Traditional Provenance Systems

The concept of provenance originates in art history, archaeology, and legal evidence management, where establishing the chain of custody for physical objects has been critical for centuries. Traditional provenance relied on:

• Paper trails: Physical documentation of ownership sequences
• Expert testimony: Authorities vouching for authenticity
• Comparative analysis: Matching against known authentic examples
• Scientific testing: Material analysis to verify age and origin

These methods provided contextual and circumstantial evidence but lacked cryptographic guarantees. The transition to digital systems initially replicated these weaknesses—digital signatures could prove integrity, but tracking provenance required trusted intermediaries.

Digital Identity Evolution

Early digital identity systems separated integrity from provenance:

PKI/Certificate Authority Model:

• Provided integrity through digital signatures
• Required trusted third parties for provenance
• Created administrative rather than cryptographic roots of trust
• Vulnerable to CA compromise and DNS hijacking

Blockchain Approaches:

• Offered algorithmic trust through distributed consensus
• Provided provenance through immutable ledgers
• Required shared infrastructure and governance
• Locked identifiers to specific platforms

The Authentic Data Gap

The fundamental challenge was creating data structures that could provide end-verifiable proof of both integrity and provenance without relying on:

• Centralized authorities
• Shared ledger infrastructure
• Platform-specific trust models
• External verification services

This gap motivated the development of Decentralized Autonomic Data (DAD) concepts and eventually the KERI protocol.

KERI's Approach

Cryptographic Root-of-Trust

KERI establishes authentic data through an autonomic trust basis where:

Integrity is guaranteed by:

• Self-Addressing Identifiers (SAIDs) that cryptographically bind to content
• Hash-chained Key Event Logs (KELs) creating tamper-evident structures
• CESR encoding providing composable, verifiable primitives
• Cryptographic digests with 128+ bits of strength

Provenance is established through:

• Autonomic Identifiers (AIDs) with verifiable key state
• Key event logs tracking complete control history
• Pre-rotation enabling secure key transitions
• Witness receipts providing distributed verification

Authentic Chained Data Containers (ACDCs)

The ACDC specification implements authentic data through:

Structural Authenticity:

• Each ACDC contains a SAID that cryptographically commits to its contents
• The SAID is embedded within the data structure it identifies (self-referential)
• Any modification to the ACDC produces a different SAID (tamper-evident)
• Schema definitions are themselves SAIDified for immutable type definitions

Provenance Chains:

• ACDCs form directed acyclic graphs (DAGs) of verifiable relationships
• Each ACDC references other ACDCs through their SAIDs
• Issuers sign ACDCs with keys whose authority is proven through KELs
• The complete chain from root AID to current ACDC is cryptographically verifiable

Dual Verification Mechanisms

KERI provides two coherent mechanisms for establishing provenance:

1. Cryptographic Verification:

• Historic documentation of cryptographically verifiable key states
• Data consistency proofs through hash chains
• Results in secure attribution (proof of who controlled the data)

2. Credential Attestation:

• Historic documentation of credentials and authorizations
• Attested claims about data accuracy and validity
• Results in verifiable veracity (proof of truthfulness)

This dual approach enables ACDCs to provide both:

• Proof of authorship: Who originally created the data
• Proof of authority: Who has rights to use or modify the data

End-Verifiability

KERI's approach to authentic data is end-verifiable, meaning:

• Any recipient can independently verify authenticity
• No reliance on infrastructure not under the verifier's control
• Verification works even if discovery infrastructure is compromised
• Ambient verifiability: Anyone, anywhere, anytime can verify

This contrasts with systems requiring:

• Trust in certificate authorities
• Access to specific blockchains
• Online verification services
• Platform-specific resolvers

The RUN Model

KERI's RUN (Read, Update, Nullify) model protects authentic data by:

Eliminating deletion: Data is never removed from logs, only nullified

• Preserves complete audit trails
• Prevents deletion attacks
• Maintains verifiable history

Monotonic updates: Each update includes verifiable metadata

• Growing sequence numbers
• Timestamps
• Cryptographic commitments

Non-interactive replay protection: The log structure itself prevents tampering

• Replay attacks become detectable
• Event ordering is cryptographically enforced
• Duplicity becomes evident

Practical Implications

Use Cases

Supply Chain Management:

• Physical goods tracked through digital twins
• Each transformation documented in ACDCs
• Complete chain of custody from manufacture to delivery
• Authenticity verifiable at any point in the chain

Legal Entity Credentials (vLEI):

• GLEIF issues verifiable Legal Entity Identifiers
• Each credential's authenticity traceable to GLEIF root
• Organizational roles and authorizations form provenance chains
• Cross-border verification without centralized infrastructure

Academic Credentials:

• Universities issue degree credentials as ACDCs
• Students hold credentials with verifiable provenance
• Employers verify authenticity without contacting issuers
• Credential revocation tracked through TELs

Data Marketplaces:

• Data products carry provenance from original sources
• Transformations and derivations remain traceable
• Buyers verify data authenticity before purchase
• Attribution enables proper compensation to creators

Benefits

Security:

• Cryptographic guarantees replace administrative trust
• Tampering becomes immediately evident
• No single point of failure or compromise
• Post-quantum resistant through digest-based commitments

Portability:

• Authentic data moves between systems without losing properties
• No platform lock-in
• Verification works across trust domains
• Infrastructure independence

Scalability:

• Verification is local and efficient
• No global consensus required
• Parallel processing of independent chains
• Minimal infrastructure requirements

Privacy:

• Selective disclosure preserves authenticity
• Graduated revelation mechanisms
• Correlation resistance through blinding
• Privacy-preserving verification

Trade-offs

Complexity:

• Requires understanding of cryptographic primitives
• Key management becomes critical
• Recovery mechanisms must be carefully designed
• Learning curve for implementers

Storage:

• Complete provenance chains require storage
• Historical data cannot be deleted
• Nullification adds records rather than removing them
• Trade-off between completeness and efficiency

Key Management:

• Lost keys mean lost control
• Compromise requires rotation and recovery
• Multi-signature schemes add coordination overhead
• Delegation increases complexity

Adoption:

• Requires ecosystem coordination
• Interoperability depends on standard compliance
• Legacy systems may not support authentic data
• Migration from existing systems requires planning

The Authentic Web Vision

The ultimate implication of authentic data is the Authentic Web—a vision where all data on the internet has verifiable proof of authorship and integrity. This would enable:

• Universal attribution: Every piece of data traceable to its source
• Automated trust decisions: Machines can verify authenticity without human intervention
• Reputation systems: Consistent behavior over time becomes verifiable
• Value attribution: Creators can be compensated based on verifiable contributions
• Regulatory compliance: Audit trails are cryptographically guaranteed

KERI provides the foundational infrastructure for this vision by making authentic data practical, scalable, and universally verifiable without requiring centralized authorities or shared infrastructure.