• Documents could be forged or altered
• Gaps in documentation were difficult to detect
• Verification required access to centralized records
• Cross-jurisdictional tracking was complex
• Real-time verification was impossible

The emergence of portable technology enabling on-site analysis shortened physical custody chains, but digital systems introduced new challenges around data provenance, authenticity, and verifiable attribution.

KERI's Approach

KERI transforms chain-of-custody from a documentation problem into a cryptographic verification problem. Rather than relying on trusted intermediaries to maintain custody records, KERI provides self-certifying, cryptographically verifiable provenance chains through several integrated mechanisms:

Key Event Logs (KELs) as Custody Records

The KEL serves as an append-only, cryptographically-chained custody record for identifier control. Each establishment event (inception or rotation) represents a custody transfer of control authority:

• Inception events establish initial custody
• Rotation events document custody transfers through key rotation
• Interaction events anchor external data without changing custody
• Delegation events create hierarchical custody relationships

The KEL's backward and forward chaining through cryptographic digests creates a tamper-evident chain where any modification to historical events is immediately detectable. The pre-rotation mechanism provides cryptographic commitment to future custody transfers before they occur, preventing unauthorized custody seizure.

Authentic Chained Data Containers (ACDCs)

ACDCs extend chain-of-custody from identifier control to data provenance. Each ACDC forms a node in a directed acyclic graph (DAG) where edges represent custody relationships:

Proof-of-Authorship Chains: ACDCs provide granular provenanced proof-of-authorship through cryptographically-linked chains. The SAID (Self-Addressing Identifier) of each ACDC creates a content-addressable commitment that binds the data to its creator.

Proof-of-Authority Chains: Beyond authorship, ACDCs support delegated authorization chains where custody of authority (not just data) is tracked. The edge section enables three operators:

• I2I (Issuer-to-Issuee): Strict custody chain where only the subject of a parent credential can issue child credentials
• DI2I (Delegated-Issuer-to-Issuee): Extends custody to formally delegated identifiers
• NI2I (Not-Issuer-to-Issuee): Permits reference without custody transfer

These operators enable flexible custody models while maintaining cryptographic verifiability of the complete chain.

Transaction Event Logs (TELs)

The TEL provides registry-backed chain-of-custody for credential lifecycle events:

• Issuance events establish initial custody
• Revocation events terminate custody
• Transfer events (in some implementations) document custody changes

TELs are anchored to KELs through seals, creating a two-layer custody architecture where the KEL establishes control authority and the TEL tracks credential custody.

Witness Infrastructure

KERI's witness infrastructure provides distributed custody verification. Witnesses maintain independent copies of KELs and provide receipts that establish first-seen consensus. This creates:

• Ambient duplicity detection: Any attempt to create conflicting custody records is immediately detectable
• Distributed verification: No single party controls the custody record
• Threshold-based consensus: The TOAD (Threshold of Accountable Duplicity) defines minimum witness agreement

The KAACE (KERI's Agreement Algorithm for Control Establishment) ensures witnesses reach consensus on custody events without requiring blockchain-style total ordering.

Graduated Disclosure and Chain-Link Confidentiality

KERI supports privacy-preserving chain-of-custody through:

Graduated disclosure: Custody information can be revealed progressively:

• Compact disclosure: Reveal only SAIDs (commitments)
• Partial disclosure: Reveal selected field maps
• Selective disclosure: Reveal specific attributes
• Full disclosure: Reveal complete contents

Chain-link confidentiality: Custody obligations flow through the disclosure chain, binding all downstream recipients to confidentiality requirements. This creates contractually-protected custody chains where legal obligations are cryptographically linked to data custody.

Differences from Traditional Approaches

KERI's chain-of-custody differs fundamentally from traditional systems:

The key innovation is eliminating trust in intermediaries while maintaining (and exceeding) the verifiability guarantees of traditional custody systems.

Practical Implications

Use Cases

Supply Chain Provenance: KERI enables authentic data supply chains where physical supply chains have digital twins tracked through ACDC chains. Each custody transfer in the physical world is anchored to a cryptographically verifiable event in the digital twin, enabling:

• Real-time custody verification
• Tamper-evident audit trails
• Automated compliance checking
• Cross-border provenance tracking

Credential Delegation Chains: The vLEI ecosystem demonstrates hierarchical custody:

1. GLEIF issues QVI credentials (root custody)
2. QVIs issue Legal Entity credentials (delegated custody)
3. Legal Entities issue role credentials (OOR, ECR) (further delegated custody)

Each level maintains cryptographic proof of custody authorization through the complete chain back to GLEIF.

Data Transformation Pipelines: Decentralized Autonomic Data (DAD) items enable verifiable data flow chains where each transformation step is cryptographically documented. This supports:

• Algorithm provenance tracking
• Data lineage verification
• Reproducible research
• Regulatory compliance for data processing

Digital Rights Management: ACDCs can track custody of authority over digital assets, enabling verifiable transfer of rights without centralized registries.

Benefits

End-to-End Verifiability: Any party can independently verify the complete custody chain without relying on trusted intermediaries. The end-verifiable property means verification requires only the KEL/ACDC chain itself.

Ambient Duplicity Detection: Attempts to create conflicting custody records are automatically detected through duplicity detection mechanisms, providing ambient verifiability where anyone, anywhere, anytime can detect custody fraud.

Scalable Verification: Unlike blockchain systems requiring global consensus, KERI's custody verification scales horizontally through witness pools and watcher networks without performance degradation.

Privacy Preservation: Graduated disclosure enables selective custody revelation where parties can prove custody without revealing sensitive details about the custodied data.

Legal Compatibility: Chain-link confidentiality creates legally-binding custody obligations that flow through the chain, making KERI custody records admissible in legal proceedings.

Trade-offs

Complexity: Implementing cryptographic custody chains requires understanding KELs, ACDCs, TELs, witnesses, and their interactions. This is more complex than simple database records.

Key Management: Custody is tied to cryptographic keys. Key compromise can break the custody chain, though KERI's pre-rotation and rotation mechanisms provide recovery paths.

Witness Dependency: Custody verification relies on witness availability. While watchers provide redundancy, complete witness failure could impact custody verification (though not custody itself, which is self-certifying).

Storage Requirements: Maintaining complete custody chains requires storing full KELs and ACDC graphs. For long-lived identifiers with many events, this can be substantial.

Temporal Considerations: Custody chains are temporally ordered, but KERI uses first-seen rather than absolute timestamps. This provides stronger security but may complicate integration with systems requiring precise timestamps.

Despite these trade-offs, KERI's cryptographic chain-of-custody provides provably stronger guarantees than traditional systems while enabling decentralized, scalable verification impossible with paper-based or centrally-managed custody records.