KERI - Key Event Receipt Infrastructure

KERI (Key Event Receipt Infrastructure) is a groundbreaking decentralized identity system that operates without mandatory dependence on distributed ledgers. Its core innovation lies in the concept of ledger portability, allowing identifiers to remain sovereign and transferable across different infrastructures. The system is built around cryptographic self-certifying identifiers and utilizes Key Event Logs for maintaining verifiable records of identity-related events.

What sets KERI apart is its unique approach to key management and rotation through pre-rotation, a novel scheme that is designed to be post-quantum secure. The system supports ambient verification, meaning that any log can be cryptographically verified anywhere, anytime, by any party without requiring specific infrastructure.

The architecture emphasizes true decentralization through:

• Non-intertwined identifier trust bases
• Separable control over shared data
• Delegated identifiers for hierarchical management
• Event streaming compatibility for high performance

Key Technical Components:

1. Purpose and Scope

• Primary function as a decentralized key management infrastructure
• Supports both attestable key events and consensus-based verification
• Designed for GDPR compliance through data separation and erasure capabilities

2. Technical Specifications

• Built on hash-chained data structures
• Implements pre-rotation for key management
• Uses self-certifying identifiers
• Supports event sourcing architecture

3. Implementation Requirements

• No mandatory ledger dependency
• Supports hierarchical key management through delegation
• Compatible with event streaming systems
• Implements cryptographic verification mechanisms

4. Security Considerations

• Post-quantum secure key rotation mechanism
• Localized key security model
• Cryptographic verification at any point
• Independent trust bases for each identifier

5. Interoperability Features

• Ledger-agnostic design
• Portable identifiers across systems
• Compatible with existing event-based architectures
• Supports enterprise integration through delegation

6. Current Adoption Status

• Open source under Apache 2.0 license
• Working toward standardization through the IETF
• Designed for enterprise-scale implementations

"It's much easier to secure one's own keys well than to secure everyone else's internet computing infrastructure well"