The binding between derivation code and key material is immutable - any modification to either component produces a completely different prefix, making tampering immediately evident.

Prefix Types and Derivation Patterns

KERI supports multiple prefix derivation patterns, each serving different use cases:

Basic Self-Certifying Prefix: Directly encodes the public key with a derivation code. The identifier is literally the encoded public key, making verification straightforward - extract the key from the prefix and verify signatures.

Self-Addressing Prefix: Uses a cryptographic digest of the inception event data rather than the raw public key. This approach:

• Binds the identifier to the complete inception configuration (keys, thresholds, witnesses)
• Enables more complex identifier types (multi-sig, delegated)
• Provides stronger integrity guarantees through content-addressing

Multi-Sig Self-Addressing Prefix: Derives from a digest that includes multiple public keys and threshold specifications, enabling group control.

Delegated Self-Addressing Prefix: Includes cryptographic commitment to a delegating identifier, creating hierarchical trust structures.

Data Format

Encoding Specifications

Prefixes use Base64 URL-safe encoding (RFC 4648) exclusively, which provides:

• Character set: [A-Z, a-z, 0-9, -, _] (64 characters)
• URL compatibility: No special characters requiring escaping
• Filename safety: Can be used in filesystem paths
• 6-bit encoding: Each character represents 6 bits of information

Critical constraint: CESR requires 24-bit alignment for composability. All prefixes must be integer multiples of 4 Base64 characters (24 bits = 4 × 6 bits). This alignment enables lossless round-trip conversion between text and binary domains.

Derivation Code Tables

The derivation code determines the prefix structure. From the CESR specification, common codes include:

Single-character codes (1 byte derivation code + variable key material):

• B: Ed25519 non-transferable prefix (44 chars total)
• C: X25519 public encryption key
• D: Ed25519 public verification key
• E: Blake3-256 digest (self-addressing)
• F: Blake2b-256 digest

Multi-character codes (for larger key sizes or specialized types):

• 1AAA: ECDSA secp256k1 non-transferable prefix
• 1AAC: Ed448 non-transferable prefix

Each code specifies:

• Raw size: Byte length of the underlying cryptographic material
• Pad size: Number of leading pad bytes needed for 24-bit alignment
• Total length: Final character count in text domain

Field Constraints

Prefixes must satisfy multiple constraints:

1. Length determinism: Given a derivation code, the total length is fixed and predictable
2. Character validity: All characters must be in the Base64 URL-safe alphabet
3. Alignment: Total length must be divisible by 4 (24-bit boundary)
4. Uniqueness: Collision resistance of underlying cryptographic functions ensures global uniqueness
5. Immutability: Once generated, a prefix never changes (though control can be rotated)

Operations

Creation and Initialization

Prefix generation follows a deterministic process:

Step 1: Entropy Generation

• Generate high-entropy random seed (typically 128+ bits)
• Use cryptographically secure random number generator (CSPRNG)
• Seed serves as root secret for key derivation

Step 2: Key Pair Derivation

• Apply key derivation function to seed
• Generate public-private key pair using specified algorithm
• For hierarchical deterministic keys, use derivation paths

Step 3: Prefix Construction

• Select appropriate derivation code for identifier type
• For basic prefixes: Encode public key in Base64
• For self-addressing prefixes: Construct inception event, compute digest, encode digest
• Prepend derivation code to encoded material

Step 4: Validation

• Verify total length matches expected value for derivation code
• Confirm 24-bit alignment
• Validate Base64 character set compliance

The source documents emphasize that the bran (seed) combined with the keystore's aeid (authentication encryption identifier) deterministically generates all key-pairs. This means identical inputs always produce identical prefixes, enabling key recovery from seed backup.

Verification and Validation

Prefix verification involves multiple layers:

Structural Validation:

1. Parse derivation code from first character(s)
2. Verify total length matches code specification
3. Validate Base64 character set
4. Confirm 24-bit alignment

Cryptographic Validation:

1. Extract key material by decoding Base64
2. For basic prefixes: Use extracted public key directly
3. For self-addressing prefixes: Recompute digest from inception event and compare
4. Verify signatures using extracted/derived public key

Key State Validation:

1. Retrieve KEL for the prefix
2. Verify inception event matches prefix derivation
3. Confirm current key state through KEL replay
4. Check for duplicity by comparing with witness receipts

The source documents note that for self-addressing identifiers, both the d (SAID) and i (identifier) fields in the inception event must contain identical values after derivation, creating a self-referential integrity check.

Updates and Modifications

Critical principle: Prefixes are immutable identifiers. They never change once created. However, the control authority over a prefix can change through key rotation.

Key Rotation Process:

1. Controller signs rotation event with current authoritative keys
2. Rotation event includes digest of new public keys (pre-rotation)
3. Event is appended to KEL
4. Prefix remains unchanged; key state updates
5. Subsequent operations use new keys

This separation between identifier (prefix) and key state is fundamental to KERI's architecture. The prefix provides stable identity while keys can be rotated for security.

Delegation Operations:

• Delegated prefixes include cryptographic commitment to delegator
• Delegation can be revoked by delegator through interaction events
• Prefix itself remains constant; delegation status changes

Usage Context

Protocol Integration

Prefixes appear throughout KERI protocol messages:

In Key Events:

• i field: Identifier prefix of the AID
• di field: Delegator prefix (for delegated identifiers)
• Witness prefixes in b array
• Next key digests in n field (also prefixes)

In Receipts:

• Witness identifier prefixes
• Controller prefix being receipted

In ACDCs:

• Issuer identifier (i field)
• Issuee identifier (in attributes)
• Schema identifiers (SAIDs, which are prefixes)
• Edge references to other ACDCs

Lifecycle Management

Inception Phase:

• Prefix generated during AID creation
• Bound to inception event in KEL
• Published to witnesses for duplicity detection
• Shared via OOBI for discovery

Operational Phase:

• Used as identifier in all protocol interactions
• Referenced in credentials and attestations
• Verified against KEL for current key state
• Monitored by watchers for duplicity

Delegation Phase (if applicable):

• Delegated prefix created with reference to delegator
• Delegation approval anchored in delegator's KEL
• Hierarchical trust chain established

Recovery Phase:

• If keys compromised, rotation performed
• Prefix remains stable identifier
• New keys take control authority
• Pre-rotation enables recovery even after compromise

Related Structures

Prefixes interact with multiple KERI data structures:

KEL (Key Event Log):

• First event must be inception with matching prefix
• All events reference the prefix in i field
• KEL provides verifiable history of prefix's key state

KERL (Key Event Receipt Log):

• Includes witness receipts for prefix's events
• Provides duplicity detection for prefix
• Enables indirect mode operation

TEL (Transaction Event Log):

• Registry identifier is a prefix
• Credential identifiers are prefixes (SAIDs)
• Anchored to controlling prefix's KEL

SAID (Self-Addressing Identifier):

• Special case of prefix using digest derivation
• Used for content-addressable data
• Provides integrity for schemas, credentials, etc.

Network Operations

Discovery:

• Prefixes shared via OOBIs (Out-Of-Band Introductions)
• OOBI format: http://witness:port/oobi/{prefix}/witness/{witness_prefix}
• Resolution retrieves KEL and establishes trust

Verification:

• Verifiers query witnesses for prefix's KERL
• Compare received KEL against witness receipts
• Detect duplicity through consistency checks
• Validate signatures using current key state

Delegation:

• Delegated prefix includes di field with delegator prefix
• Delegator anchors approval in their KEL
• Creates verifiable chain: root → delegator → delegate
• Enables hierarchical organizational structures

Performance Considerations

Prefix operations have specific performance characteristics:

Generation: Computationally expensive (key generation)

• Ed25519: ~0.1ms per key pair
• ECDSA secp256k1: ~1ms per key pair
• Should be done offline/infrequently

Verification: Moderate cost (signature verification)

• Ed25519: ~0.2ms per signature
• Scales linearly with number of signatures
• Optimized through batch verification

Parsing: Very fast (string operations)

• Derivation code lookup: O(1)
• Base64 decoding: O(n) where n is prefix length
• Negligible overhead in protocol processing

Storage: Compact representation

• Typical prefix: 44 characters = 44 bytes text, 33 bytes binary
• Efficient for databases and network transmission
• CESR composability enables streaming without framing overhead

Implementation Patterns

Source documents reveal several implementation patterns:

Keystore Organization:

• Each AID has dedicated keystore ("Hab" in KERIpy)
• Keystore encrypted with passcode
• Salt + aeid deterministically generates keys
• Multiple AIDs managed by "Habery"

Witness Configuration:

• Prefixes include witness list in inception
• Witnesses identified by their prefixes
• TOAD (Threshold of Accountable Duplicity) specifies minimum witnesses
• Witness rotation supported through establishment events

Multi-Signature Groups:

• Group prefix derived from all participant prefixes
• Threshold specified in inception (e.g., "2-of-3")
• Each participant signs with their individual keys
• Indexed signatures identify which participant signed

Delegation Hierarchies:

• Root prefix has no delegator
• Delegated prefix includes di field
• Recursive delegation creates trees
• Each level maintains independent KEL

The source documents emphasize that prefixes are the atomic unit of identity in KERI - all other structures (KELs, credentials, registries) reference and depend on prefixes as their foundation.

Performance Optimization

• Cache key state: Avoid replaying KEL for every verification
• Batch signature verification: Verify multiple signatures together when possible
• Witness parallelization: Query witnesses concurrently
• OOBI caching: Cache resolved OOBIs to avoid repeated network lookups

Error Handling

• Invalid prefix format: Reject immediately with clear error message
• KEL not found: Attempt OOBI resolution before failing
• Duplicity detected: Alert user and halt operations
• Witness threshold not met: Retry with exponential backoff

Testing Strategies

• Test vector validation: Use known prefixes from specifications
• Round-trip encoding: Verify text→binary→text produces identical result
• Collision resistance: Verify different keys produce different prefixes
• Deterministic generation: Same inputs always produce same prefix

Security Considerations

• Timing attacks: Use constant-time comparison for prefix validation
• Side channels: Protect key generation from power/EM analysis
• Quantum resistance: Plan migration path to post-quantum algorithms
• Key exposure: Minimize time private keys spend in memory

Interoperability

• CESR compliance: Ensure prefixes conform to CESR encoding rules
• DID method support: Implement did:keri and did:webs resolution
• Multi-language compatibility: Test prefix generation across implementations
• Version compatibility: Support multiple KERI protocol versions