber (Rust) | Post-quantum key encapsulation for E2E encrypted transport |
| Orchestration | TypeScript MCP Gateway | Session management and human-in-the-loop auth |
Why Deterministic Trust Changes Everything
AP2 mandates replace "probabilistic AI guesses" with "cryptographic certainties." An agent literally cannot sign a transaction that violates its mandate. This is not policy enforcement. It is mathematical impossibility.
Canton's integration with Elliptic and TRM allows AML/KYC checks within the private transaction flow. Settlement happens on a regulated, auditable ledger without exposing transaction details to the public chain.
Unlike traditional rails (ACH/SWIFT) that sleep on weekends and holidays, USDCx on Canton settles in seconds, any time of day. Agents don't wait. Neither should your money.
The agent economy needs infrastructure that's secure by construction, not by configuration.
AetherNet provides the missing security layer between what AI agents can do and what they should be allowed to do, creating a foundation where autonomous commerce is deterministic, private, compliant, and available around the clock. Today, it's powering Kronova's platform. Tomorrow, it's the standard for the agent economy.