Comprehensive Explanation

Confidentiality in KERI

Conceptual Definition

Confidentiality is a fundamental security property that ensures all statements in a conversation are only known by the parties to that conversation. In the context of KERI and digital identity systems, confidentiality specifically addresses the protection of content data - what information is disclosed and to whom - through cryptographic mechanisms like encryption and access control.

The concept extends beyond simple encryption to encompass:

• Content protection: Ensuring message payloads remain private to authorized recipients
• Access control: Restricting who can decrypt and view information
• Authorized disclosure: Enabling controlled sharing based on permissions
• End-to-end protection: Maintaining confidentiality throughout data lifecycle (in motion and at rest)

Confidentiality is distinct from but complementary to authenticity (proving who said what) and privacy (protecting metadata about who participated in communications). These three properties form an interconnected security framework where confidentiality specifically addresses the "what" of information protection.

The PAC Theorem and Security Trade-offs

A critical theoretical foundation for understanding confidentiality in KERI is the PAC Theorem (Privacy, Authenticity, Confidentiality), which establishes a fundamental constraint:

"One can have any two of the three (privacy, authenticity, confidentiality) at the highest level but not all three."

This theorem, central to KERI's design philosophy, means that:

1. Trade-offs are mandatory: No cryptographic system can simultaneously maximize all three properties
2. Layering introduces vulnerabilities: Since no single cryptographic operation provides all three properties, systems must layer operations, and separation between layers creates potential attack surfaces
3. Prioritization is necessary: System designers must explicitly choose which properties to emphasize

The Trust over IP (ToIP) design goals that guide KERI establish a clear priority ordering:

1. Authenticity first: Verifiable origin and integrity as the foundation
2. Confidentiality second: Protection of content from unauthorized access
3. Privacy third: Maximized within constraints imposed by the first two properties

This ordering reflects KERI's architectural philosophy: build on a foundation of cryptographically verifiable authenticity, layer confidentiality mechanisms on top, and then maximize privacy without compromising the first two properties. The rationale is that privacy protections are meaningless without authentic attribution - you cannot have meaningful privacy if you cannot verify who you're communicating with.

KERI's Approach to Confidentiality

Cryptographic Foundations

KERI implements confidentiality through well-established cryptographic primitives rather than complex zero-knowledge proofs or novel cryptographic constructions. The SPAC (Secure Private Authentic Confidentiality) framework specifies:

Strong Confidentiality via IND-CCA2: KERI requires IND-CCA2 (Indistinguishability under Adaptive Chosen Ciphertext Attack) security for confidential communications. This is achieved through:

• ECIES/HPKE implementations (RFC-9180) for hybrid public key encryption
• Libsodium sealed boxes as a baseline implementation
• End-only viewability: Only the intended recipient can decrypt; even the sender cannot decrypt after encryption
• Ephemeral X25519 key pairs combined with long-term recipient keys

Combined Security: ESSR Protocol: For scenarios requiring both authenticity and confidentiality, KERI specifies the ESSR (Encrypt Sender Sign Receiver) protocol:

• Protects against key-compromise impersonation attacks
• Provides multiple security properties: TUF-PTXT, TUF-CTXT, RUF-PTXT, and RUF-CTXT
• Enables non-repudiation through authenticated encryption
• Uses HPKE-Auth with Ed25519 signatures for authentication

Graduated Disclosure in ACDCs

KERI's ACDC (Authentic Chained Data Container) credential framework implements sophisticated confidentiality mechanisms through graduated disclosure:

Compact Disclosure: ACDCs can be disclosed in compact form where only SAIDs (Self-Addressing Identifiers) are revealed instead of full content. This provides:

• Minimal information leakage: Only cryptographic commitments are shared initially
• Verifiable commitments: SAIDs cryptographically bind to undisclosed content
• Progressive revelation: Full content can be disclosed later with verifiable linkage to earlier commitments

Partial Disclosure: Specific sections of an ACDC can be revealed while others remain as SAIDs, enabling:

• Selective section disclosure: Reveal only necessary field maps
• Cryptographic equivalence: Compact and full variants are cryptographically equivalent
• Backward verifiability: Later full disclosure verifies against earlier partial disclosure

Selective Disclosure: Individual attributes can be disclosed independently through:

• Blinded attribute blocks: Each selectively disclosable attribute has its own cryptographic commitment
• Non-correlation: Undisclosed attributes remain unlinkable to disclosed ones
• Flexible revelation: Attributes can be revealed incrementally as needed

Private ACDCs: For maximum confidentiality, ACDCs can include high-entropy UUIDs as "salty nonces" that:

• Prevent rainbow table attacks: Even with schema knowledge, content cannot be discovered
• Enable correlation resistance: Different presentations cannot be linked
• Support confidential registries: Issuance/revocation state can be hidden

Contractually Protected Disclosure

KERI extends technical confidentiality with legal frameworks through contractually protected disclosure:

Chain-Link Confidentiality: This mechanism creates legally binding confidentiality obligations that:

• Chain downstream: Each recipient inherits confidentiality obligations
• Express usage constraints: Legal language specifies permitted uses
• Apply to third parties: Constraints bind both direct recipients and downstream parties
• Enable recourse: Violations create legal liability

Contingent Disclosure: Information release is made contingent on:

• Condition satisfaction: Disclosure occurs only when requirements are met
• Progressive revelation: More information revealed as conditions are satisfied
• Contractual agreements: Legal frameworks established before sensitive data sharing

IPEX Protocol: The Issuance and Presentation Exchange (IPEX) protocol provides the infrastructure for:

• Schema-first disclosure: Share data structure before content
• Contract-based controls: Legal agreements precede information exchange
• Graduated mechanisms: Support for compact, partial, selective, and full disclosure
• Cross-variant verifiability: Issuer commitments remain verifiable across disclosure variants

End-to-End Security Requirements

KERI mandates end-to-end confidentiality throughout data lifecycle:

Data in Motion: All inter-host communication must be:

• End-to-end encrypted: Confidentiality maintained across network transmission
• Signed and encrypted: Combined authenticity and confidentiality
• Transport-independent: Security properties maintained regardless of underlying transport

Data at Rest: All stored data must be:

• Encrypted at rest: Confidentiality maintained in storage
• Signed: Authenticity preserved alongside confidentiality
• Access-controlled: Only authorized parties can decrypt

Separation from Privacy

KERI makes a critical distinction between confidentiality and privacy:

Confidentiality protects content (what was said) through:

• Encryption of message payloads
• Access control on data
• Selective disclosure mechanisms

Privacy protects metadata (who participated) through:

• Correlation-resistant identifiers
• Metadata minimization
• Partitioned relationships

This separation enables KERI to provide strong confidentiality guarantees while acknowledging that privacy is a "hot war" requiring ongoing tactical adaptation against evolving correlation techniques. Confidentiality can be achieved with arbitrarily strong cryptographic protection, while privacy faces resource-constrained adversaries with rapidly evolving capabilities.

Practical Implications

Use Cases

Enterprise Credential Exchange: Organizations using vLEI credentials can:

• Disclose compact credentials initially (only SAIDs)
• Progressively reveal attributes as trust develops
• Maintain confidentiality of sensitive organizational data
• Establish contractual protections before full disclosure

Supply Chain Data Sharing: Digital twins of physical supply chains can:

• Share provenanced data with confidentiality protections
• Use graduated disclosure to reveal information incrementally
• Maintain chain-link confidentiality across multiple parties
• Protect proprietary information while enabling verification

Healthcare Information Exchange: Medical credentials and records can:

• Selectively disclose attributes relevant to specific interactions
• Maintain confidentiality of sensitive health information
• Use contractual protections for HIPAA compliance
• Enable verification without full disclosure

Benefits

Cryptographic Strength: KERI's confidentiality mechanisms provide:

• Computationally infeasible to break: Using well-established cryptographic primitives
• Post-quantum considerations: Forward-looking security properties
• Proven algorithms: "Dumb crypto" approach using long-standing, well-tested functions

Flexibility: Graduated disclosure enables:

• Context-appropriate revelation: Disclose only what's necessary
• Progressive trust building: Reveal more as relationships develop
• Minimal disclosure principle: Default to least information sharing

Legal Enforceability: Contractual protections provide:

• Recourse mechanisms: Legal liability for confidentiality violations
• Downstream obligations: Confidentiality requirements that follow data
• Compliance support: Frameworks for regulatory requirements

Trade-offs

Complexity: Graduated disclosure mechanisms introduce:

• Implementation complexity: Multiple disclosure variants to support
• Protocol overhead: Additional message exchanges for progressive revelation
• State management: Tracking what has been disclosed to whom

Privacy Limitations: Prioritizing confidentiality means:

• Correlation risks: Disclosed attributes may enable statistical correlation
• Contextual linkability: Verifiers control presentation context
• Metadata exposure: Some information about participants may be observable

Performance Considerations: Strong confidentiality requires:

• Cryptographic operations: Encryption/decryption overhead
• Key management: Secure storage and handling of encryption keys
• Bandwidth: Encrypted data may be larger than plaintext

Integration with KERI Architecture

Confidentiality in KERI is not an isolated feature but deeply integrated with:

Key Event Logs (KELs): While KELs themselves are typically public (to enable ambient verifiability), they can:

• Anchor confidential data: Through seals (cryptographic digests)
• Prove control: Without revealing private keys
• Enable verification: Of confidential credentials without exposing content

Transaction Event Logs (TELs): Support confidential credential management through:

• Blinded revocation registries: Hidden state that only authorized parties can observe
• Salty nonce blinding: High-entropy values preventing rainbow table attacks
• Selective state disclosure: Revealing issuance/revocation status only to authorized verifiers

Witness Networks: Confidentiality is maintained even with public witnesses because:

• Witnesses see events, not content: KEL events contain commitments, not confidential data
• Seals protect content: Cryptographic digests reveal nothing about sealed data
• Verification is public, content is private: Anyone can verify KEL integrity without accessing confidential information

Relationship to Zero-Trust Architecture

KERI's confidentiality model aligns with zero-trust computing principles:

Never Trust, Always Verify: Confidentiality mechanisms assume:

• Network is hostile: All communications must be encrypted
• Endpoints are untrusted: Verification required at every interaction
• Continuous authentication: Confidentiality tied to verified identities

Minimal Privilege: Graduated disclosure implements:

• Least disclosure principle: Share only what's necessary
• Progressive authorization: Reveal more as trust is established
• Contextual access: Disclosure based on specific transaction needs

End-to-End Security: KERI's requirement for signed/encrypted data:

• Eliminates trust in intermediaries: Confidentiality maintained regardless of infrastructure
• Enables ambient verifiability: Anyone can verify without compromising confidentiality
• Supports portability: Confidential data can move between systems without re-encryption

Conclusion

Confidentiality in KERI represents a carefully architected balance between cryptographic protection, practical usability, and legal enforceability. By prioritizing authenticity first and building confidentiality on that foundation, KERI creates systems where confidential information can be shared with strong guarantees about both origin and protection. The graduated disclosure mechanisms in ACDCs, combined with contractual protections and end-to-end encryption, provide a comprehensive framework for confidential data exchange in decentralized identity systems.

The explicit acknowledgment of the PAC Theorem and the prioritization of authenticity over privacy reflects a pragmatic approach: meaningful confidentiality requires verifiable attribution, and privacy protections are most effective when built on a foundation of authentic, confidential communication. This design philosophy enables KERI to provide strong confidentiality guarantees while remaining honest about the inherent trade-offs in cryptographic identity systems.