The concept of cryptographic strength evolved alongside modern cryptography, particularly following the development of public-key cryptography in the 1970s. Early systems like DES (Data Encryption Standard) with 56-bit keys demonstrated that key length directly impacts security, as DES became vulnerable to brute-force attacks as computing power increased.

The cryptographic community established 128 bits as the practical minimum for long-term security in the post-quantum era. This standard emerged from:

1. Grover's Algorithm Analysis: Quantum computers can theoretically reduce symmetric key search space by half (128-bit security requires 2^64 quantum operations)
2. Birthday Attack Considerations: Hash functions require double the bit length of desired security (256-bit hashes for 128-bit security)
3. Long-term Security Requirements: Protecting data that must remain secure for decades

Traditional implementations relied on algorithms like:

• RSA with 2048-bit keys (approximately 112 bits of security)
• SHA-256 providing 128 bits of collision resistance
• AES-128 for symmetric encryption

However, the advent of quantum computing threatens asymmetric algorithms based on factorization (RSA) and discrete logarithm problems (Elliptic Curve), while hash functions and symmetric encryption maintain their security properties.

KERI's Approach

KERI establishes 128 bits of cryptographic strength as the minimum standard across its entire protocol stack, with explicit requirements for quantum-resistant security.

Hash Function Selection

KERI mandates hash functions that maintain post-quantum security:

• Blake3-256 (primary recommendation)
• Blake2-256
• SHA3-256
• SHA2-512

These functions provide at least 128 bits of collision resistance and remain secure against quantum attacks because Grover's algorithm only provides quadratic speedup for hash collision searches, not the exponential speedup available for factorization.

Self-Certifying Identifier Derivation

KERI's autonomic identifiers (AIDs) derive their cryptographic strength from:

1. Seed Generation: Random or pseudo-random seeds with minimum 128 bits of entropy
2. Key Derivation: One-way functions producing private keys from seeds
3. Public Key Derivation: Cryptographically strong derivation from private keys
4. Identifier Derivation: Content-addressable identifiers using qualified hash functions

The derivation code prepended to identifiers specifies which cryptographic algorithm was used, enabling cryptographic agility while maintaining verifiable strength.

Pre-Rotation Security

KERI's pre-rotation mechanism provides post-quantum security through cryptographic hiding:

• Pre-rotated keys are committed via hash digests in establishment events
• The hash commitment provides 128+ bits of security
• Even quantum computers cannot efficiently reverse hash functions to discover pre-rotated keys
• Compromise of current signing keys cannot compromise future rotation authority

This represents a fundamental security improvement over traditional PKI, where rotation authority typically resides in currently exposed keys.

CESR Encoding and Cryptographic Agility

CESR (Composable Event Streaming Representation) enables cryptographic agility while maintaining strength guarantees:

• Derivation codes indicate the cryptographic algorithm used
• Qualified primitives include algorithm specification in the encoding
• Version management allows upgrading to stronger algorithms as needed
• Backward compatibility maintains security during transitions

The CESR specification explicitly requires that all cryptographic primitives maintain minimum strength thresholds, with clear upgrade paths as quantum computing advances.

Witness and Watcher Infrastructure

KERI's distributed consensus mechanisms maintain cryptographic strength through:

• Threshold signatures requiring multiple independent key operations
• Witness receipts providing cryptographically signed confirmations
• KAACE (KERI Agreement Algorithm for Control Establishment) ensuring Byzantine fault tolerance
• Duplicity detection through cryptographically verifiable event logs

The threshold of accountable duplicity (TOAD) ensures that even if some witnesses are compromised, the system maintains overall security through redundancy and cryptographic verification.

Practical Implications

Key Generation Requirements

Implementers must ensure:

• CSPRNG (Cryptographically Secure Pseudorandom Number Generator) for seed generation
• Minimum 128 bits of entropy for all seeds and salts
• Proper entropy sources (hardware RNGs preferred over software PRNGs)
• Protection of seed material with highest security measures

The vLEI ecosystem governance framework explicitly requires "approximately 128 bits of cryptographic strength" for all key generation operations, with specific approved algorithms (Ed25519, ECDSA-secp256k1).

Hash Function Selection

When implementing KERI systems:

• Use Blake3-256 for performance-critical applications (fastest option)
• Use SHA3-256 for regulatory compliance requirements
• Avoid SHA-1 and MD5 (cryptographically broken)
• Ensure hash outputs are at least 256 bits for 128-bit security

Quantum Resistance Considerations

KERI's approach provides quantum resistance through:

1. Hash-based commitments that remain secure post-quantum
2. Pre-rotation hiding that quantum computers cannot efficiently break
3. Upgrade paths to post-quantum signature schemes (e.g., SPHINCS+, Dilithium)
4. Cryptographic agility enabling algorithm transitions without identifier changes

This contrasts with blockchain-based DIDs that expose public keys on ledgers, making them vulnerable to "harvest now, decrypt later" quantum attacks.

Performance Trade-offs

Cryptographic strength impacts system performance:

• Blake3 provides high security with exceptional speed through parallelization
• Ed25519 signatures are faster than RSA while providing equivalent security
• Threshold signatures increase security but require coordination overhead
• Key derivation functions with high iteration counts improve security but slow key generation

KERI's design philosophy emphasizes "minimally sufficient means" - using the simplest cryptographic primitives that meet security requirements, avoiding unnecessary complexity that could introduce vulnerabilities.

Governance and Compliance

The vLEI ecosystem demonstrates practical cryptographic strength requirements:

• GLEIF Root AID requires highest protection levels for pre-rotated keys
• QVI (Qualified vLEI Issuer) multi-sig requires minimum 3 signers with 2-of-3 threshold
• Witness pools require minimum 5 witnesses with KAACE sufficient majority
• Key storage must use TEE (Trusted Execution Environment) or equivalent protection

These requirements translate abstract cryptographic strength into concrete operational security measures.

Long-term Security

Cryptographic strength considerations for persistent identifiers:

• 128-bit minimum provides security for decades even with quantum computing
• Algorithm agility enables upgrading without changing identifiers
• Pre-rotation protects future control authority from current key compromise
• Event logs provide cryptographically verifiable history of all key operations

KERI's architecture ensures that identifiers created today can maintain security guarantees as cryptographic standards evolve, avoiding the "cryptographic debt" that plagues systems locked to specific algorithms.