Coherence Index: Behavioral Consistency
The Coherence Index (CI) works like a credit check — it asks not just “who are you?” but “does your behavior make physical sense?”
CI measures four dimensions of consistency: where you are, what you can do, when you act, and who you interact with. One inconsistency drags the whole score down.
↓ Try the coherence simulator below
Small drops in coherence should hurt more than linear — inconsistency breaks trust and creates ambiguity about which version of you is acting. So we square the coherence factor: Effective trust = T3 × CI². That way a 10% dip (CI = 0.9) only costs you about 19% of effective trust (0.9² = 0.81), but a 40% dip (CI = 0.6) costs you 64% (0.6² = 0.36). Your reputation matters — but only if your current behavior still looks like you. Why 2 specifically, and not 1.5 or 3? Like the 0.85 starting value below, it’s a calibration choice (not a derived constant): 2 is the power that produced this gentle middle — small dips forgiven, sustained ones compounded — where linear (× CI) forgives too much and cubing (× CI³) punishes routine variance too hard. Need a T3 refresher? See the Trust Tensor page.
CI scores whether your current behavior matches your established pattern. A brand-new account has no established pattern yet — so there’s no signal to match against. The starting value (~0.85) isn’t a penalty for being new; it’s the system being honest that it hasn’t had a chance to witness you yet. With CI 0.85, actions cost about 1.4× their base price — a real friction, but a temporary one.
A handful of consistent grounding events — same device, same hours, same patterns — typically lifts CI above 0.9, at which point the surcharge disappears entirely (costs return to the listed price). Sustained consistent behavior is what closes the gap, and it closes fast.
Why 0.85 specifically, and not 0.5 or 0.95? It’s a calibration choice (not a derived constant): the value presumes you’re probably consistent but unproven — high enough to reflect that most newcomers behave consistently from day one, low enough that the ~1.4× surcharge is actually felt. Scores below 0.85 are reserved for accounts where the system has witnessed inconsistency, not for accounts it simply hasn’t witnessed yet.
The framing matters: this isn’t “trust assumed by default, then taken away if you misbehave.” It’s the opposite — there’s nothing to assume yet, and the score climbs as the system actually sees you. You’re not being penalized; you just haven’t been witnessed yet.
The Key Insight
Traditional identity: Trust is binary (logged in = trusted, not logged in = untrusted)
Web4 identity: Trust is modulated by coherence (consistent behavior = full trust, incoherent behavior = trust severely limited)
What does CI feel like day-to-day?
Your normal Tuesday (CI ~0.97)
You wake up, check messages from your usual phone, post a coding tutorial from your desk at 10am. Everything matches your pattern — same device, same location, same hours, same topics. Full trust, normal costs, zero friction. High CI is invisible — it just means the system sees nothing unusual.
Vacation in Tokyo (CI dips to ~0.8 for a day)
You fly abroad. Your spatial pattern changes suddenly — CI dips. Actions cost a bit more ATP and one extra witness may be needed for big transactions. But your temporal and relational patterns stay consistent (same hours, same contacts, same topics), so the dip is mild. After a couple days, your new location stabilizes and CI recovers. It feels like using your credit card in a new country — a brief “is this really you?” moment, then normal service.
Account compromise (CI crashes to ~0.4)
That same account suddenly posts crypto spam at 3am from a different country. Content changed, timing changed, location changed — three dimensions flagged at once. Trust is throttled, extra witnesses required for any action. No human moderator needed. No ban. The system simply asks: “does this behavior make sense?”
The Problem: Identity Isn't Binary
Traditional Web: Binary Trust
- •Compromised credentials = full access - Attacker with stolen password looks identical to real user
- •No behavioral consistency checks - System can't detect impossible travel, capability changes, or temporal anomalies
- •Detection happens too late - Only after damage is done do fraud detection systems trigger
Web4: Coherence-Modulated Trust
- •Continuous coherence verification - Everygrounding (a periodic check-in where the device proves it's still the same device) verifies spatial, temporal, capability, and relational consistency
- •Trust modulation in real-time - Incoherent behavior immediately reduces effective trust, increases costs, and requires more witnesses
- •Attack becomes expensive - Faking coherence across all dimensions simultaneously is computationally and economically prohibitive
The Four Coherence Dimensions
Web4 measures coherence across four independent dimensions. All must be consistent for full trust access.
1. Spatial Coherence
Like noticing someone claims to be in Tokyo and Paris on the same afternoon
Question: Can this device actually be where it claims?
Detects:
- • Impossible travel (Tokyo → London in 30 min)
- • Hardware-specific velocity profiles (server = 0 km/h, mobile = 100 km/h)
- • Sudden location jumps without travel announcements
Mitigations: Travel announcements (+0.4), destination witnesses (+0.3)
2. Capability Coherence
Like a flip phone suddenly running supercomputer-level calculations
Question: Does this device have the capabilities it should?
Detects:
- • Unexpected capabilities (mobile with GPU cluster)
- • Capability changes without upgrade events
- • Hardware class mismatches (IoT sensor with 1TB RAM)
16% penalty per unexpected capability. Sudden changes require documented upgrades.
3. Temporal Coherence
Like an employee who vanishes for weeks, then suddenly resumes as if nothing happened
Question: Is this device's temporal behavior consistent?
Detects:
- • Broken continuity chains (missing hash links)
- • Unusual activity patterns (night activity for day device)
- • Time gaps without explanation
Continuity tokens link groundings (device check-ins). Broken chain = 0.3 CI penalty.
4. Relational Coherence
Like a stranger claiming to be best friends with everyone in the room
Question: Are this device's relationships consistent?
Detects:
- • Claiming relationships with entities never interacted with
- • Contradictory operational states
- • Relationship claims without witness validation
Validates grounding against existing interaction history and witnessed relationships.
Wait — isn't this surveillance?
Reasonable question. The four dimensions sound like a tracker following you around, but the checks are designed to run locally: your own device verifies its own continuity chain, the peers you've already interacted with confirm the relationships and capabilities they already know about, and evaluations stay within your Trust Neighborhood (MRH). There is no central server compiling a global behavior profile — CI catches deviations from what your own peers already see, not what a panopticon has logged. (Whether the eventual implementation lives up to that design is an honest open question.)
CI in Action: Two Real Scenarios
Now that you know the four dimensions, watch how they work together to catch threats that traditional security misses.
Scenario 1: Maria's Phone Gets Stolen
Maria lives in Madrid. Her phone is stolen at a café. Within 20 minutes, the thief tries to access Maria's Web4 account from the same city.
Result: Even though the thief has Maria's actual device in the same city, CI drops to 0.55 because temporal continuity is broken (device was powered off briefly) and relational patterns don't match (thief contacts different people, navigates unfamiliar apps). The society restricts access and demands extra verification.
Traditional security would see valid credentials on the correct device in the right city — and grant full access. CI catches what passwords can't.
Scenario 2: The Sophisticated Bot Farm
A bot operator creates 50 accounts, each with unique device fingerprints and realistic-looking profiles. They post content at human-like intervals and vary their writing style. On any single dimension, each account looks plausible.
Result: Despite sophisticated evasion, the bots fail on temporal coherence (activity bursts correlate across accounts — real humans don't synchronize) and relational coherence (no genuine relationships formed over time — all connections are shallow and recent). CI drops to 0.41, well below the 0.5 aliveness threshold.
Traditional anti-bot systems catch obvious patterns. CI catches incoherence — the gap between how a real person lives and how a bot pretends to.
Try It: Can You Stay Coherent?
Drag the sliders to simulate incoherent behavior. Watch how even one compromised dimension tanks your effective trust, inflates your ATP costs (ATP is the energy budget that powers every action), and demands extra witnesses. Try a preset scenario, then tweak individual dimensions.
Coherence Dimensions
Overall Coherence Index (CI)
1.000All four dimensions must be healthy — one failing dimension pulls your whole score down.
What's Happening?
Device exhibits consistent location patterns, expected capabilities, regular temporal activity, and coherent relationships. Full trust access.
Why One Low Dimension Tanks Everything
Security by Design
Web4 combines the four coherence dimensions so that one weak dimension drags down the entire score. This is a deliberate security choice:
▶Show the math: average vs geometric mean
❌ Simple Average (Insecure)
CI = (0.9 + 0.9 + 0.9 + 0.1) / 4 = 0.7
One dimension at 0.1 gets “averaged out” by the others. Attacker can ignore one dimension and still get decent CI.
✅ Web4's Approach (Secure)
CI = (0.9 × 0.9 × 0.9 × 0.1)^(1/4) = 0.52
One dimension at 0.1 tanks the entire CI. Attacker MUST fake coherence across ALL dimensions simultaneously.
Result: Attacks become exponentially harder. You can't just spoof location OR capabilities OR timing - you must maintain perfect coherence across all dimensions simultaneously, which is computationally and economically prohibitive.
▶Step-by-stepShow the step-by-step math (a realistic case)
Suppose Alice has three dimensions at 0.9 (strong) and one at 0.5 (weak — say, an unusual relational pattern). Here's what the geometric mean does with that:
One moderate weakness drops CI to 0.78 — a real penalty, but not catastrophic. The earlier 0.1 case (extreme weakness) drops it all the way to 0.52. That's the curve: 0.9 (perfect) → 0.78 (one moderate gap) → 0.52 (one extreme gap). No averaging hides the worst dimension.
▶Why is it called “coherence”?
In physics and biology, “coherence” means the parts of a system are aligned — moving together rather than working against each other. A coherent laser beam stays focused; a coherent heartbeat keeps rhythm; a coherent team pulls in the same direction.
Web4 borrows this idea: an entity with high coherence behaves consistently across space (where they act), time (when they act), capability (what they do), and relationships (who they interact with). When those dimensions align, the entity is trustworthy. When they suddenly misalign — like an account that was in New York and is now in Tokyo two hours later — something is wrong, and CI detects it.
Real-World Applications
Fraud Detection
Traditional: Reactive fraud detection after damage is done.
Web4: Proactive coherence checking prevents fraud before it happens. Stolen credentials can't bypass spatial, temporal, and relational coherence checks.
Example: Credit card stolen in New York. Thief tries to use it in Tokyo 2 hours later. CI tanks due to impossible travel, transaction blocked or requires massive additional witnesses.
Bot Detection
Traditional: CAPTCHA, rate limiting, behavior analysis (all gameable).
Web4: Bots struggle to maintain coherence across dimensions. Botnet from same datacenter? Spatial coherence fails. Sudden capability spike? Capability coherence fails.
Example: 1000 "users" all claiming to be mobile devices but with identical capability fingerprints and sequential IP addresses. CI drops to near-zero, society access denied.
Account Takeover
Traditional: Password reset = full access. Attacker indistinguishable from real user.
Web4: Even with valid credentials, attacker's device has broken temporal continuity (new device), different capabilities, and no relational history. CI flags this immediately.
Example: Phished password used from new device in different country. Temporal + spatial + relational coherence all fail. Society requires 6 additional witnesses or blocks access entirely.
Fake Identity Resistance
Traditional: One person creates many identities, hard to detect.
Web4: Each presence requires coherence across dimensions. Creating 100 fake presences means maintaining spatial, temporal, capability, and relational coherence for all 100 simultaneously - prohibitively expensive.
Example: Fake-presence attack on a voting system. Attacker creates 50 presences from same device. Capability + spatial coherence fails for 49 of them (all same location, same hardware fingerprint). CI drops below the trust threshold (0.5), identities rejected.
Integration with Web4 Foundations
Coherence Index works in concert with the other three Web4 foundational pillars:
CI + Identity Constellations (LCT)
How they work together: Each device in your identity constellation maintains its own CI. More devices with high CI = stronger overall identity trust.
Example: You have 3 devices (phone, laptop, FIDO2 key). If phone's CI drops (stolen and used from different location), other devices' high CI keeps your constellation intact. Stolen device's low CI prevents full access.
Learn more about identity constellations →CI + ATP Economics
How they work together: ATP is the energy budget every agent has — every action costs some. Low CI increases those costs (up to 10x). This makes incoherent behavior economically expensive, not just trust-limited.
Example: An attacker with stolen credentials (CI = 0.4) pays 6.25x more energy for every action. Their budget drains rapidly, making the attack unsustainable before it can do real damage.
Learn more about ATP economics →CI + Trust Tensors (T3)
How they work together: CI modulates effective trust. T3 = long-term reputation. CI = current consistency. Effective trust = T3 × CI².
Example: You have high T3 (0.9 across all dimensions from years of good behavior). Suddenly you ground from impossible location (CI = 0.3). Effective trust drops to 0.9 × 0.3² = 0.081 (8%). Your reputation is intact, but current access is severely limited until coherence recovers.
Learn more about trust tensors →▶ Technical Implementation
Where CI Lives in Web4
1. Grounding Events
Every time a device grounds (proves presence), Web4 calculates CI across all four dimensions. This happens continuously, not just at "login."
// Pseudocode: how a grounding check works
grounding_event = {
lct_id: device_lct, // which device
timestamp: now, // when
location: gps_coords, // where
capabilities: hardware_fingerprint,
continuity_token: hash(previous_grounding),
context: [recent_interactions] // who you've interacted with
}
ci = calculate_coherence(grounding_event, mrh_history)
effective_trust = base_trust * ci^2
atp_cost_multiplier = 1 / ci^22. Society Policies
Each society configures CI thresholds and modulation curves. Strict societies require higher CI, lenient societies are more forgiving.
// Society configuration
strict_society = {
min_ci_for_access: 0.8,
trust_modulation_exponent: 3, // ci^3 = steeper penalty
atp_cost_exponent: 2.5,
witness_scaling_factor: 15
}
lenient_society = {
min_ci_for_access: 0.5,
trust_modulation_exponent: 1.5, // ci^1.5 = gentler penalty
atp_cost_exponent: 1.8,
witness_scaling_factor: 5
}3. Reference Implementation
Web4's reference implementation (Python) is available in the Web4 repository:
- •
coherence.py(560 lines) - CI calculation across 4 dimensions - •
trust_tensors.py(330 lines) - CI modulation functions - •
test_coherence.py(337 lines) - 16 comprehensive tests - •
test_trust_tensors.py(280 lines) - 20 modulation tests
Key Takeaways
1. Trust Isn't Binary
Web4 treats trust as a continuous function modulated by real-time coherence, not a binary logged-in/logged-out state. This makes attacks exponentially harder.
2. Four Dimensions, One Weak Link
The scoring ensures that one low dimension tanks everything. Attackers must fake coherence across spatial, temporal, capability, AND relational dimensions simultaneously — prohibitively expensive.
3. Grounded in Real-World Patterns
CI isn't arbitrary — it's designed so that faking consistent behavior is always more expensive than genuinely having it. The design draws from how consistency works in biology and social systems.
4. Economic + Reputational Penalty
Low CI doesn't just limit trust — it increases ATP costs (up to 10x) and witness requirements (up to +8). Incoherent behavior becomes economically unsustainable.
Why so harsh? Mild penalties (2x) would barely slow an attacker with stolen credentials. The 1/CI² formula means penalties escalate sharply only when coherence drops below ~0.5 — normal users with occasional inconsistencies (CI 0.8) pay just 1.6x, while a stolen account (CI 0.3) pays 11x. The severity is targeted at the threat, not at regular users.
5. Continuous, Not Discrete
CI is calculated at every grounding event (not just "login"), and modulates trust in real-time. Coherent behavior = full access. Incoherent behavior = immediate limitation.
Common Questions
How is CI actually calculated? Who feeds in the data?+
CI is computed automatically from your behavior — no one “rates” you. Every time you perform an action in Web4 (post content, complete a task, interact with someone), the system updates your four coherence dimensions based on how that action compares to your established patterns.
Spatial = location plausibility. Is your physical location consistent with where you were recently? Impossible travel (New York at noon, Tokyo at 2pm) is a red flag. Normal travel is fine — a 14-hour flight causes a brief dip, then CI recovers. (VPNs and IP addresses don't affect it — spatial CI uses hardware-attested location.)
Capability = hardware plausibility. Can your device actually perform the actions being claimed? (Prevents credential theft — a stolen key on an unfamiliar device shows capability gaps.)
Temporal = activity continuity. Do you have stable patterns over time? (A sudden burst of 200 actions at 3am when you normally act during business hours flags a temporal anomaly.)
Relational = relationship history. Do you interact with your established network, or did you suddenly start transacting with 50 strangers? Your “established network” here means the entities your own device has recently interacted with — not a global social graph. There's no central registry of who knows whom; see the privacy question below.
The formula is the geometric mean (fourth root of the product) of all four dimensions. This means one bad dimension drags down the whole score — you can't compensate for suspicious spatial behavior by being temporally consistent.
How does the system know who's in my “established network”? Is the relationship graph public?+
No, the relationship graph is not public, and there is no global registry of who interacts with whom. Web4 is designed around local trust neighborhoods: your own device keeps track of your recent interactions, and it asks neighbors only about people relevant to a specific decision — not about your full social graph.
Where the data lives. The relational signal is computed from interaction history that already exists on your device (signed receipts of past exchanges, attestations from people you've transacted with). Nothing about your relationships needs to be uploaded for relational CI to work — your phone has enough context to flag “you've never talked to any of these 50 strangers before.”
What others see. Counterparties see the receipts you've chosen to share with them (e.g., a vouching attestation when you ask one). They don't see your wider contact list. Beyond your trust neighborhood (about 3 hops), there is structurally no view at all — the same locality that bounds the trust math is what bounds visibility.
Honest hedge. 4-Life is a research prototype. Storage formats and selective-disclosure mechanics are still being specified — the design intent above is the load-bearing claim, and it's reflected in current reference implementations. The privacy property follows from the architecture (local graphs, no global view), not from a promise we have to keep.
What about major life changes — career switch, illness, moving countries?+
CI is designed around the idea that gradual, genuine changes look different from suspicious ones. The key distinction is whether changes happen at human speed or impossible speed.
Career switch: You start posting about a new field instead of your old one. Capability CI might dip briefly (new tools, unfamiliar tasks), but spatial and temporal stay stable. Your relational CI shifts as you build new professional connections. Recovery: days to weeks, because the change is gradual and authentic.
Illness/recovery: Extended inactivity causes temporal CI to drift (your patterns changed), but everything else stays intact. When you return, temporal recovers as your new rhythm stabilizes. The system doesn't penalize absence — it just needs a few days to re-learn your patterns.
Moving countries: Spatial CI dips during the move (like the vacation scenario), then recovers once your new location stabilizes. Other dimensions are unaffected unless your entire social network and activity patterns also change simultaneously — which would be unusual even for a real move.
The core principle: real life changes affect one or two dimensions at a time. An attacker taking over your account affects all four at once — different device, different location, different timing, different contacts. That's what CI is actually designed to catch. Genuine life transitions look nothing like account compromise.
Does “spatial” mean location? Will traveling hurt my CI?+
Yes, spatial coherence involves physical location — specifically, whether your current location is plausible given where you were recently. It detects impossible travel (New York at noon, Tokyo at 2pm) and flags sudden location jumps.
Normal travel is fine. If you fly from New York to Tokyo over 14 hours, your spatial CI dips briefly (like a credit card's “unusual activity” check) then recovers within a day or two as your new location stabilizes. The system expects humans to move around — it's looking for physically impossible movement, not ordinary travel.
VPNs and IP addresses don't affect spatial CI — it relies on hardware-attested location from your device's secure element, not network addresses. Switching Wi-Fi networks changes nothing.
Explore More
How It Works
See how CI integrates with LCT, ATP, and T3 to create complete Web4 societies.
Society Simulator
Run simulations and see coherence, trust, and energy interact in real-time.
Identity Constellations
How multi-device identity strengthens CI and resists attacks.
Reference Implementation
Dive into the coherence.py and trust_tensors.py code on GitHub.
Groups Can Be Coherent Too
Everything on this page applies to individuals — but coherence also emerges at the group level. When several entities interact frequently with dense mutual trust, their collective behavior can become coherent as a unit. Web4 calls these emergent groups synthons.
You'll see how this works on the next page: Aliveness explores how coherence, trust, and energy determine whether an entity — individual or group — is considered "alive" in Web4.