Historical Context

The concept of data integrity has evolved significantly across computing history:

Traditional Database Systems: Integrity constraints (referential integrity, entity integrity) focused on maintaining consistency within relational databases through rules and transactions.

Cryptographic Hash Functions: The development of collision-resistant hash functions (MD5, SHA family, Blake3) provided mathematical tools for detecting data tampering, establishing the foundation for cryptographic integrity verification.

Certificate Transparency: Google's Certificate Transparency project demonstrated how append-only logs with cryptographic commitments could provide verifiable integrity for certificate issuance, influencing KERI's design.

Blockchain Systems: Distributed ledgers popularized the concept of tamper-evident data structures through hash chaining, though KERI achieves similar properties without requiring global consensus.

The evolution toward cryptographically verifiable integrity represents a shift from trust-based systems (where integrity depends on trusted administrators) to mathematically provable systems (where integrity can be independently verified by any party).

KERI's Approach

Self-Verifying Integrity in ACDCs

KERI implements integrity through Authentic Chained Data Containers (ACDCs), where integrity is "self-verifying" through the SAID (Self-Addressing Identifier) mechanism. A SAID is simultaneously:

• The cryptographic hash of the data
• Embedded within the data itself

This creates an intrinsic verification property: any modification to the data invalidates the SAID, making tampering immediately evident. The SAID contained within the data is also the hash of the data itself, creating an unbreakable cryptographic binding between the identifier and the content it represents.

Integrity in CESR Streaming

For streaming data, KERI's CESR (Composable Event Streaming Representation) protocol establishes integrity through:

Code Tables: Define primitive types and their encodings, ensuring consistent interpretation

Round-Robin Composability: The ability to convert between text and binary representations without loss. As the specification states: "If you can toggle between the text - and binary representation, then that's the integrity proof, if not, then it's provably lacking integrity."

This transformation capability itself serves as an integrity proof—successful conversion demonstrates that the data structure maintains its integrity across domain transformations.

Internal vs. External Consistency

KERI distinguishes between two types of consistency that together establish integrity:

Internal Consistency: Within a single Key Event Log (KEL), events must:

• Form valid hash chains (each event references the previous event's digest)
• Contain valid signatures from current controlling keys
• Follow KERI protocol rules for event structure

Internal inconsistency makes a KEL unverifiable—it fails basic cryptographic checks.

External Consistency (Duplicity Detection): Across multiple copies of a KEL, consistency means:

• All copies present the same event history
• No conflicting versions exist
• The "first-seen" rule is respected

External inconsistency (duplicity) occurs when multiple verifiable but conflicting versions of a KEL exist. KERI's duplicity detection mechanisms make such inconsistencies evident and attributable.

Complementary Integrity Verification

KERI implements complementary integrity verification—a mechanism that can verify integrity independently without requiring access to previous versions of the information for comparison. This is achieved through the use of public keys from data controllers.

For example, once a KEL has been verified back to its root-of-trust at a specific date and time, that verified portion (tail) can be safely discarded. Future verifications do not need to re-verify this historical chain, as the cryptographic integrity has already been established. This enables efficient storage and processing while maintaining security guarantees.

Non-Repudiation as Side Benefit

While not inherent to the definition of integrity itself, KERI's integrity implementation produces non-repudiation as a side benefit. Crypto-hash verification using the signer's public key ensures that:

• The signer cannot deny having signed the data
• Any tampering is immediately detectable
• Attribution is cryptographically provable

This property emerges from the integrity mechanisms but represents a distinct security guarantee.

Validation vs. Verification

KERI makes a critical distinction between verification and validation:

Verification: Cryptographic checking of signatures, digests, and structural integrity—this establishes integrity

Validation: Assessment of previously verified data in context, applying business logic and trust policies—this approaches veracity judgment

As the specification notes: "Validation in relation to integrity, in KERI's view would be an assessment of what's been verified before; in a certain context from a certain angle. And this mechanism is too close to veracity judgement, to be an objective verdict over integrity of data."

By keeping integrity focused on cryptographic verifiability, KERI provides objective, automatable integrity guarantees without requiring subjective judgments about information quality or truthfulness.

Practical Implications

Use Cases

Verifiable Credentials: ACDCs use SAIDs to ensure credential integrity from issuance through presentation. Any modification to credential attributes invalidates the SAID, making tampering evident.

Supply Chain Tracking: Data provenance chains maintain integrity through cryptographic commitments at each transformation step, enabling end-to-end verification without trusted intermediaries.

Legal Documents: Ricardian contracts embedded in ACDCs maintain integrity through SAID binding, ensuring contract terms cannot be altered without detection.

Key Event Logs: KELs maintain integrity through hash chaining and signature verification, enabling validators to independently verify the complete history of identifier control.

Benefits

Independent Verification: Any party can verify data integrity without requiring access to trusted third parties or centralized infrastructure.

Tamper Evidence: Cryptographic binding makes any modification immediately detectable, providing strong security guarantees.

Efficient Processing: Complementary integrity verification enables efficient validation by avoiding redundant re-verification of previously validated data.

Interoperability: CESR's composability property ensures integrity is maintained across different serialization formats and transport mechanisms.

Auditability: Integrity mechanisms create verifiable audit trails for data transformations and custody transfers.

Trade-offs

Narrow Scope: KERI's integrity definition deliberately excludes semantic correctness, meaning integrity verification does not establish truth or accuracy of content.

Cryptographic Dependency: Integrity guarantees depend on the strength of underlying cryptographic primitives. Advances in cryptanalysis or quantum computing could potentially weaken these guarantees.

Complexity: Implementing proper integrity verification requires understanding of cryptographic protocols, hash functions, and signature schemes.

Storage Requirements: Maintaining verifiable integrity often requires storing additional cryptographic material (signatures, digests, receipts), increasing storage overhead.

Performance Considerations: Cryptographic operations for integrity verification introduce computational overhead, though KERI's design minimizes this through efficient primitives and caching strategies.

Integration with Trust Frameworks

While KERI provides cryptographic integrity, establishing veracity (truthfulness) requires additional layers:

Governance Frameworks: Organizations define policies for what constitutes valid and trustworthy credentials

Reputation Systems: Track issuer behavior over time to establish trust in their attestations

Verification Procedures: Business logic determines whether cryptographically valid credentials meet specific use case requirements

Legal Frameworks: Contracts and regulations establish accountability for false attestations

KERI's integrity mechanisms provide the foundation upon which these higher-level trust systems can be built, but they do not replace the need for governance and policy frameworks to establish veracity and trust.

Error Handling

Integrity Failures: When integrity verification fails:

• Reject the data immediately
• Log the failure with sufficient detail for debugging
• Do not attempt to use or process unverified data
• Report duplicity evidence when applicable

Graceful Degradation: In systems with mixed integrity requirements:

• Clearly distinguish verified from unverified data
• Apply appropriate trust policies based on verification status
• Provide clear error messages indicating integrity failure reasons