Scope and Boundaries

Secure attribution operates at the identity and authentication layer, providing the foundation upon which trust frameworks, governance, and veracity determination can be built. It does not:

• Determine whether statements are true (veracity)
• Establish reputation or trustworthiness of controllers
• Provide authorization or access control (though it enables these)
• Guarantee privacy or confidentiality (separate security properties)

Historical Context

The Internet's Broken Foundation

The original Internet Protocol (IP) was designed without a security layer, as documented in RFC 0791. The IP packet header includes a source address field that can be undetectably forged by any intermediary, meaning recipients cannot reliably determine if packets originated from imposters. This architectural deficiency means all secure attribution mechanisms must be overlaid on existing Internet infrastructure.

Traditional approaches to secure attribution have relied on:

• DNS/Certificate Authority (CA) systems: Administrative trust models where trusted third parties vouch for identity bindings
• Public Key Infrastructure (PKI): Cryptographic systems that suffer from insecure key rotation
• Federated identity systems: Platform-locked trust domains (Facebook, Google, etc.) that don't span applications

These systems create platform-locked trust where identity verification only works within specific domains, fragmenting the internet's trust landscape.

The Secure Attribution Problem

Historically, attribution has been a "non-exact science" achieving confidence levels of "beyond a reasonable doubt" rather than cryptographic certainty. The challenge involves:

• Proving statements originated from claimed sources
• Maintaining proof across key rotations and compromises
• Enabling verification without trusted intermediaries
• Providing portability across platforms and contexts

KERI's Approach

Cryptographic Root-of-Trust

KERI solves secure attribution through a cryptographic rather than administrative root-of-trust. This fundamental shift means trust does not rely on any trusted third-party administrative process but instead uses cryptographically verifiable data structures.

Self-Certifying Identifiers (SCIDs) form the foundation:

• Identifiers are cryptographically derived from public keys
• Strong cryptographic binding between identifier and controlling key pair
• No external registry or authority required for validation
• Universal uniqueness through cryptographic derivation

Autonomic Identifiers (AIDs) extend SCIDs with:

• Self-managing properties ("autonomic" from Greek "auto nomos" = self rule)
• Key rotation capabilities through Key Event Logs (KELs)
• Delegation support for hierarchical management
• Portability across platforms and infrastructures

Key Event Logs (KELs)

KERI's Key Event Logs provide the verifiable data structure for secure attribution:

• Append-only logs: Cryptographically chained records of all key events
• Establishment events: Inception and rotation events defining key state
• Interaction events: Non-establishment events anchoring external data
• Pre-rotation: Forward commitments to next keys enabling post-quantum security
• Duplicity detection: Mechanisms to identify conflicting versions of logs

End Verifiability

KERI enables end-verifiable attribution where:

• Every data item can be cryptographically attributed to its source
• Any recipient verifier can perform verification
• No reliance on infrastructure not under the verifier's control
• Ambient verifiability: Verification by anyone, anywhere, at any time

This creates zero-trust architecture where "it's much easier to protect one's private keys than to protect everyone else's internet infrastructure."

Witness and Watcher Infrastructure

KERI's distributed infrastructure enhances secure attribution:

Witnesses: Controller-designated entities that:

• Verify and sign key events
• Provide high availability for KELs
• Enable threshold-based security models
• Support indirect mode operations

Watchers: Validator-selected entities that:

• Maintain KEL copies in promiscuous mode
• Enable ambient duplicity detection
• Provide independent verification paths
• Support continuous monitoring

Separation from Veracity

KERI explicitly separates secure attribution from veracity determination:

• KERI provides: Cryptographic proof of who made statements
• KERI does not provide: Determination of whether statements are true
• Governance frameworks: Required for veracity assessment
• Verifiable credentials: Additional layers for trust evaluation

This architectural choice enables KERI to remain protocol-neutral while supporting diverse governance frameworks and trust models.

Practical Implications

Use Cases

Verifiable Credentials: KERI provides the secure attribution foundation for credential systems like ACDCs (Authentic Chained Data Containers), enabling:

• Proof of credential issuance by specific authorities
• Verifiable delegation chains
• Tamper-evident credential histories
• Privacy-preserving selective disclosure

Supply Chain Provenance: Secure attribution enables authentic data supply chains:

• Verifiable authorship of data at each stage
• Cryptographic proof of custody transfers
• Digital twins of physical supply chains
• Audit trails with non-repudiable attribution

Legal Entity Identification: GLEIF's vLEI (verifiable Legal Entity Identifier) implementation demonstrates:

• Cryptographically verifiable organizational identities
• Delegated authority for organizational roles
• Compliance with regulatory requirements
• Cross-border identity verification

Secure Communications: Trust Spanning Protocol (TSP) applications:

• Authenticated message payloads
• Verifiable sender identity
• Protection against impersonation attacks
• Foundation for confidential communications

Benefits

Cryptographic Certainty: Moves from "beyond reasonable doubt" to cryptographic proof of attribution, eliminating ambiguity about statement origins.

Portability: Identifiers and their attribution proofs are not locked to specific platforms, enabling true self-sovereignty and cross-platform interoperability.

Scalability: No global consensus required—each identifier has its own KEL, enabling linear scaling without distributed consensus overhead.

Post-Quantum Security: Pre-rotation mechanisms using cryptographic digests provide protection against quantum computing attacks on key material.

Duplicity Detection: Makes malicious behavior evident rather than hidden, enabling accountability and trust assessment.

Infrastructure Independence: Verification doesn't depend on the security of intervening infrastructure, enabling zero-trust architectures.

Trade-offs

PAC Theorem Constraints: The PAC (Privacy, Authenticity, Confidentiality) theorem establishes that systems can achieve any two of these three properties at the highest level, but not all three simultaneously. KERI prioritizes:

1. Authenticity first (secure attribution)
2. Confidentiality second (encryption)
3. Privacy third (optimized within constraints)

This means some privacy features must be sacrificed to maintain strong authenticity guarantees.

Key Management Responsibility: Controllers bear full responsibility for protecting private keys. While KERI provides mechanisms like pre-rotation for recovery, initial key compromise before rotation remains a vulnerability.

Complexity: Achieving secure attribution requires understanding cryptographic primitives, key event logs, witness coordination, and duplicity detection—creating a learning curve for implementers.

Governance Requirements: Secure attribution alone doesn't establish trust—organizations must build governance frameworks on top of KERI to assess veracity and reputation.

Metadata Visibility: While KERI enables privacy-preserving techniques, some metadata about identifier usage may be observable, requiring careful design to prevent correlation attacks.

Architectural Implications

Separation of Concerns: KERI's secure attribution layer is deliberately separated from:

• Semantic truth evaluation (governance layer)
• Authorization and access control (policy layer)
• Reputation and trust scoring (assessment layer)

This separation enables flexible trust models while maintaining a common cryptographic foundation.

Trust Spanning Layer: KERI functions as a horizontal spanning layer in the internet protocol stack, similar to IP itself, enabling trust to span across applications and platforms without requiring shared governance.

Autonomic Trust Basis: By using cryptographic proofs rather than administrative or algorithmic trust, KERI creates truly decentralized secure attribution that doesn't depend on blockchain consensus or certificate authorities.

Secure attribution through KERI represents a paradigm shift from administrative trust models to cryptographic certainty, providing the foundation for an "authentic web" where all data has verifiable proof-of-authorship.