A root-of-trust that is cryptographically verifiable all the way to its current controlling key pair in a PKI, where the characteristic 'primary' refers to its one-to-one relationship with the entropy used for creating the seed of the private keys.
Related Concepts
No related concepts available
Comprehensive Explanation
primary-root-of-trust
Conceptual Definition
A primary root-of-trust represents the foundational layer of cryptographic trust in KERI's security architecture. Unlike traditional trust models that depend on administrative processes or external authorities, a primary root-of-trust establishes trust through direct cryptographic verification from the current key state all the way back to the original entropy source that generated the private keys.
The defining characteristic that makes a root-of-trust "primary" is its direct, unmediated relationship to entropy. The entropy serves as the ultimate source of randomness for generating the seed (also called bran in KERI terminology), which in turn generates the private keys. This one-to-one mapping between entropy and key generation ensures the trust basis is primary—not derived from another trust source, not dependent on external validation, and not requiring administrative oversight.
Key properties of a primary root-of-trust include:
Cryptographic verifiability: Every step from current key state back to origin can be cryptographically verified
Self-certifying: The identifier itself proves its binding to the controlling keys
Entropy-based foundation: Trust originates from high-quality random number generation
Independence: No reliance on external infrastructure or authorities
Irreplaceability: Forms the foundational layer that cannot be substituted
Historical Context
Traditional Public Key Infrastructure (PKI) systems establish trust through administrative roots-of-trust—Certificate Authorities (CAs) that maintain mappings between identifiers and public keys through trusted third-party processes. These systems suffer from several fundamental weaknesses:
Implementation Notes
Entropy Generation Requirements
Implementing a primary root-of-trust requires high-quality entropy generation:
Minimum entropy: 128 bits for basic security, 256 bits recommended
Source quality: Use hardware random number generators or cryptographically secure OS facilities
Avoid weak sources: Do not use timestamps, process IDs, or predictable values
Verification: Test entropy sources for statistical randomness
Key Storage Considerations
The primary root-of-trust's security depends on protecting the entropy and derived keys:
Hardware Security Modules (HSMs): Recommended for high-security applications
Trusted Execution Environments (TEEs): Provide isolation on general-purpose hardware
Encrypted storage: At minimum, encrypt keys at rest with strong algorithms
Access controls: Limit key access to authorized processes and personnel
Backup procedures: Secure backup of seeds/keys with appropriate redundancy
KEL Verification
Validators must verify the entire KEL to confirm the primary root-of-trust:
Inception verification: Validate the first event's signature and identifier derivation
Chain verification: Verify backward chaining through event digests
Signature verification: Validate all signatures against current key state
Pre-rotation verification: Confirm forward commitments match actual rotations
Consistency checking: Ensure no internal inconsistencies in the log
Operational Security
Maintaining a primary root-of-trust requires ongoing operational security:
Monitoring: Continuous monitoring for unauthorized access attempts
Incident response: Procedures for responding to suspected key compromise
Recovery procedures: Documented processes for using pre-rotated recovery keys
Audit trails: Maintain logs of all key management operations
Performance Optimization
Single points of failure: Compromise of a CA can affect all certificates it has issued
Administrative overhead: Human processes introduce delays and potential errors
Centralization: Trust concentrates in a limited number of authorities
Insecure key rotation: Traditional PKI breaks the chain-of-trust during key rotations
Blockchain-based systems introduced algorithmic roots-of-trust using distributed consensus mechanisms. While these provide stronger guarantees than administrative systems, they still have limitations:
Shared governance: Require agreement among network participants
Infrastructure dependency: Trust relies on the continued operation of the blockchain
Portability issues: Identifiers become locked to specific ledgers
The concept of self-certifying identifiers emerged as an alternative, where identifiers are cryptographically derived from public keys, eliminating the need for external binding authorities. However, basic self-certifying identifiers were ephemeral—they couldn't support key rotation without abandoning the identifier.
KERI's Approach
KERI revolutionizes the root-of-trust model by creating Autonomic Identifiers (AIDs) that combine self-certification with persistent control through key rotation. The primary root-of-trust in KERI is established through the Key Event Log (KEL), which provides:
Cryptographic Binding Chain
The KEL creates an unbroken cryptographic chain from the current key state back to the inception event:
Inception: The first event establishes the identifier and initial key state, cryptographically bound to the entropy-derived keys
Forward chaining: Each event includes a digest of the next (pre-rotated) keys
Backward chaining: Each event includes a digest of the previous event
Signature verification: Every event is signed by the current authoritative keys
This structure enables end-verifiable proof of control authority—any validator can independently verify the entire history without relying on external infrastructure.
Entropy as Ultimate Source
The primary root-of-trust's connection to entropy is critical:
High-entropy generation: KERI requires cryptographically strong random number generation (minimum 128 bits, typically 256 bits)
Key derivation: The seed generates private keys through one-way cryptographic functions
Identifier derivation: The public keys (derived from private keys) generate the self-certifying identifier
This chain of derivation means the identifier's trust properties trace directly back to the quality of the entropy source. The "primary" designation emphasizes this direct lineage—there are no intermediate trust dependencies.
Pre-Rotation Security
KERI's pre-rotation mechanism maintains the primary root-of-trust across key rotations:
Forward commitment: Each key state includes a cryptographic digest of the next rotation keys
One-time use: Rotation keys are used exactly once, minimizing exposure
Post-quantum security: Digest-based commitments provide resistance to quantum attacks
Unbroken chain: The cryptographic binding remains intact across all rotations
This approach solves the "hard problem" of secure key rotation that plagued traditional PKI, maintaining the primary root-of-trust even as keys change.
Independence from External Infrastructure
KERI's primary root-of-trust has no security dependency on external infrastructure:
Self-contained verification: All necessary information is in the KEL itself
Ambient verifiability: Anyone can verify anywhere, anytime
Replaceable infrastructure: Witnesses and watchers provide availability but not security
Portability: Identifiers can move between platforms without losing trust properties
This independence distinguishes primary roots-of-trust from secondary roots-of-trust, which depend on anchoring to primary roots for their security guarantees.
Practical Implications
Use Cases
Primary roots-of-trust are essential for:
High-security identifiers: Organizations requiring maximum security (financial institutions, government agencies, critical infrastructure)
Long-lived identifiers: Entities needing persistent identity over decades
Regulatory compliance: Systems requiring auditable, non-repudiable control authority
Cross-domain trust: Identifiers that must work across multiple trust domains without platform lock-in
Benefits
Cryptographic Assurance: The primary root-of-trust provides the strongest possible security guarantees:
No reliance on trusted third parties
Mathematically verifiable control authority
Resistance to administrative attacks and social engineering
Post-quantum security through proper algorithm selection
Key Management Responsibility: The controller bears full responsibility for:
Secure entropy generation
Private key protection
Backup and recovery procedures
Operational security practices
Unlike administrative systems where a CA might help recover from key loss, primary roots-of-trust place complete responsibility on the controller. This is both a feature (no external dependencies) and a challenge (no external safety net).
Anchoring: Secondary roots anchor to primary roots via seals
Trust inheritance: Secondary roots derive their trustability from the primary root
Automatic verification: The cryptographic binding enables automatic verification
Hierarchical architecture: Enables flexible trust structures while maintaining security
This hierarchical model allows KERI to support complex use cases (like verifiable credentials) while maintaining a simple, secure foundation in the primary root-of-trust.
Conclusion
The primary root-of-trust concept represents a fundamental shift in how we establish trust in digital systems. By grounding trust directly in cryptographic entropy and maintaining an unbroken chain of verification through the KEL, KERI provides the strongest possible foundation for decentralized identity. This approach eliminates dependencies on external authorities, enables true self-sovereignty, and provides the security guarantees necessary for high-stakes applications in the digital economy.
While maintaining security, optimize for performance:
Caching: Cache verified key states to avoid repeated verification
Incremental verification: Only verify new events when updating cached state
Parallel processing: Verify independent KELs in parallel
Efficient storage: Use compact CESR encoding for KEL storage and transmission