Loading vLEI.wiki
Fetching knowledge base...
Fetching knowledge base...
This comprehensive explanation has been generated from 191 GitHub source documents. All source documents are searchable here.
Last updated: October 7, 2025
This content is meant to be consumed by AI agents via MCP. Click here to get the MCP configuration.
Note: In rare cases it may contain LLM hallucinations.
For authoritative documentation, please consult the official GLEIF vLEI trainings and the ToIP Glossary.
In CESR (Composable Event Streaming Representation), a domain refers to one of three representation formats for cryptographic primitives: Raw (R) - unencoded binary, Text (T) - Base64 URL-safe encoding, or Binary (B) - compact binary encoding, enabling composable conversion between human-readable and efficient machine formats.
A domain in CESR represents one of three distinct encoding formats for cryptographic primitives:
(code, raw) where code is the text derivation code and raw is the actual binary value[A-Z, a-z, 0-9, -, _], providing human-readable representation suitable for debugging, logging, and text-based protocolsThe key innovation is that CESR primitives can be converted between domains without loss of information, maintaining perfect round-trip fidelity through the composability property.
Domains are fundamental to CESR's architecture, which serves as the encoding layer for all KERI protocol messages, ACDC credentials, and cryptographic material. The three-domain model solves a critical challenge: providing both human-readable representations (for development, debugging, and transparency) and compact binary representations (for production efficiency) without forcing a choice between them.
Text Domain Usage: During development, testing, and auditing, KERI events and ACDC credentials can be represented in the Text domain, making them readable and debuggable. The Base64 URL-safe encoding ensures compatibility with web protocols, JSON serialization, and text-based tooling.
Binary Domain Usage: In production environments requiring high throughput, the same primitives convert to the Binary domain for compact transmission over networks or efficient storage. This is critical for witness networks, watcher infrastructure, and high-volume credential issuance scenarios.
Raw Domain Usage: Cryptographic operations (signing, hashing, key derivation) occur in the Raw domain using the actual binary values. The separation of the derivation code from the raw material enables clean integration with cryptographic libraries.
24-Bit Alignment: All CESR primitives must align on 24-bit boundaries (LCM of 6-bit Base64 and 8-bit bytes). Text domain primitives are multiples of 4 characters; Binary domain primitives are multiples of 3 bytes.
Pre-Padding Strategy: CESR uses leading pad bytes (not trailing = characters) to achieve alignment. The pad size ps = (3 - (N mod 3)) mod 3 where N is raw binary length. This enables the derivation code to replace pad characters in the Text domain representation.
Derivation Code Consistency: The derivation code (type indicator) remains semantically consistent across domains but has different representations: 1-4 characters in Text domain, 1-2 bytes in Binary domain.
Stream Processing: Parsers must handle domain-specific framing. Text domain uses character-based parsing with Base64 decoding; Binary domain uses byte-based parsing with direct binary interpretation.
Performance Considerations: Binary domain is ~25% more compact than Text domain due to Base64 overhead. Choose Text domain for debugging/transparency, Binary domain for production bandwidth efficiency.
Cryptographic Operations: Always perform cryptographic operations (signing, hashing, verification) in the Raw domain using the actual binary values, not the encoded representations.
Composability Across Domains: CESR's defining property is that concatenated primitives can be converted en masse between Text and Binary domains while maintaining separability. This means a stream of mixed primitive types (keys, signatures, digests) can be converted from Text to Binary for transmission, then back to Text for processing, without any loss of structure or information. This composability is achieved through careful alignment on 24-bit boundaries (the least common multiple of Base64's 6-bit encoding and byte's 8-bit structure).
KERI Protocol Integration: Key Event Logs (KELs), Key Event Receipt Logs (KERLs), and Transaction Event Logs (TELs) all use CESR encoding. The domain flexibility means the same KEL can be stored in Text domain for archival transparency, transmitted in Binary domain for efficiency, and processed using Raw domain cryptographic material—all while maintaining cryptographic integrity.
ACDC Credential Encoding: ACDC credentials leverage domain flexibility for graduated disclosure patterns. Compact disclosure uses SAIDs (which are CESR primitives) in Text domain for readability, while full credential presentations may use Binary domain for bandwidth efficiency in high-volume verification scenarios.