Pathing is a KERI/CESR mechanism using SAD (Self-Addressing Data) path language to specify cryptographic signatures on specific portions of nested data structures, enabling granular signing of embedded credentials and message forwarding while maintaining signature transposability across envelope boundaries.
Related Concepts
No related concepts available
Comprehensive Explanation
pathing
Process Definition
Pathing is a cryptographic addressing mechanism within the KERI protocol ecosystem that enables precise specification of which portions of a Self-Addressing Data (SAD) structure are being cryptographically signed. The process uses a specialized SAD Path Language designed for CESR (Composable Event Streaming Representation) compatibility to create compact, Base64-safe path expressions that identify specific fields, nested structures, or array elements within complex data hierarchies.
What It Accomplishes
Pathing accomplishes three critical objectives:
Granular Signature Scope: Enables signing specific portions of credentials rather than entire documents, supporting use cases where multiple signers each commit to different sections of a data structure
Nested Content Addressing: Provides unambiguous references to data elements within deeply nested structures, particularly ACDC (Authentic Chained Data Container) credentials embedded within other ACDCs
Signature Transposability: Allows signature attachments to be moved across envelope boundaries by updating path references, maintaining cryptographic integrity when SADs are embedded in different contexts
When It's Used
Despite its original design intent for credential signing, pathing's primary current use case is forwarding embedded messages in KERI protocol operations. According to Philip Feairheller (KERI developer, July 2023), pathing has "never been used for credentials" in production systems. Instead, it enables:
Implementation Notes
Critical Implementation Guidance
Path Resolution Implementation
Deterministic Field Ordering: KERI and ACDC mandate alphabetical field ordering in map structures. Implementations MUST maintain this ordering to ensure integer-based path indices are stable across serializations. Use ordered dictionaries or sorted maps in your implementation language.
Path Parser Requirements:
Validate path syntax before resolution (must start with -, use only Base64-safe characters)
Handle both field label and integer index components
Detect and reject ambiguous paths
Implement bounds checking for array indices
Return clear error messages for invalid paths
Content Extraction:
Preserve original serialization format during extraction
Use canonical serialization for signing (no whitespace variations)
Cache parsed SAD structures for performance
Implement lazy evaluation for large nested structures
Signature Generation
Hash Algorithm Selection: KERI typically uses Blake3-256 for performance and security. Implementations should:
Support Blake3-256 as primary algorithm
Allow algorithm selection via CESR derivation codes
Verify signing key is in current key state of signer's AID
Check key was authoritative at signature timestamp
Support threshold signatures for multi-sig AIDs
Implement key rotation awareness (signatures may become invalid after rotation)
CESR Encoding:
Use appropriate CESR derivation codes for signature algorithm
Ensure signature primitives align on 24-bit boundaries
Support both text and binary domain encoding
Implement composability for concatenated signatures
Verification Implementation
Verification Order (critical for security):
Verify signer's KEL integrity and non-duplicity
Verify signing key was authoritative at signature time
Resolve path and extract content
Recompute digest of extracted content
Message forwarding: Routing KERI messages through intermediary agents or controllers while preserving verifiable signatures on specific message components
Embedded message handling: Processing messages contained within other messages (e.g., exn exchange messages, rpy reply messages, exp exposition events)
Selective component verification: Verifying signatures on message substructures without requiring access to or verification of the entire message envelope
Key Participants
The pathing process involves:
Signer: Entity creating cryptographic signatures on specific SAD portions identified by paths
Path Specifier: Component generating SAD path expressions that identify signature scope
Verifier: Entity validating signatures by resolving paths to extract the signed content
Message Forwarder: Intermediary that may transpose signature attachments by updating path references when embedding SADs in new envelopes
Design Philosophy Note
A critical architectural principle in KERI: credentials themselves are not directly signed. The KERI approach verifies ACDC credentials through their cryptographic binding to the issuer's Key Event Log (KEL) rather than through traditional direct signatures on credential documents. Authenticity derives from the verifiable chain of key events in the KEL, not from signing credential content directly. This explains why pathing, despite being designed for credential signing, is not used for that purpose in practice.
Process Flow
Step 1: Path Expression Construction
The process begins with constructing a SAD Path Language expression that identifies the target content within a SAD structure. The path language uses these rules:
Syntax Components:
Root indicator: Single - character represents the entire SAD
Path separator: - character delimits path components
Field labels: Base64-safe strings identifying map fields
Integer indices: Numeric values indexing into arrays or map field positions
Context-dependent interpretation: Integers reference array elements or map fields based on context
Path Construction Rules:
All paths begin with root - indicator
First component after root is always a map field (in ACDC/KERI contexts)
Subsequent components navigate nested structures
Integer indices can reference array positions or map field ordinal positions
No wildcards or pattern matching - paths must be fully specified
Example Path Expressions:
- # Root (entire SAD)
-a-personal # Nested personal information map
-4-5 # Same location using field indices
-a-personal-legalName # Specific field value
-p-1 # Second element in credential chain array
-a-LEI # Legal Entity Identifier field
Step 2: Content Extraction
Once the path is specified, the signing process extracts the referenced content:
Parse the SAD structure: Deserialize the SAD from its serialization format (JSON, CBOR, or MessagePack)
Traverse the path: Navigate through the data structure following each path component
Extract target content: Retrieve the value at the path terminus
Serialize for signing: Convert the extracted content to canonical serialization form
Critical Constraint: KERI and ACDC require deterministic field ordering in map structures. This enables integer-based indexing where field positions are predictable and stable across serializations.
Step 3: Signature Generation
The extracted content undergoes cryptographic signing:
Digest computation: Generate cryptographic digest of the serialized content using the specified hash algorithm (typically Blake3-256 in KERI)
Signature creation: Apply the signing key to produce a digital signature over the digest
CESR encoding: Encode the signature as a CESR primitive with appropriate derivation code indicating signature algorithm
Path attachment: Associate the path expression with the signature in the CESR proof structure
KERIpy: Python reference implementation includes pathing support
keride: Rust library with pathing capabilities
KERIox: Rust implementation with CESR support
cesrox: Extracted CESR logic including path handling
Performance Optimization:
Path resolution is O(n) in path depth
Cache parsed SAD structures for repeated operations
Use integer indices for performance-critical paths
Batch signature verifications when possible
Current Status and Future Direction
As of 2023, pathing remains a specified but underutilized feature in the KERI ecosystem. Its primary value is in message forwarding infrastructure rather than its original credential signing design intent. The KERI community's architectural decision to verify credentials through KEL binding rather than direct signatures has made the credential use cases less relevant.
Future developments may expand pathing usage if:
New use cases emerge requiring granular content signing
Cross-protocol integrations need selective signature verification
Regulatory requirements mandate specific signing granularity
However, the fundamental KERI principle remains: authenticity derives from verifiable key event logs, not from signing data directly. Pathing serves as a supporting mechanism for message handling, not as a primary authentication method.
Verify signature cryptographically
Check authorization policies
Performance Optimization:
Cache verified KEL states (with expiration)
Cache parsed SAD structures
Batch signature verifications when possible
Use parallel verification for multiple signatures
Implement path resolution caching
Error Handling:
Distinguish between cryptographic failures and path resolution failures
Log all verification failures with context
Implement graceful degradation (verify what can be verified)
Provide detailed error messages for debugging
Transposition Implementation
Path Update Algorithm:
function transpose_path(original_path, embedding_path):
# Remove root '-' from original path
original_components = original_path[1:].split('-')
# Remove root '-' from embedding path
embedding_components = embedding_path[1:].split('-')
# Concatenate: root + embedding + original
transposed = '-' + '-'.join(embedding_components + original_components)
return transposed
Validation Requirements:
Verify embedding path exists in envelope structure
Check transposed path resolves to same content
Validate no path collisions with existing signatures
Preserve original paths in audit logs
Library Integration
KERIpy Integration:
Use keri.core.coring for CESR primitives
Use keri.core.eventing for KEL verification
Use keri.core.signing for signature operations
Use keri.db.dbing for key state caching
keride/KERIox Integration:
Leverage Rust's type safety for path validation
Use serde for SAD serialization
Implement zero-copy path resolution where possible
Use constant-time comparison for signature verification
Avoid early returns that leak information
Implement rate limiting for verification requests
Key State Validation:
Always verify KEL before trusting signatures
Check for key rotation events
Validate witness receipts
Detect duplicitous KELs
Production Deployment
Current Usage Pattern: Focus implementation effort on message forwarding use case, as this is the primary production usage. Credential signing features should be implemented for completeness but are not currently used in production systems.
Monitoring:
Log all signature verifications (success and failure)
Track path resolution performance
Monitor KEL verification latency
Alert on verification failure rate increases
Scalability:
Implement caching at multiple levels (KEL, key state, parsed SADs)
Use connection pooling for witness queries
Consider distributed caching for high-volume systems