Scope and Boundaries

This trade-off applies specifically to:

• Cryptographic key pair generation and storage
• Event signing operations
• Event signature verification

When discussing "key compromise" in this context, we refer to compromise of any of these three infrastructural components, not merely the keys themselves.

Historical Context

Traditional public key infrastructure (PKI) systems have historically addressed this trade-off through centralized trust models:

• Certificate Authorities (CAs) bear the cost and security burden of key management
• End users delegate trust to these authorities
• Performance is achieved through caching and hierarchical trust chains
• Security is concentrated in a small number of highly protected systems

However, this centralized approach creates:

• Single points of failure
• Dependency on trusted third parties
• Limited autonomic control for identifier controllers
• Vulnerability to CA compromise (which affects all downstream certificates)

Decentralized identity systems attempted to address these limitations but often simply shifted the trade-off rather than resolving it:

• Blockchain-based systems achieve decentralization but at high cost and reduced performance
• Self-sovereign identity systems place the full burden on individual users
• Federated systems distribute trust but maintain dependencies on federation operators

KERI's Approach

KERI addresses the security-cost-performance architecture trade-off through several innovative mechanisms that work together to optimize across all three dimensions.

Cooperative Delegation

The primary mechanism KERI employs is cooperative delegation of identifier prefixes. This "somewhat novel form of delegation" requires active participation from both a delegator and a delegate, creating a mutually protective relationship.

Security Through Layered Protection

Cooperative delegation provides a critical security advantage: the delegator's key management protects the delegate's keys through recovery mechanisms. This creates a security architecture where:

• If a delegate's authoritative keys are compromised, the attacker cannot capture full control authority
• The delegator retains the ability to recover the delegate's identifier
• Any exploitation of the delegate alone is recoverable by the delegator

Cost Optimization

This delegation model enables cost optimization by:

• Allowing delegates to operate with lighter, less expensive key management infrastructure
• Concentrating high-security (high-cost) key management at the delegator level
• Enabling hierarchical structures where security investment scales with authority level
• Reducing individual operational burden while maintaining system-wide security

Performance Benefits

Performance is enhanced through:

• Delegates can use faster signing infrastructure without compromising overall security
• Distributed authority enables parallel operations across multiple delegates
• Hierarchical structures support scalable architectures for enterprise deployments
• Recovery mechanisms don't require real-time coordination for normal operations

Pre-rotation and Partial Rotation

KERI's pre-rotation mechanism further addresses the trade-off by decoupling key generation from key exposure:

• Keys can be generated in highly secure (slow, expensive) environments
• Generated keys are committed to through digests without exposure
• Actual key usage happens later, potentially in more performant environments
• Partial rotation allows selective key exposure, maintaining reserve keys in secure storage

Reserve Rotation Strategy

Partial rotation specifically enables reserve key strategies where:

• Controllers maintain backup keypairs that remain unexposed and highly secured
• Keys can be held in more expensive, secure storage until needed
• Gradual key exposure reduces attack surface over time
• Emergency recovery keys remain available without performance impact

Custodial Key Management

The partial rotation mechanism supports custodial arrangements that optimize the trade-off:

• Signing authority can be delegated to a performant custodial agent
• Rotation authority remains with the original controller in secure storage
• The controller can revoke custodial authority without requiring custodian cooperation
• This splits control authority between high-frequency (signing) and high-security (rotation) operations

Witness Infrastructure

KERI's witness infrastructure distributes the verification burden:

• Witnesses provide availability and duplicity detection without requiring trust
• Watchers operate in "promiscuous mode" for ambient verification
• This distributes performance load while maintaining security through redundancy
• Cost is distributed across multiple parties rather than concentrated

Practical Implications

Enterprise Deployments

For organizations, KERI's approach enables:

• Root identifiers with maximum security (expensive HSMs, air-gapped systems, multi-party control)
• Delegated operational identifiers with balanced security/performance for daily operations
• Agent identifiers with high performance for automated systems
• Recovery capability flows down from root to leaves in the delegation tree

Individual Users

For individual identity controllers:

• Can delegate to custodial agents for convenience and performance
• Retain ultimate control through rotation authority
• Can "fire" compromised or misbehaving custodians
• Don't need to maintain expensive infrastructure for daily operations

IoT and Edge Computing

For resource-constrained devices:

• Devices can be delegates of more powerful controllers
• Signing operations can be performant on-device
• Key generation and rotation can happen on more capable systems
• Compromise of individual devices doesn't compromise the entire system

Use Case: Hierarchical Organizations

A corporation might structure its KERI identifiers as:

1. Root corporate AID: Maximum security, infrequent operations, high cost
2. Division AIDs: Delegated from root, balanced security/cost
3. Department AIDs: Delegated from divisions, optimized for performance
4. Employee/Agent AIDs: Delegated from departments, high performance

Each level benefits from the security of its delegator while optimizing for its operational requirements. A compromised employee AID can be recovered by the department, a compromised department by the division, and so on up the chain.

Trade-offs in Practice

KERI doesn't eliminate the trade-off but provides mechanisms to optimize it:

• Security is maintained through cryptographic verifiability and recovery mechanisms
• Cost is optimized through delegation and distributed infrastructure
• Performance is achieved through separation of concerns (signing vs. rotation)

The key insight is that through cooperative delegation and partial rotation, different parts of the system can make different trade-off decisions while maintaining overall security through the delegation hierarchy.

Architectural Significance

The security-cost-performance architecture trade-off is not merely a technical detail but a fundamental design constraint that shapes KERI's entire architecture. By explicitly recognizing this trade-off and providing mechanisms like cooperative delegation to address it, KERI enables flexible, scalable identity systems that can adapt to diverse operational requirements while maintaining cryptographic verifiability and security.

This approach represents a significant departure from traditional PKI models that attempt to solve the trade-off through centralization, and from blockchain-based systems that sacrifice performance and cost for decentralization. KERI's solution maintains decentralization while providing tools to optimize across all three dimensions based on specific use case requirements.