Loading vLEI.wiki
Fetching knowledge base...
Fetching knowledge base...
This comprehensive explanation has been generated from 17 GitHub source documents. All source documents are searchable here.
Last updated: October 7, 2025
This content is meant to be consumed by AI agents via MCP. Click here to get the MCP configuration.
Note: In rare cases it may contain LLM hallucinations.
For authoritative documentation, please consult the official GLEIF vLEI trainings and the ToIP Glossary.
A group signature scheme where multiple signing groups (and optionally individual signers) collectively produce a single signature with variable length proportional to the number of participants, designed for practical deployment on existing PKI infrastructure.
A collective signature is a specialized form of group signature scheme that enables multiple entities to produce unified cryptographic signatures over shared data. According to the source material, collective signatures are distinguished by two fundamental protocol types:
The source explicitly states that "the protocol of the first type is constructed and described in detail" and that "it is possible to modify the described protocol which allows transforming the protocol of the first type into the protocol of the second type." This transformation capability provides implementation flexibility for systems requiring different participant models.
The defining technical characteristic that distinguishes collective signatures from other group signature schemes is their variable length property. As stated in the source material, collective signatures "have a variable length as a function of the number of signers." This means the signature size scales linearly with the number of participating entities, in contrast to threshold signatures or aggregated signatures that may produce fixed-size outputs.
This variable length property has several implications:
To integrate collective signatures into KERI systems:
Deploying collective signatures for witness coordination requires:
Verification Scaling: Collective signature verification time scales linearly with participant count. Systems should:
Storage Optimization: Variable-length signatures require:
Leveraging existing PKI infrastructure:
For systems adopting collective signatures:
A significant practical advantage highlighted in the source material is that collective signature protocols can be implemented "on the base of the existing public key infrastructures." This PKI compatibility is described as one of the "significant merits" of collective signature schemes, as it allows organizations to adopt these protocols without requiring entirely new cryptographic infrastructure.
The ability to leverage existing PKI systems means collective signatures can work with standard cryptographic primitives and key management infrastructure already deployed in organizational settings.
While collective signatures are not core KERI protocol components, the source material establishes their conceptual relevance to several KERI scenarios:
The sources note that collective signatures relate to KERI's multi-signature schemes. In KERI, multi-sig AIDs require threshold-based signatures from multiple controllers. The source material on controllers explains that when multiple controlling entities exist, control can be established through multi-signature schemes where "each is assigned a weight" and "control is established when signatures are attached that are sufficient to achieve the established threshold."
The controller documentation specifically mentions that "multiple signatures may be expressed as a single collective threshold signature using the appropriate specialized threshold signature scheme." This direct reference establishes the conceptual link between collective signatures and KERI's multi-controller scenarios.
KERI's witness architecture involves multiple entities providing signatures on key events. The source material on indexed signatures explains that "an indexed signature attachment is used when signing anything with a multi-key autonomic identifier" and that "the index is included as part of the attachment, so a verifier knows which of the multiple public keys was used to generate a specific signature."
While KERI currently uses individual indexed signatures from witnesses rather than collective signatures, the conceptual parallel exists: multiple entities (witnesses) providing verifiable signatures that collectively establish the validity of key events.
Collective signatures belong to the broader category of group signature schemes. The source material positions them as a specialized form that supports:
Unlike simpler concatenation of individual signatures, collective signature protocols provide a structured cryptographic primitive that represents multi-party participation in a unified signature construct.
The source material emphasizes two key implementation aspects:
The ability to transform Type I protocols into Type II protocols suggests a modular design approach. Organizations can begin with simpler group-only signing (Type I) and evolve to more complex group-plus-individual schemes (Type II) as requirements change, without fundamentally redesigning the signature infrastructure.
The explicit mention of compatibility with "existing public key infrastructures" indicates that collective signatures are designed for practical deployment in real-world organizational settings. This pragmatic approach allows adoption without requiring wholesale replacement of cryptographic infrastructure.
While the source material does not provide exhaustive cryptographic analysis, several properties are implicit in the definition:
Verifiability: As signature schemes, collective signatures must be verifiable by entities possessing the appropriate public keys of participating signers.
Non-repudiation: Each participating entity's contribution to the collective signature establishes their involvement, preventing later denial of participation.
Threshold Support: The Type II protocol's ability to combine "several signing groups and several individual signers" suggests support for complex threshold and weighting schemes.
KERI currently uses indexed signatures to handle multi-key scenarios. As the source explains, "an indexed signature attachment is used when signing anything with a multi-key autonomic identifier." Each signature is a separate primitive with an embedded index indicating which key was used.
Collective signatures represent a conceptual alternative where multiple signatures could be represented as a unified primitive rather than separate indexed signatures. However, the source material explicitly states that collective signatures are "not directly part of core KERI specifications" and "not explicitly defined as CESR primitives."
The source material references scholarly work on collective signature protocols (specifically citing https://link.springer.com/chapter/10.1007/978-981-10-7512-4_20), indicating that these schemes have academic foundations and documented construction details.
The emphasis on "practical using" based on existing PKI suggests that collective signatures have been designed with real-world deployment scenarios in mind, balancing cryptographic properties with operational constraints.
The source material provides a high-level definition of collective signatures but does not include:
These details would require reference to the academic source material cited in the glossary or future KERI specifications that might formally incorporate collective signature primitives.
Collective signatures represent a specialized cryptographic primitive relevant to multi-party signing scenarios. Their variable length property, PKI compatibility, and support for both group-based and mixed group-individual signing make them conceptually relevant to KERI's multi-signature and witness coordination requirements, though they are not currently part of the core KERI protocol specification. The transformation capability between Type I and Type II protocols provides implementation flexibility for evolving organizational requirements.