Vouchsafe: A Zero-Infrastructure Capability Graph Model for Offline Identity and Trust

Modern identity and trust systems collapse in the environments where they are needed most: disaster zones, disconnected or damaged networks, and adversarial conditions such as censorship or infrastructure interference. These systems depend on functioning networks to reach online authorities, resolvers, directories, and revocation services, leaving trust unverifiable whenever communication is unavailable or untrusted. This work demonstrates that secure identity and trust are possible without such infrastructure. We introduce the Zero-Infrastructure Capability Graph (ZI-CG), a model showing that identity, delegation, and revocation can be represented as self-contained, signed statements whose validity is determined entirely by local, deterministic evaluation. We further present Vouchsafe, a complete working instantiation of this model built using widely deployed primitives including Ed25519, SHA-256, and structured JSON Web Tokens, requiring no new cryptography or online services. The results show that a practical, offline-verifiable trust substrate can be constructed today using only the cryptographic data presented at evaluation time.