Loading vLEI.wiki
Fetching knowledge base...
Fetching knowledge base...
This comprehensive explanation has been generated from 106 GitHub source documents. All source documents are searchable here.
Last updated: October 7, 2025
This content is meant to be consumed by AI agents via MCP. Click here to get the MCP configuration.
Note: In rare cases it may contain LLM hallucinations.
For authoritative documentation, please consult the official GLEIF vLEI trainings and the ToIP Glossary.
Unpredictable information measured in bits that serves as a secret or input to key generation algorithms, providing the cryptographic strength necessary for secure identifier creation and key management in KERI systems.
Entropy represents unpredictable information that forms the foundation of cryptographic security in KERI. Measured in bits, entropy quantifies the degree of unpredictability in a message or data source. In KERI's context, entropy serves two primary purposes: as a secret value in cryptographic operations and as input to key generation algorithms that create autonomic identifiers (AIDs).
The strength or degree of randomness in entropy directly determines how difficult it would be for an adversary to reproduce the same large random number through brute force attacks. This property is fundamental to KERI's security model, where high-entropy seeds generate cryptographically secure key pairs for self-certifying identifiers.
KERI establishes 128 bits of entropy as the minimum cryptographic strength standard. This threshold provides approximately 2^128 possible values, which would require 1 million supercomputers performing 1 quadrillion trials per second taking 8,589,934,592 years to brute force—effectively making attacks computationally infeasible.
Entropy is the foundational element in KERI's primary root-of-trust. The characteristic that makes a root-of-trust "primary" is its direct one-to-one relationship with the entropy used for creating the seed of private keys. This entropy-to-key relationship establishes the cryptographic foundation that enables:
Minimum Standard: KERI mandates 128 bits of entropy as the baseline cryptographic strength for all security-critical operations. This provides 2^128 possible values, making brute force attacks computationally infeasible.
Sources of Entropy:
/dev/urandom (Unix/Linux) or CryptGenRandom (Windows) provide system-level entropyKey Derivation: Entropy flows through the key generation pipeline:
Privacy Considerations: In ACDC credentials, the UUID field must contain sufficient entropy to prevent rainbow table attacks. The high-entropy pseudorandom string acts as a "salty nonce" that blinds credential contents from pre-computation attacks.
Post-Quantum Security: KERI's pre-rotation mechanism combined with 128-bit entropy provides quantum resistance. As quantum computing advances, entropy requirements can be increased (256+ bits) and rotation intervals shortened to maintain security margins.
Validation: Implementations should verify entropy quality through statistical tests (NIST SP 800-22) and ensure entropy sources are not compromised or predictable.
In the ACDC specification, entropy plays a critical role in the UUID field (u), which contains a high-entropy pseudorandom string serving as a "salty nonce" to blind ACDC contents from rainbow table attacks. This privacy-preserving mechanism requires sufficient entropy to prevent pre-computation attacks.
The GLEIF governance framework mandates that all AIDs in the vLEI ecosystem must be generated from random number seeds with at least 128 bits of cryptographic security, ensuring adequate entropy for the trust chains that depend on these identifiers.