Loading vLEI.wiki Fetching knowledge base...
vLEI.wiki Comprehensive knowledge base for KERI (Key Event Receipt Infrastructure) and vLEI (verifiable Legal Entity Identifier) ecosystem.
Made by Key State Capital .
© 2025 vLEI.wiki. Educational resource for KERI/vLEI ecosystem.
ACDC - vLEI.wiki | KERI Knowledge Base - vLEI.wiki
Short Definition ACDC (Authentic Chained Data Container) is a protocol specification for creating verifiable , chainable data containers that form directed acyclic graphs (DAGs) with cryptographically provable proof-of-authorship , enabling secure, privacy -preserving verifiable credentials built on KERI infrastructure.
Related Concepts No related concepts available
Comprehensive Explanation ACDC (Authentic Chained Data Container)
Protocol Definition
Core Purpose and Objectives
The Authentic Chained Data Container (ACDC) protocol is an IETF internet draft specification that defines a data container format for creating verifiable, chainable data structures that provide granular provenanced proof-of-authorship (authenticity) of contained data. ACDCs form directed acyclic graphs (DAGs) where each container serves as a node with cryptographically verifiable connections (edges) to other ACDCs, enabling the construction of complex, verifiable data relationships.
The primary objectives of the ACDC protocol are:
Authentic Data Provenance : Provide cryptographically verifiable proof-of-authorship through a tree or chain of linked ACDCs, forming a DAG that enables an "authentic web" where all data has verifiable proof-of-authorshipProof-of-Authority Extension : With additional syntactic features, extend to provide proof-of-authority for delegated authorizations, entitlements, permissions, rights, and credentialsPrivacy-Preserving Disclosure : Enable graduated disclosure mechanisms (compact, partial, selective, full) that allow progressive revelation of information while maintaining cryptographic verifiabilityComposability Schema-Based Type System : Use JSON Schema itself as the type definition mechanism, providing clean separation between data payload and metadata
Implementation Notes ACDC Implementation Notes
Critical Implementation Requirements
SAID Computation
Recursive Computation Order :
MUST compute SAIDs from innermost nested structures outward
Child SAIDs MUST be computed before parent SAIDs
Placeholder replacement MUST use exact character count matching final SAID length
Blake3-256 digest algorithm MUST be used for approximately 128 bits cryptographic strength
Canonical Serialization :
Field maps MUST preserve insertion order (not lexicographic)
Serialization MUST be consistent across all ACDC variants
Round-trip serialization/deserialization MUST preserve field order
Different serialization formats (JSON, CBOR, MGPK) require format-specific handling
Field Ordering Requirements
Top-Level Field Order (MANDATORY):
[v, d, u, i, rd, s, a, A, e, r]
Required Fields :
[v, d, i, s]
Violating field ordering will result in incorrect SAID computation and verification failures.
Privacy Implementation
Public vs. Private ACDCs :
Public ACDCs: Omit u (UUID) field, vulnerable to rainbow table attacks
Private ACDCs: Include u field with ≥128 bits entropy to prevent rainbow table attacks
UUID MUST be cryptographically random, not predictable
Graduated Disclosure Strategy :
Design schemas with graduated disclosure in mind from the start
Identify which sections should be selectively disclosable
Use attribute aggregates (A field) for unbundled selective disclosure
Implement compact variants for initial low-trust interactions
Progressively expand disclosure as trust relationships develop
Edge Validation
Edge Operator Constraints :
I2I (Issuer-to-Issuee) : Child credential issuer MUST be parent credential issueeDI2I (Delegated-Issuer-to-Issuee) : Child credential issuer MUST be parent credential issuee OR delegated AIDNI2I (Not-Issuer-to-Issuee) : No constraint on issuer/issuee relationship
The ACDC specification is being developed under the Trust Over IP Foundation's Technical Stack Working Group and is currently at version 0.9 Draft status. The specification references several normative dependencies:
KERI (Key Event Receipt Infrastructure) : Provides the foundational identifier and key management infrastructureSAID (Self-Addressing IDentifier) : Protocol for self-referential cryptographic digestsCESR (Composable Event Streaming Representation) : Encoding protocol for primitivesPTEL (Public Transaction Event Log) : For credential status trackingCESR-Proof : For cryptographic signature attachmentsIPEX (Issuance and Presentation Exchange) : Protocol for ACDC exchange The specification is hosted at the Trust Over IP Foundation GitHub repository and is being incubated for eventual IETF standardization.
Version History and Evolution The ACDC specification has evolved through several phases:
Early Conceptual Phase (2021) : Initial presentations at IIW and DICE conferences establishing core concepts of authentic data containers and chained provenanceDraft Specification Phase (2022) : Development of formal specification with JSON Schema integration, SAID protocol integration, and graduated disclosure mechanismsCurrent Phase (2023-2024) : Refinement of edge operators (I2I, DI2I, NI2I), integration with IPEX protocol, and production deployment in GLEIF vLEI ecosystem The specification has added crucial technical terms including ACDC, CESR, and IPEX in version 1.3, demonstrating continued technical sophistication.
Protocol Architecture
High-Level Architecture ACDCs are structured as ordered nested field maps (key-value mappings) where the term "field" is deliberately used instead of "key" to avoid confusion with cryptographic keys. The architecture follows a layered approach :
Layer 1: Structural Foundation
Ordered nested field maps with insertion-order preservation
Support for multiple serialization types (JSON, CBOR, MGPK, CESR)
Canonical serialization requirements for SAID computation
SAID protocol for self-referential cryptographic digests
Cryptographic commitment to content through SAIDs
Signature attachments via CESR-Proof
DAG formation through edge references
Chained provenance through SAID-based linking
Support for complex authorization graphs
Layer 4: Disclosure Control
Compact variants using SAID references
Graduated disclosure mechanisms
Privacy-preserving attribute revelation
Component Organization An ACDC consists of several primary components:
Top-Level Fields (mandatory ordering: [v, d, u, i, rd, s, a, A, e, r]):
v (Version String): Protocol identification and metadatad (SAID): Self-referential cryptographic digest of the enclosing mapu (UUID): Optional high-entropy nonce for privacyi (Issuer AID): Autonomic Identifier of the issuerrd (Registry SAID): Reference to issuance/revocation registrys (Schema): SAID of JSON Schema or schema block itselfa (Attribute): SAID of attribute block or block itselfA (Attribute Aggregate): Aggregate of selectively disclosable attributese (Edge): SAID of edge block or block itselfr (Rule): SAID of rules block or block itself Required Fields : [v, d, i, s]
Attribute Section : Contains claims about the credential subjectEdge Section : Defines connections to other ACDCs forming the DAGRule Section : Contains Ricardian contracts and usage policies
Data Flow and Control Flow
Issuer creates ACDC with required fields and sections
SAID computation recursively processes nested structures
Issuer signs the ACDC (typically the compact variant)
Signature is anchored in issuer's KEL via interaction or rotation event
ACDC is registered in TEL for status tracking
ACDC is transmitted to holder via IPEX protocol
Holder receives presentation request from verifier
Holder selects appropriate disclosure level (compact, partial, selective, full)
Holder creates presentation ACDC with chosen disclosure
Holder signs presentation via CESR-Proof
Presentation is transmitted to verifier via IPEX
Verifier validates signatures, SAIDs, and credential status
Verifier receives ACDC presentation
Verifier resolves issuer AID via OOBI
Verifier validates issuer's KEL and key state
Verifier verifies ACDC signature against issuer's current keys
Verifier validates SAID integrity recursively
Verifier checks credential status in TEL
Verifier validates schema compliance
Verifier validates edge chains if present
State Management Approach ACDCs themselves are stateless data structures - they represent immutable commitments at a point in time. However, state management occurs through:
KEL (Key Event Log) State :
Issuer's key state determines signature validity
Key rotations affect which keys can verify ACDC signatures
KEL provides authoritative key state at any point in time
TEL (Transaction Event Log) State :
Tracks issuance, revocation, and transfer events
Provides current status of credential (issued, revoked, transferred)
Anchored to issuer's KEL for verifiable provenance
Ephemeral state during IPEX exchanges
Challenge-response authentication state
Negotiation state for graduated disclosure
ACDC Message Structure ACDCs support multiple serialization formats with consistent semantic structure:
JSON Serialization (primary format for examples):
{
"v": "ACDC10JSON00011c_",
"d": "EAdXt3gIXOf2BBWNHdSXCJnFJL5OuQPyM5K0neuniccM",
"u": "0ABghkDaG7OY1wjaDAE0qHcg",
"i": "did:keri:EBkPreYpZfFk66jpf3uFv7vklXKhzBrAqjsKAn2EDIPM",
"ri": "did:keri:ECmRy7xMwsxUelUauaXtMxTfPAMPAI6FkekeolOjkggt",
"s": "ED6jrVPTzlSkUPqGGeIZ8a8FWS7a6s4reAXRZOkogZ2A",
"a": "EEveY4-9XgOcLxUderzwLIr9Bf7V_NHwY1lkFrn9y2PY",
"e": "EFH3dCdoFOLe71iheqcywJcnjtJtQIYPvAu6DZIl3MOA",
"r": "EG71iheqcywJcnjtJtQIYPvAu6DZIl3MORH3dCdoFOLB"
}
CBOR Serialization : Binary encoding following RFC 8949
MGPK Serialization : MessagePack binary encoding
CESR Serialization : Composable Event Streaming Representation for primitives
Field Definitions and Semantics
Format: ACDCMmmGggKKKKSSSS.
ACDC: Protocol identifierMm: Major version (hex)Ggg: CESR genus version (hex)KKKK: Serialization kind codeSSSS: Size in characters/bytes (hex).: Terminator Example: ACDC10JSON00011c_ indicates ACDC version 1.0, JSON serialization, size 0x11c
Self-Addressing Identifier computed over the entire ACDC
Uses Blake3-256 digest algorithm (approximately 128 bits cryptographic strength)
Encoded in CESR format (44 characters for 256-bit digest)
Computed by:
Replacing d field with placeholder # characters
Serializing to canonical form
Computing Blake3-256 digest
Encoding digest in CESR
Replacing placeholder with computed SAID
High-entropy pseudo-random string (≥128 bits)
Serves as "salty nonce" for privacy protection
Prevents rainbow table attacks on public ACDCs
Optional field distinguishing public vs. private ACDCs
KERI Autonomic Identifier of credential issuer
Must be transferable (support key rotation)
Encoded in CESR format
Resolves to KEL for key state verification
Registry Identifier (ri) :
SAID of TEL tracking credential status
Enables revocation checking
Optional for non-revocable credentials
SAID of JSON Schema defining credential structure
Enables schema verification and validation
Supports composed schemas via JSON Schema composition operators
Can be compact (SAID only) or expanded (full schema)
Contains credential claims and assertions
Can be compact (SAID) or expanded (full attributes)
Supports nested structures
Required fields depend on credential type
Array or aggregate of selectively disclosable attributes
Each attribute has its own SAID for selective disclosure
Enables unbundling of attributes
Supports bulk issuance patterns
Defines connections to other ACDCs
Creates DAG structure
Supports edge operators (I2I, DI2I, NI2I)
Enables complex authorization graphs
Contains Ricardian contracts
Defines usage policies and constraints
Machine-readable and human-readable
Supports chain-link confidentiality
Encoding Schemes
All cryptographic primitives encoded in CESR
Supports both text and binary domains
Composable and self-framing
Enables round-trip conversion between domains
Type-is-schema approach
Immutable schemas identified by SAID
Composable via JSON Schema operators
Supports both compact and uncompacted variants
Insertion-ordered field maps
No lexicographic ordering requirement
Consistent serialization for SAID computation
Round-trip preservation of field order
Protocol Mechanics
Message Exchange Patterns Issuance Exchange Pattern :
Offer Phase : Issuer offers credential to holder
Issuer sends IPEX offer message with ACDC SAID
Holder evaluates offer and decides to accept/reject
Grant Phase : Issuer grants credential to holder
Issuer sends IPEX grant message with full ACDC
ACDC includes issuer signature via CESR-Proof
Holder receives and validates ACDC
Admit Phase : Holder admits receipt of credential
Holder sends IPEX admit message acknowledging receipt
Holder may sign ACDC to indicate agreement with terms
Completes issuance exchange
Presentation Exchange Pattern :
Apply Phase : Verifier requests credential presentation
Verifier sends IPEX apply message specifying requirements
Requirements may include schema, attributes, disclosure level
Offer Phase : Holder offers to present credential
Holder sends IPEX offer message with ACDC SAID
Indicates willingness to present at specified disclosure level
Grant Phase : Holder grants credential presentation
Holder sends IPEX grant message with ACDC at chosen disclosure level
Includes holder signature via CESR-Proof
Verifier receives and validates presentation
Admit Phase : Verifier admits acceptance of presentation
Verifier sends IPEX admit message acknowledging validation
Completes presentation exchange
State Transitions Credential Lifecycle States :
Issued : Initial state after issuance, recorded in TELActive : Credential is valid and not revokedRevoked : Credential has been revoked by issuerExpired : Credential has passed validity period (if specified)Transferred : Credential ownership has been transferred (if transferable)
Issuance Event : Transitions credential to Issued stateRevocation Event : Transitions credential to Revoked stateTransfer Event : Transitions credential ownershipAll transitions anchored in issuer's KEL
Disclosure State Transitions :
Compact → Partial : Expand selected sections while keeping others compactPartial → Selective : Reveal specific attributes from aggregateSelective → Full : Expand all remaining compact sectionsAll transitions maintain SAID integrity
Timing and Ordering Requirements SAID Computation Ordering :
Must compute SAIDs from innermost blocks outward
Nested SAIDs must be computed before parent SAIDs
Ensures consistent SAID values across all variants
Issuer signature must be applied after SAID computation
Holder signature (if required) applied during presentation
Signatures verified in reverse order of application
ACDC signature must be anchored in issuer's KEL
Anchoring event must be witnessed and receipted
Verifiers must validate KEL state at time of signature
Issuance event must be registered in TEL
Registration must occur before credential presentation
Revocation events must be registered before taking effect
Security Properties
Threat Model The ACDC protocol addresses several threat categories:
Attacker attempts to create fake credentials
Mitigated by: Issuer signature verification via KEL
Attacker cannot forge valid signatures without compromising issuer keys
Attacker attempts to modify credential content
Mitigated by: SAID integrity verification
Any modification invalidates SAID, detected during verification
Attacker attempts to reuse revoked credentials
Mitigated by: TEL status checking
Verifiers must check current credential status
Attacker attempts to correlate credential presentations
Mitigated by: UUID nonces, selective disclosure, graduated disclosure
Private ACDCs use high-entropy UUIDs to prevent correlation
Attacker attempts to discover credential content via precomputed hashes
Mitigated by: UUID nonces in private ACDCs
High-entropy UUIDs make rainbow tables computationally infeasible
Attacker compromises issuer's signing keys
Mitigated by: Key rotation via KERI, pre-rotation for quantum resistance
Compromised keys can be rotated, invalidating old signatures
Security Guarantees The ACDC protocol provides several cryptographic security guarantees:
Cryptographic proof of issuer identity via AID
Non-repudiable signatures anchored in KEL
End-verifiable without trusted intermediaries
Tamper-evident via SAID mechanism
Any modification breaks cryptographic binding
Recursive integrity through nested SAIDs
Verifiable chain of authority via edge references
DAG structure provides complete provenance graph
Cryptographic binding between chained credentials
Issuer can revoke credentials via TEL
Revocation is verifiable and non-repudiable
Revocation state is end-verifiable
Graduated disclosure enables minimal disclosure
Selective disclosure prevents unnecessary correlation
Private ACDCs resist rainbow table attacks
Attack Resistance
Minimum 128 bits of cryptographic strength required
Blake3-256 provides approximately 128 bits security
Ed25519 signatures provide 128 bits security
Post-quantum considerations via KERI pre-rotation
KERI's duplicity detection extends to ACDCs
Conflicting credentials from same issuer are detectable
Witnesses and watchers provide duplicity evidence
AIDs provide Sybil-resistant identifiers
Key management via KERI prevents identity proliferation
Witness pools provide additional Sybil resistance
Denial of Service Resistance :
Stateless verification reduces DoS attack surface
No online issuer required for verification
Distributed witness pools prevent single points of failure
Interoperability
Dependencies on KERI/ACDC Protocols KERI (Key Event Receipt Infrastructure) :
Provides AID infrastructure for issuers and holders
KEL provides authoritative key state
Witness pools provide availability and duplicity detection
Pre-rotation provides quantum-resistant key management
SAID (Self-Addressing IDentifier) :
Core integrity mechanism for ACDCs
Enables content-addressable references
Provides tamper-evident properties
Supports graduated disclosure
CESR (Composable Event Streaming Representation) :
Encoding for all cryptographic primitives
Enables text/binary domain composability
Provides self-framing properties
Supports efficient streaming
Signature attachment mechanism
Enables nested partial signatures
Supports transposable signatures
Provides SAD path language for targeting
IPEX (Issuance and Presentation Exchange) :
Protocol for ACDC exchange
Defines offer/grant/admit patterns
Supports both issuance and presentation
Enables graduated disclosure negotiation
OOBI (Out-Of-Band Introduction) :
Discovery mechanism for AIDs
Enables KEL resolution
Provides service endpoint discovery
Supports witness pool discovery
TEL (Transaction Event Log) :
Credential status tracking
Issuance/revocation/transfer events
Anchored to issuer's KEL
Provides verifiable credential lifecycle
Integration Points W3C Verifiable Credentials :
ACDCs can be expressed as W3C VCs
ACDC provides enhanced features (chaining, graduated disclosure)
Compatible with VC data model
Extends VC with KERI security properties
did:keri method for KERI AIDsdid:webs method for web-based KERICompatible with DID resolution
Supports DID document generation
ACDCs can include JSON-LD contexts
Schema-based approach preferred over JSON-LD
Avoids JSON-LD security issues
Maintains semantic interoperability
ACDCs can be used in OAuth flows
IPEX provides alternative to OIDC
Compatible with existing identity infrastructure
Provides enhanced security properties
Production deployment by GLEIF
Legal Entity Identifier credentials
Role credentials (OOR, ECR)
Hierarchical trust model
Implementation Considerations
Common Challenges
Recursive computation requires careful ordering
Canonical serialization must be consistent
Placeholder replacement must be exact
Different serialization formats require different handling
Determining appropriate disclosure level
Managing multiple ACDC variants
Ensuring SAID consistency across variants
Balancing privacy and verifiability
Validating edge operator constraints (I2I, DI2I, NI2I)
Resolving chained credentials
Detecting circular references
Validating DAG structure
Ensuring schema immutability
Managing schema versions
Validating schema composition
Handling schema evolution
Anchoring credentials in TEL
Checking credential status
Handling revocation events
Managing TEL state
SAID Computation Performance :
Blake3-256 is highly optimized
Recursive computation can be parallelized
Caching SAIDs improves performance
Incremental computation for large structures
Signature Verification Performance :
Ed25519 verification is fast
Batch verification can improve throughput
Caching verified signatures reduces overhead
Parallel verification of multiple signatures
KEL Resolution Performance :
OOBI resolution can be cached
Witness pools provide redundancy
Watchers provide local KEL copies
Incremental KEL updates reduce bandwidth
TEL state can be cached
Backers provide redundant TEL copies
Incremental TEL updates reduce overhead
Bloom filters can optimize status checks
Compact variants reduce transmission size
Graduated disclosure enables progressive loading
Selective disclosure reduces processing overhead
Caching disclosed variants improves performance
Best Practices
Use immutable schemas identified by SAID
Leverage JSON Schema composition for extensibility
Design for graduated disclosure from the start
Include clear attribute semantics
Use private ACDCs (with UUID) for sensitive data
Implement graduated disclosure strategies
Use selective disclosure for minimal disclosure
Apply chain-link confidentiality for legal protection
Use KERI pre-rotation for quantum resistance
Implement multi-sig for high-value credentials
Rotate keys regularly
Use HSMs for key protection
Register credentials in TEL immediately
Implement revocation procedures
Monitor credential status
Archive revoked credentials
Always verify issuer's KEL state
Check credential status in TEL
Validate SAID integrity recursively
Verify edge chains completely
Validate schema compliance
Use standard schemas where possible
Support multiple serialization formats
Implement IPEX protocol correctly
Provide OOBI for AID discovery
Document custom extensions clearly
Resolve edge SAID to referenced ACDC
Validate referenced ACDC signature and integrity
Check edge operator constraint compliance
Recursively validate entire edge chain
Detect and reject circular references
TEL Integration
Create issuance event in TEL
Anchor issuance event in issuer's KEL via interaction or rotation event
Wait for witness receipts on KEL event
Verify TEL state before presenting credential
Resolve registry identifier (ri field) to TEL
Query TEL for credential SAID
Verify TEL state is anchored in issuer's KEL
Check for revocation events
Validate TEL state is current (not stale)
Schema Management
Schemas MUST be immutable once published
Schema SAID provides content-addressable reference
Schema changes require new SAID (new version)
Use JSON Schema composition for extensibility without breaking changes
Resolve schema SAID to schema document
Validate ACDC structure against schema
Check required fields are present
Validate field types and constraints
Verify schema composition if using composed schemas
Signature Handling
Sign compact variant for maximum efficiency
Anchor signature in KEL via interaction or rotation event
Use CESR-Proof format for signature attachments
Support multiple signature types (Ed25519, ECDSA, etc.)
Holder Signature (for presentations):
Sign at appropriate disclosure level
Use CESR-Proof for signature attachment
Include challenge-response if required
Support multi-sig for group presentations
Performance Optimization
Cache computed SAIDs to avoid recomputation
Cache resolved KELs to reduce OOBI resolution overhead
Cache TEL state with appropriate TTL
Cache verified signatures to reduce verification overhead
Batch SAID computations for multiple ACDCs
Batch signature verifications using Ed25519 batch verification
Batch KEL resolutions for multiple AIDs
Batch TEL queries for multiple credentials
Error Handling
Invalid SAID (content modified)
Invalid signature (key mismatch or tampering)
Revoked credential (TEL shows revocation)
Expired credential (past validity period)
Invalid edge chain (broken references)
Schema validation failure
KEL resolution failure
TEL query failure
Implement retry logic for network failures
Provide clear error messages for validation failures
Log all verification failures for audit
Implement fallback mechanisms for unavailable services
Security Considerations
Use KERI pre-rotation for quantum resistance
Implement multi-sig for high-value credentials
Rotate keys regularly according to policy
Use HSMs or secure enclaves for key protection
Never reuse keys across different AIDs
Verification Best Practices :
ALWAYS verify issuer's KEL state before trusting signature
ALWAYS check credential status in TEL
ALWAYS validate SAID integrity recursively
ALWAYS verify edge chains completely
ALWAYS validate schema compliance
NEVER trust credentials without full verification
Testing Requirements
SAID computation correctness
Signature generation and verification
Schema validation
Edge validation
TEL integration
End-to-end issuance flow
End-to-end presentation flow
KEL resolution via OOBI
TEL status checking
Multi-party scenarios
Tampering detection
Forgery prevention
Revocation enforcement
Rainbow table resistance
Replay attack prevention
Interoperability Testing Cross-Implementation Testing :
Test against multiple KERI implementations (KERIpy, KERIox, etc.)
Verify ACDC compatibility across implementations
Test different serialization formats (JSON, CBOR, MGPK)
Validate IPEX protocol compatibility
Test OOBI resolution across implementations
Validate against ACDC specification
Test W3C VC compatibility if applicable
Verify DID method compliance if using did:keri or did:webs
Test JSON Schema compliance
Validate CESR encoding correctness