A key-pair is a mathematically related pair of cryptographic keys consisting of a private key (kept secret by the controller) and its corresponding public key (shared publicly), generated through a one-way cryptographic function and used with asymmetric-key algorithms in Public Key Infrastructure (PKI) systems.
Related Concepts
No related concepts available
Comprehensive Explanation
key-pair
Technical Definition
A key-pair in KERI represents the fundamental cryptographic primitive consisting of two mathematically related keys: a private key (kept secret) and a public key (derived from and corresponding to the private key). This relationship is established through one-way cryptographic functions that ensure the public key can be derived from the private key, but the reverse computation is computationally infeasible.
Formal Properties
Asymmetric relationship: The key-pair enables asymmetric cryptography where operations performed with one key can only be reversed with the other
One-way derivation: Public key derivation from private key is efficient; private key derivation from public key is computationally infeasible
Cryptographic binding: The mathematical relationship creates a verifiable binding between the keys
Controller authority: Possession of the private key establishes control authority over the identifier
Purpose in KERI/ACDC
Key-pairs serve as the cryptographic root-of-trust in KERI's architecture:
Implementation Notes
Key Generation
Use cryptographically secure random number generators (CSPRNG) or true RNG for entropy
Minimum 128 bits of cryptographic strength required for KERI security model
Support multiple algorithms (Ed25519, ECDSA secp256k1, ECDSA secp256r1) with derivation codes
Implement hierarchical deterministic (HD) key derivation for related keys
Key Storage
Private keys: Never transmit over networks, encrypt at rest, use hardware isolation (HSM/TPM) for high-value keys
Public keys: Can be freely distributed, encode with CESR derivation codes
Pre-rotated keys: Store with higher security than current signing keys
Consider univalent (co-located) vs. multivalent (distributed) architecture based on security requirements
Key Rotation
Generate next key-pair before current key exposure
Use pre-rotation mechanism to commit to next keys via cryptographic digest
Implement one-time rotation keys for maximum security
Support partial rotation for custodial and delegation scenarios
Enable reserve rotation for long-term key management
Signature Operations
Sign all key events with current authoritative key-pair(s)
For multi-sig, attach indexed signatures indicating which key signed
Verify signatures using public key from current key state in KEL
Check threshold satisfaction for multi-sig scenarios
CESR Encoding
Always prepend derivation code to public keys
Use qualified representation for all cryptographic material
Support both text (Base64 URL-safe) and binary domains
Maintain composability across domain conversions
Security Considerations
Protect against key compromise through pre-rotation and rotation triggers
Use post-quantum resistant hash functions (Blake3, SHA3) for pre-rotation commitments
Implement key stretching (Argon2) for password-derived keys
Consider quantum computing timeline and rotation frequency
Performance
Cache public keys from frequently accessed KELs
Use hardware acceleration for signature operations
Batch sign multiple events when possible
Parallelize signature verification for multi-sig scenarios
Interoperability
Self-Certifying Identifiers: AIDs are derived from or cryptographically bound to key-pairs, making them self-certifying
Control Authority: The private key holder proves control over an AID through digital signatures
Key Rotation: KERI's pre-rotation mechanism depends on committing to future key-pairs
Event Signing: All key events in a KEL must be signed by the current authoritative key-pair
Witness Receipts: Witnesses use their own key-pairs to sign receipts of observed events
Cryptographic Properties
Underlying Algorithms
KERI supports multiple cryptographic algorithms for key-pair generation, with algorithm selection indicated by derivation codes in CESR encoding:
Ed25519 (EdDSA):
Curve: Twisted Edwards curve edwards25519
Private key size: 32 bytes (256 bits)
Public key size: 32 bytes (256 bits)
Signature size: 64 bytes (512 bits)
Security level: ~128 bits (quantum: ~64 bits)
Properties: Deterministic signatures, fast verification, small keys
ECDSA secp256k1:
Curve: Koblitz curve secp256k1 (used in Bitcoin)
Private key size: 32 bytes (256 bits)
Public key size: 33 bytes compressed, 65 bytes uncompressed
Signature size: Variable (typically 70-72 bytes DER encoded)
Security level: ~128 bits (quantum: ~64 bits)
Properties: Widely deployed, hardware support available
ECDSA secp256r1 (P-256):
Curve: NIST P-256 curve
Private key size: 32 bytes (256 bits)
Public key size: 33 bytes compressed, 65 bytes uncompressed
Security level: ~128 bits (quantum: ~64 bits)
Properties: NIST standardized, FIPS compliant
Security Properties
Collision Resistance: The one-way function used to derive public keys from private keys must be collision-resistant, meaning it's computationally infeasible to find two different private keys that produce the same public key.
Discrete Logarithm Problem: Security of elliptic curve key-pairs relies on the computational hardness of the discrete logarithm problem on the chosen curve.
Entropy Requirements: KERI requires at least 128 bits of cryptographic strength for key generation, typically achieved through cryptographically secure pseudo-random number generators (CSPRNGs) or true random number generators.
Post-Quantum Considerations: While individual key-pairs are vulnerable to quantum attacks (Shor's algorithm), KERI's pre-rotation mechanism provides post-quantum security by rotating keys before quantum computers can break them. The pre-rotated key commitment uses cryptographic digests (hash functions) which remain quantum-resistant.
Key Generation Process
The typical key-pair generation workflow in KERI:
Entropy Collection: Generate high-entropy random seed (bran/salt)
Private Key Derivation: Apply key derivation function to seed
Public Key Derivation: Apply elliptic curve point multiplication to private key
Algorithm identification: Specifies which cryptographic algorithm to use
Length indication: Determines how many characters/bytes to parse
Qualified Representation
All cryptographic material in KERI appears in fully qualified representation, meaning the derivation code is always prepended. This makes primitives self-describing and enables:
Cryptographic agility: Multiple algorithms can coexist
Stream parsing: Primitives can be parsed without external context
Composability: Text and binary representations are interchangeable