During Rotation: A previously transferable identifier is converted to abandoned state through a rotation event. The rotation itself is signed by the current authoritative keys according to the current signing threshold, but commits to no future keys through the empty ndigers field.

Protocol Consequences

Once an AID is abandoned through this mechanism:

1. Key State Freezing: The identifier's key state becomes frozen. The current keys from the abandonment event remain in the derived key state, but with next keys set to empty and next threshold set to 0.

2. Event Rejection: Any event occurring after the abandonment event is not accepted by validators. The key event log cannot be extended beyond the abandonment point.

3. Permanent Non-Transferability: Control authority cannot be transferred or rotated to new key pairs. The identifier becomes immutable from the abandonment point forward in its event history.

4. Verifiable Termination: All validators (witnesses, watchers, verifiers) can independently verify the abandonment state by processing the KEL and observing the empty ndigers and zero nt fields.

Distinction from Related Concepts

Abandoned identifiers should be distinguished from:

• Non-transferable identifiers: While an abandoned identifier becomes non-transferable, a non-transferable identifier may have been created without pre-rotation capability from inception. Abandonment is a specific terminal state with explicit empty next key commitments.

• Key compromise: A compromised key represents a security failure where keys are lost or stolen. An abandoned identifier is a deliberate protocol operation to terminate the identifier.

• Revocation: Typically applies to credentials or authorizations derived from an identifier, not the identifier itself. Abandonment terminates the identifier's ability to participate in any future protocol operations.

Historical Event Preservation

Critically, abandonment does not delete or invalidate the historical KEL. All previous events in the log remain valid and verifiable. The abandonment operation adds a new event to the KEL that signals the terminal state. This preserves the complete audit trail and provenance of the identifier while making clear that its lifecycle has ended.

For detailed implementation discussion and edge cases, see the KERIpy GitHub discussion #821, which provides technical analysis of how abandoned identifiers are processed and validated in the reference implementation.

Testing Requirements

Implementations MUST test:

1. Basic abandonment event creation and validation
2. Rejection of events after abandonment
3. Delegation chain invalidation
4. Historical ACDC verification after issuer abandonment
5. Witness consensus on abandonment state
6. Duplicity detection for conflicting abandonment states
7. Edge cases (partial abandonment conditions)
8. TEL interaction with abandoned registries/backers

Performance Optimization

For systems managing large numbers of identifiers:

• Implement database indexes on abandonment state
• Consider separate storage for abandoned identifier KELs
• Implement KEL pruning strategies for abandoned identifiers (while maintaining verification capability)
• Cache abandonment state at multiple layers (database, application, API)

Security Considerations

Implementations MUST:

• Verify that abandonment events are properly signed by current authoritative keys
• Ensure abandonment state is derived from the complete KEL, not just the latest event
• Implement duplicity detection to identify conflicting abandonment states
• Log abandonment operations for audit purposes
• Consider rate limiting or additional authentication for abandonment operations in custodial systems