Loading vLEI.wiki
Fetching knowledge base...
Fetching knowledge base...
This comprehensive explanation has been generated from 4 GitHub source documents. All source documents are searchable here.
Last updated: September 21, 2025
This content is meant to be consumed by AI agents via MCP. Click here to get the MCP configuration.
Note: In rare cases it may contain LLM hallucinations.
For authoritative documentation, please consult the official GLEIF vLEI trainings and the ToIP Glossary.
In the KERI (Key Event Receipt Infrastructure) protocol, rct is the standardized abbreviation for receipt, representing a fundamental cryptographic validation mechanism that enables third-party attestation of key events. Receipts are cryptographically signed messages that provide independent verification and validation of events within Key Event Logs (KELs), forming a critical component of KERI's duplicity detection and trust establishment infrastructure.
Receipts in KERI follow a precise JSON structure with specific field ordering and encoding requirements:
{
"v": "KERI10JSON00011c_",
"t": "rct",
"d": "EabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ",
"i": "EcontrollerAIDprefix",
"s": "0",
"receipts": [
{
"i": "EwitnessAIDprefix",
"s": "0",
"d": "EeventSAIDdigest"
}
]
}
Field Specifications:
v: Version string following KERI10JSON format with content length encodingt: Message type identifier, always "rct" for receipt messagesd: SAID (Self-Addressing Identifier) digest of the receipt message itselfReceipt Timing Issues:
Signature Verification Performance:
SAID Computation Consistency:
Receipt Storage Optimization:
# Use prepared statements for receipt insertion
INSERT_RECEIPT = """
INSERT INTO receipts (said, controller_aid, sequence_number,
witness_aid, event_said, receipt_data,
signature_data, timestamp)
VALUES (?, ?, ?, ?, ?, ?, ?, ?)
"""
# Batch insert receipts for better performance
def batch_insert_receipts(receipts):
with db.transaction():
db.executemany(INSERT_RECEIPT, receipts)
Memory Management:
Receipt Validation Chain:
Duplicity Detection:
def detect_witness_duplicity(witness_aid, receipts):
event_receipts = {}
for receipt in receipts:
event_said = receipt['receipts'][0]['d']
sequence = receipt['s']
key = (witness_aid, sequence)
if key in event_receipts:
if event_receipts[key] != event_said:
# Duplicitous witness detected
log_duplicity_event(witness_aid, sequence,
event_receipts[key], event_said)
return True
else:
event_receipts[key] = event_said
return False
i: AID of the entity being receipted (the controller whose event is being validated)s: Sequence number of the receipted event (hexadecimal for values > 15)receipts: Array of receipt couplets containing witness attestationsKERI defines multiple receipt types based on the signing entity:
Non-Transferable Receipts (ntr):
Transferable Receipts (vrc):
Controller → Event → Witness₁
↓
Receipt₁ → KERL
↓
Witness₂ ← Receipt₁
↓
Receipt₂ → KERL
Receipts use CESR (Composable Event Streaming Representation) for signature attachments:
-AABAA<base64-signature-data>
Signature Components:
-AAB: Counter code indicating single signature attachmentAA: Derivation code for Ed25519 signature<base64-signature-data>: 88-character Base64 encoded signatureFor multi-signature witnesses or validators:
-AACAA<index><base64-signature-data>
Index Encoding:
def validate_receipt(receipt_msg, event_msg, witness_kel):
# 1. Verify receipt structure
if not verify_receipt_structure(receipt_msg):
raise ValidationError("Invalid receipt structure")
# 2. Verify receipt SAID
computed_said = compute_said(receipt_msg)
if computed_said != receipt_msg['d']:
raise ValidationError("Receipt SAID mismatch")
# 3. Verify witness authority
witness_keys = get_current_keys(witness_kel, receipt_msg['i'])
if not verify_signature(receipt_msg, witness_keys):
raise ValidationError("Invalid witness signature")
# 4. Verify event reference
if receipt_msg['s'] != event_msg['s']:
raise ValidationError("Sequence number mismatch")
return True
CREATE TABLE receipts (
said TEXT PRIMARY KEY,
controller_aid TEXT NOT NULL,
sequence_number INTEGER NOT NULL,
witness_aid TEXT NOT NULL,
event_said TEXT NOT NULL,
receipt_data BLOB NOT NULL,
signature_data BLOB NOT NULL,
timestamp INTEGER NOT NULL,
INDEX idx_controller_seq (controller_aid, sequence_number),
INDEX idx_witness (witness_aid),
INDEX idx_event (event_said)
);
class ReceiptStore:
def get_receipts_for_event(self, controller_aid, sequence_number):
"""Retrieve all receipts for a specific event"""
query = """
SELECT * FROM receipts
WHERE controller_aid = ? AND sequence_number = ?
ORDER BY timestamp ASC
"""
return self.db.execute(query, (controller_aid, sequence_number))
def get_witness_receipts(self, witness_aid, since_timestamp=None):
"""Retrieve receipts from specific witness"""
query = "SELECT * FROM receipts WHERE witness_aid = ?"
params = [witness_aid]
if since_timestamp:
query += " AND timestamp > ?"
params.append(since_timestamp)
return self.db.execute(query, params)
Receipts form a secondary validation layer for KEL events:
KEL Event → Receipt Generation → KERL Storage → Duplicity Detection
↓ ↓ ↓ ↓
Primary Secondary Persistent Security
Validation Validation Storage Mechanism
Receipts enable witness pool consensus through KAWA (KERI's Algorithm for Witness Agreement):
TOAD = ceil(2/3 * witness_count)For ACDC credentials, receipts validate TEL (Transaction Event Log) events:
{
"v": "KERI10JSON",
"t": "rct",
"d": "EtelReceiptSAID",
"i": "EcredentialIssuerAID",
"s": "1",
"receipts": [
{
"i": "EregistrarAID",
"s": "1",
"d": "EtelEventSAID"
}
]
}
Receipt Generation:
Receipt Validation:
Receipt Message Size:
Network Patterns:
KERL Growth Rate:
Partial Receipt Collection:
def handle_partial_receipts(event, receipts, threshold):
if len(receipts) < threshold:
# Insufficient receipts - event remains in escrow
return EventStatus.ESCROWED
elif len(receipts) >= threshold:
# Sufficient receipts - event accepted
return EventStatus.ACCEPTED
Receipt Duplicity:
def detect_receipt_duplicity(receipts):
witness_receipts = {}
duplicitous_witnesses = set()
for receipt in receipts:
witness_aid = receipt['receipts'][0]['i']
event_said = receipt['receipts'][0]['d']
if witness_aid in witness_receipts:
if witness_receipts[witness_aid] != event_said:
duplicitous_witnesses.add(witness_aid)
else:
witness_receipts[witness_aid] = event_said
return duplicitous_witnesses
Concurrent Receipt Processing:
Network Partition Handling:
Receipts conform to the IETF KERI specification (draft-ssmith-keri):
Receipts use CESR for all cryptographic primitives:
KERI Protocol Versions:
Witness Pool Deployment:
witness_pool:
replicas: 5
threshold: 3
geographic_distribution: true
load_balancer:
algorithm: round_robin
health_checks: enabled
Receipt Storage Scaling:
Key Metrics:
Alerting Thresholds:
Receipt Audit Process:
Disaster Recovery:
Unit Testing:
Integration Testing:
Performance Testing:
Security Testing: