Loading vLEI.wiki
Fetching knowledge base...
Fetching knowledge base...
This comprehensive explanation has been generated from 13 GitHub source documents. All source documents are searchable here.
Last updated: October 7, 2025
This content is meant to be consumed by AI agents via MCP. Click here to get the MCP configuration.
Note: In rare cases it may contain LLM hallucinations.
For authoritative documentation, please consult the official GLEIF vLEI trainings and the ToIP Glossary.
A cryptographic protocol pattern using Public Key Infrastructure (PKI) where the sender encrypts a message and then signs the ciphertext, enabling the receiver to verify authenticity before decryption, thereby providing both confidentiality and authenticity guarantees.
Encrypt-Sender-Sign-Receiver (ESSR) is an authenticated encryption approach that combines PKI encryption and digital signatures to provide dual security properties: authenticity (cryptographic proof of sender identity) and confidentiality (protection of message content from unauthorized access). In this pattern, the sender first encrypts the message using the receiver's public key, then signs the resulting ciphertext with their own private key. The receiver verifies the signature before decrypting, ensuring both who sent the message and that its contents remain private.
ESSR addresses the PAC Theorem trade-offs identified in the SPAC framework, which states that systems can achieve any two of Privacy, Authenticity, and Confidentiality at the highest level, but not all three simultaneously. ESSR specifically optimizes for authenticity and confidentiality, accepting certain privacy trade-offs.
Within KERI and ACDC ecosystems, ESSR provides critical security for:
ESSR is a protocol pattern rather than a specific implementation. The canonical KERI/GLEIF glossary defines it conceptually as an authenticated encryption approach covering both authenticity and confidentiality.
For concrete implementations, refer to the SPAC framework documentation, which specifies:
The pattern is particularly important in scenarios where key-compromise impersonation is a threat - even if an attacker compromises the sender's signing key, they cannot decrypt past messages because encryption uses ephemeral keys.
In KERI implementations, ESSR may be used in:
The ESSR pattern implements SUF-CMA (Strong UnForgeability under Chosen Message Attack) for authenticity through Ed25519 signatures and IND-CCA2 (Indistinguishability under Adaptive Chosen Ciphertext Attack) for confidentiality through ECIES/HPKE or libsodium sealed boxes. This combination protects against key-compromise impersonation attacks where an attacker who compromises the sender's signing key cannot retroactively decrypt past messages.
ESSR is particularly relevant in KERI's security model because it maintains end-to-end cryptographic integrity across the entire message lifecycle. The receiver can verify the sender's identity through non-repudiable signatures before accessing potentially malicious content, while the encryption ensures that even network intermediaries cannot read sensitive credential data.
The pattern supports KERI's broader goal of providing ambient verifiability - the ability for any party to verify authenticity without requiring interactive challenge-response protocols. By signing the ciphertext rather than plaintext, ESSR ensures that signature verification can occur before decryption, enabling early rejection of invalid or untrusted messages.