Loading vLEI.wiki
Fetching knowledge base...
Fetching knowledge base...
This comprehensive explanation has been generated from 187 GitHub source documents. All source documents are searchable here.
Last updated: October 7, 2025
This content is meant to be consumed by AI agents via MCP. Click here to get the MCP configuration.
Note: In rare cases it may contain LLM hallucinations.
For authoritative documentation, please consult the official GLEIF vLEI trainings and the ToIP Glossary.
A self-certifying identifier (SCID) is a cryptographic identifier uniquely derived from the public key of an asymmetric signing keypair, enabling verification of the identifier-to-key binding through cryptography alone without requiring trusted third parties or external registries.
A self-certifying identifier (SCID) is a type of cryptonym that establishes a cryptographically verifiable binding between an identifier and its controlling public key through one-way cryptographic derivation. The identifier is generated directly from the public key (or a digest of the public key) of an asymmetric keypair, making the mapping between identifier and key self-contained within the identifier itself.
Self-Certification: The identifier can be verified using cryptography alone, without reliance on any trusted entity for the identifier-to-key mapping. Any non-repudiable signature made with the private key can be verified by extracting the public key from either the identifier itself or from incepting information uniquely associated with the cryptographic derivation process.
Self-Authentication: The identifier is self-authenticating because verification does not require external certificate authorities, DNS lookups, or centralized registries. The cryptographic binding is intrinsic to the identifier structure.
Decentralized Root-of-Trust: SCIDs provide a cryptographic root-of-trust rather than an administrative one, enabling truly decentralized control authority.
SCIDs form the foundational building block for KERI's identity architecture. They enable:
Minimum Entropy: Always use at least 128 bits of cryptographic strength for seed generation. Use operating system-provided CSPRNGs (/dev/urandom on Unix, CryptGenRandom on Windows, or language-specific secure random APIs).
Key Derivation Standards: For hierarchical deterministic keys, follow BIP32/BIP39 standards to ensure interoperability and recoverability.
Algorithm Selection: Ed25519 is recommended for most use cases due to its balance of security, performance, and compact key size. Use ECDSA secp256k1 only when Bitcoin ecosystem compatibility is required.
Use Basic SCIDs when:
Use AIDs when:
Caching Strategy: Cache verified SCIDs with their associated public keys to avoid redundant cryptographic operations. Invalidate cache entries on key rotation events.
Batch Verification: When processing multiple events or credentials, batch signature verification operations to amortize cryptographic overhead.
Parallel Processing: Signature verification is embarrassingly parallel—leverage multi-core processors for high-throughput scenarios.
Private Key Protection: Store private keys in HSMs or TEEs for high-value identifiers. For software-only implementations, use encrypted keystores with strong key derivation functions (Argon2, scrypt).
Key Compromise Response: For basic SCIDs, any private key compromise is catastrophic—immediately cease using the identifier and notify relying parties. For AIDs, execute a key rotation to new, uncompromised keys.
Witness Configuration: Configure witness pools with geographic and jurisdictional diversity. Use a TOAD (Threshold of Accountable Duplicity) that balances security (higher threshold) with availability (lower threshold).
In ACDC credentials, SCIDs serve as issuer identifiers (i field) and holder identifiers, providing cryptographic attribution for credential issuance and presentation.
SCIDs exist in multiple variants:
Basic SCID: The identifier directly includes or is derived from the public key with a derivation code prepended.
Self-Addressing SCID: Uses a cryptographic digest of inception data (including the public key and configuration) as the identifier.
Multi-Sig Self-Addressing: Supports multiple controlling keypairs with threshold signature schemes.
Delegated Self-Addressing: Enables hierarchical delegation relationships.
Autonomic Identifiers (AIDs): Enhanced SCIDs that support key rotation through pre-rotation mechanisms, making them persistent rather than ephemeral.
SCIDs leverage asymmetric cryptography (public-key cryptography) with several supported signature schemes:
Ed25519: The most common algorithm in KERI implementations
ECDSA secp256k1: Bitcoin-compatible signature scheme
Ed448: Higher security variant
The SCID derivation follows this cryptographic chain:
For self-addressing variants:
Collision Resistance: The one-way functions used provide approximately 128 bits of cryptographic strength, making identifier collisions computationally infeasible.
Binding Strength: The cryptographic binding between identifier and key is as strong as the underlying hash function or signature scheme, typically providing 128-256 bits of security.
Uniqueness: Global uniqueness is achieved through cryptographic entropy rather than centralized coordination.
Non-Transferability (Basic SCIDs): Basic SCIDs are ephemeral—they cannot support key rotation. If the controlling private key is compromised, the identifier must be abandoned. This is a fundamental limitation that AIDs overcome through pre-rotation.
Verifiability: Any party can independently verify the identifier-to-key binding using only the identifier and the public key, without requiring access to external infrastructure.
Typical SCID sizes in CESR encoding:
All SCIDs in KERI are encoded using CESR (Composable Event Streaming Representation), which provides:
Qualified Representation: Every SCID includes a prepended derivation code that specifies the cryptographic algorithm used.
Composability: SCIDs can be concatenated with other primitives and converted between text and binary domains without loss.
Self-Framing: The derivation code indicates the length and type of the identifier, enabling parsers to extract it from streams without external delimiters.
In the text domain, SCIDs use Base64 URL-safe encoding (RFC 4648):
Character Set: [A-Z, a-z, 0-9, -, _] (no padding = character)
Structure: <derivation-code><base64-encoded-key-or-digest>
Example: BF5pxRJP6THrUtlDdhh07hJEDKrJxkcR9m5u1xs33bhp
B: Derivation code indicating Ed25519 non-transferable prefixIn the binary domain, SCIDs are encoded as raw bytes:
Structure: <derivation-code-bytes><raw-key-or-digest-bytes>
Alignment: All primitives align on 24-bit boundaries (3 bytes) to enable lossless text-binary conversion.
Common derivation codes for SCIDs:
B: Ed25519 non-transferable prefix (basic SCID)D: Ed25519 public verification keyE: Blake3-256 digest (self-addressing)F: Blake2b-256 digest1AAA: ECDSA secp256k1 non-transferable prefix1AAC: Ed448 non-transferable prefixThe derivation code enables cryptographic agility—the system can support multiple algorithms while maintaining unambiguous verification.
The SCID serves as a prefix in KERI, establishing the identifier's cryptographic foundation. The prefix structure creates a binding between:
This binding is fundamental to KERI's self-certifying property.
Inception Events: The SCID is established in the inception event, which is the first entry in a KEL. For basic SCIDs, the identifier prefix is derived directly from the initial public key. For self-addressing SCIDs, the identifier is the digest of the entire inception event.
Identifier Field (i): Every key event includes the i field containing the SCID, establishing which identifier the event pertains to.
Controller Identification: The SCID identifies the controller of the identifier throughout the KEL's history.
Issuer Identifier (i field): The SCID of the credential issuer, enabling cryptographic verification of the issuer's identity and authority.
Holder/Issuee Identifier: In targeted credentials, the SCID identifies the credential subject.
Chaining: SCIDs enable ACDC chaining through cryptographic references, forming verifiable provenance chains.
Direct Mode: In KERI's direct mode, two controllers exchange key events directly, with each controller's SCID serving as the cryptographic anchor for verification.
Indirect Mode: In indirect mode, witnesses and watchers verify events associated with SCIDs, providing distributed consensus.
Delegation: SCIDs can be delegated, creating hierarchical trust structures where a parent SCID delegates authority to child SCIDs.
Multi-Signature: Multiple SCIDs can collectively control a single identifier through threshold signature schemes.
Basic SCID Verification:
Self-Addressing SCID Verification:
AID Verification (for transferable identifiers):
AIDs are enhanced SCIDs that overcome the ephemeral limitation through key rotation support. The relationship:
SCID + Key Event Log = AID
AIDs maintain the self-certifying property while adding:
SAIDs are content-addressable identifiers where the identifier is a digest of the data it identifies. SCIDs can be self-addressing when the identifier is derived from a digest of inception data rather than directly from the public key.
SCIDs are a specific type of cryptonym—cryptographic pseudonymous identifiers. All SCIDs are cryptonyms, but not all cryptonyms are necessarily self-certifying.
In KERI terminology, SCIDs serve as prefixes that establish the cryptographic foundation for identifiers. The prefix includes both the derivation code and the key material.
Delegation Chains: SCIDs can form hierarchical structures where parent SCIDs delegate authority to child SCIDs, creating verifiable delegation trees.
Multi-Signature Composition: Multiple SCIDs can be composed into threshold signature schemes, requiring M-of-N signatures for valid operations.
Credential Chains: In ACDC systems, SCIDs link credentials together, forming verifiable provenance chains from root issuers through intermediaries to end holders.
Entropy Sources: Use cryptographically secure random number generators (CSPRNG) with at least 128 bits of entropy for seed generation.
Key Derivation: Follow standard cryptographic practices for deriving keypairs from seeds. For hierarchical deterministic keys, use established standards like BIP32/BIP39.
Storage Security: Private keys must be stored securely, ideally in hardware security modules (HSMs) or trusted execution environments (TEEs) for high-value identifiers.
Derivation Code Selection: Choose the appropriate derivation code based on:
Inception Event Construction: For self-addressing SCIDs, carefully construct the inception event to include all necessary configuration data before computing the digest.
Witness Configuration: For AIDs, configure witness pools during inception to enable indirect mode operation.
Caching: Implement caching for verified SCIDs to avoid redundant cryptographic operations, but ensure cache invalidation on key rotations.
Error Handling: Distinguish between:
Performance Optimization: Batch verification operations when processing multiple events or credentials to amortize cryptographic overhead.
Key Compromise Detection: For basic SCIDs, any compromise of the private key is catastrophic—the identifier must be abandoned. Implement monitoring for unauthorized signatures.
Upgrade Path: Basic SCIDs cannot be upgraded to AIDs. Plan identifier lifecycle from inception, choosing transferable identifiers when long-term persistence is required.
Delegation Security: When implementing delegated SCIDs, ensure both delegator and delegate participate in the delegation event (cooperative delegation).
Witness Selection: For AIDs, carefully select witnesses to ensure:
DID Methods: SCIDs can be represented as DIDs using methods like did:keri and did:webs, enabling interoperability with W3C DID infrastructure.
CESR Compatibility: Ensure all SCID implementations properly support CESR encoding for interoperability across KERI implementations (keripy, keriox, keride).
Schema Validation: When using SCIDs in ACDC credentials, validate against the appropriate JSON Schema to ensure structural correctness.
Test Vectors: Use standardized test vectors to verify correct SCID derivation across implementations.
Fuzzing: Fuzz parsers with malformed SCIDs to ensure robust error handling.
Interoperability Testing: Cross-test SCID generation and verification across different KERI implementations to ensure compatibility.
Performance Benchmarking: Measure signature generation/verification throughput to ensure acceptable performance for target use cases.
CESR Compliance: Strictly adhere to CESR encoding rules to ensure interoperability across KERI implementations. Test with multiple implementations (keripy, keriox, keride).
DID Method Mapping: When exposing SCIDs as DIDs, use did:keri for KERI-native identifiers or did:webs for web-hosted identifiers with KERI security.
Schema Validation: Validate SCID structure against CESR specifications before use in KELs or ACDCs to catch encoding errors early.
Test Vector Validation: Use official KERI test vectors to verify correct SCID derivation and verification across implementations.
Fuzzing: Fuzz SCID parsers with malformed inputs to ensure robust error handling and prevent crashes or security vulnerabilities.
Cross-Implementation Testing: Verify that SCIDs generated by one implementation can be verified by others to ensure ecosystem interoperability.