Critically, these operations affect the authentication factors and their relation to the identifier, which forms the core security model. The ordering of control authority operations and their dependencies on previous operations is crucial—the record of these operations serves as the source of truth for the identity system.

Historical Context

Traditional identity systems rely on administrative trust bases where control authority is established through trusted third parties like Certificate Authorities (CAs). In these systems:

• Control is delegated to external administrators
• Trust depends on organizational processes and human oversight
• The binding between identifiers and keys is maintained in external databases
• Key rotation often requires coordination with centralized authorities

Blockchain-based systems introduced algorithmic trust bases where control authority is established through distributed consensus mechanisms. However, these systems:

• Lock identifiers to specific ledger infrastructures
• Require global consensus for control operations
• Impose performance and cost constraints
• Still depend on shared governance of consensus nodes

Both approaches suffer from fundamental limitations: administrative systems have single points of failure and security vulnerabilities, while algorithmic systems sacrifice portability and scalability.

KERI's Approach

KERI introduces an autonomic trust basis where control authority is established purely through cryptographic means, without requiring external administrators or distributed consensus. This represents a paradigm shift in how control is proven and maintained.

Cryptographic Root-of-Trust

In KERI, control authority derives from possession of private keys associated with self-certifying identifiers (SCIDs). The identifier itself is cryptographically derived from the public key, creating an unbreakable binding:

• Self-contained verification: Anyone can verify control by checking signatures against the identifier-embedded public key
• No external dependencies: No certificate authorities or registries required
• End-verifiable: Complete verification chain from current state back to inception
• Duplicity evident: Any attempt to create conflicting control statements is cryptographically detectable

Split Control Authority

A critical innovation in KERI is the separation of control authority into two distinct capabilities:

1. Signing Authority: The right to sign non-establishment events and routine operations
2. Rotation Authority: The exclusive right to rotate keys and change the authoritative key set

This split is implemented through KERI's pre-rotation mechanism, where each establishment event includes a cryptographic commitment (digest) to the next set of rotation keys. The current keys can sign operational events, but only the pre-committed keys can authorize the next rotation.

This architecture enables sophisticated delegation patterns:

• Custodial rotation: A custodial agent can hold signing authority while the original controller retains rotation authority
• Revocable delegation: Controllers can "fire" custodians by rotating keys without requiring custodian cooperation
• Hierarchical structures: Delegated identifiers create trees of control authority with recovery mechanisms

Key Event Logs as Authority Record

Control authority in KERI is established and proven through the Key Event Log (KEL), an append-only, cryptographically chained data structure that records all control operations:

• Inception event: Establishes initial control authority and commits to first rotation keys
• Rotation events: Transfer control to new keys while maintaining verifiable continuity
• Interaction events: Exercise control authority without changing key state
• Delegation events: Extend control authority to subordinate identifiers

The KEL serves as the authoritative source of truth for control authority. Any validator can independently verify the current controlling keys by processing the KEL from inception to present, without trusting intermediaries.

2022 Protocol Evolution

A significant protocol change occurred in the 2022 implementation of KERIpy regarding control authority transfer:

Previous Implementation: Two rotation events were required to change control authority—one to rotate to an intermediate key set, then another to the final desired keys.

Current Implementation: Only one rotation is needed to change control authority. The new rotation rules allow rotation to keys that aren't in the prior next key digests, as long as appropriate thresholds are met:

• prior-next-threshold: The threshold for pre-rotated keys from the previous establishment event
• current-signing-threshold: The threshold for currently active signing keys

This change became the forcing function to require dual indexed codes in CESR, demonstrating how protocol refinements drive corresponding changes in serialization mechanisms.

Witness-Based Validation

KERI's control authority model is strengthened by witnesses—designated entities that observe and receipt key events:

• Promulgation consensus: Witnesses provide availability and consistency guarantees
• KAACE algorithm: Ensures witnesses reach agreement on event ordering
• Threshold of Accountable Duplicity (TOAD): Defines minimum witness confirmations for accountability
• Ambient duplicity detection: Any conflicting versions of the KEL become evident across the witness network

Witnesses do not control the identifier—they merely observe and attest to events. Control authority remains exclusively with the entity possessing the private keys.

Practical Implications

Use Cases

Enterprise Identity Management: Organizations can maintain control authority over corporate identifiers while delegating signing authority to departments or systems. If a system is compromised, rotation authority enables recovery without requiring cooperation from the compromised system.

Custodial Services: Service providers can offer managed identity services (holding signing authority) while users retain ultimate control through rotation authority. This enables user-friendly services without sacrificing self-sovereignty.

IoT Device Management: Devices can be issued delegated identifiers with limited signing authority. If a device is compromised, the delegating authority can revoke control without requiring physical access to the device.

Credential Issuance: ACDC credentials are issued by controllers with established authority. The Transaction Event Log (TEL) tracks credential lifecycle events, anchored to the issuer's KEL to prove control authority at issuance time.

Benefits

Portability: Control authority is not locked to any specific infrastructure. Identifiers can be moved between witness pools, ledgers, or other backing systems through rotation events.

Recovery: The pre-rotation mechanism provides built-in recovery from key compromise. Even if current signing keys are stolen, the attacker cannot capture rotation authority if pre-rotated keys remain secure.

Scalability: No global consensus required for control operations. Each identifier maintains its own KEL, enabling horizontal scaling without coordination overhead.

Verifiability: Any party can independently verify control authority by processing the KEL. No trust in intermediaries or infrastructure providers is required.

Flexibility: The split between signing and rotation authority enables sophisticated delegation patterns while maintaining security guarantees.

Trade-offs

Key Management Complexity: Controllers must securely manage multiple key sets (current signing keys and pre-rotated keys). Loss of pre-rotated keys can prevent future rotations.

Witness Coordination: While witnesses don't control identifiers, they provide availability guarantees. Controllers must maintain relationships with witness pools and monitor for duplicity.

Event Ordering: The KEL provides ordering within a single identifier's history but not global ordering across identifiers. Applications requiring cross-identifier ordering must implement additional mechanisms.

Recovery Limitations: If both current and pre-rotated keys are compromised simultaneously, recovery is not possible. This emphasizes the importance of secure key storage and separation of key sets.

Threshold Configuration: Multi-signature configurations require careful threshold design. Incorrect thresholds can either create security vulnerabilities (too low) or operational failures (too high).

Summary

Control authority in KERI represents a fundamental rethinking of how identity control is established and maintained. By grounding authority in cryptographic proofs rather than administrative processes or algorithmic consensus, KERI achieves a unique combination of security, portability, and scalability. The split between signing and rotation authority, combined with the verifiable KEL structure, enables sophisticated real-world use cases while maintaining the protocol's core security guarantees. The 2022 protocol evolution demonstrates KERI's continued refinement toward more efficient control authority management without compromising security properties.