Historical Context

The distinction between authenticity and veracity has deep roots in epistemology and information theory, but becomes particularly critical in decentralized identity systems where cryptographic mechanisms can prove origin without proving truth.

Traditional Trust Models

Historically, veracity assessment relied on:

• Institutional authority: Trusted organizations (governments, universities, established media) whose reputation provided veracity guarantees
• Expert validation: Domain specialists who could assess factual accuracy
• Consensus mechanisms: Multiple independent sources corroborating claims
• Legal frameworks: Liability and accountability structures that incentivized truthfulness

These traditional models conflated authentication (proving who said something) with validation (proving what was said is true), often because the same trusted intermediaries performed both functions.

Digital Identity Evolution

Early digital identity systems inherited this conflation. Public Key Infrastructure (PKI) systems using Certificate Authorities combined:

• Technical authentication: Cryptographic binding of keys to identifiers
• Identity vetting: Verification that the entity is who they claim to be
• Implicit trust: Assumption that authenticated entities make truthful claims

This bundling created systemic vulnerabilities—compromise of a CA could simultaneously break authentication and enable false claims to appear verified.

KERI's Approach

KERI (Key Event Receipt Infrastructure) makes a fundamental architectural decision to separate cryptographic authentication from veracity determination. This separation of concerns is not a limitation but a deliberate design choice that enables more robust trust architectures.

What KERI Provides: Secure Attribution

KERI's core contribution is secure attribution—cryptographically proving who made a statement through:

• Self-certifying identifiers: AIDs (Autonomic Identifiers) that are cryptographically bound to controlling key pairs
• Key Event Logs (KELs): Verifiable, append-only logs of key management events
• Digital signatures: Non-repudiable cryptographic commitments
• End-verifiable proofs: Validators can verify attribution directly to cryptographic roots-of-trust

As stated in the Universal Identifier Theory: "KERI offers cryptographic root-of-trust to establish attributional trust. In the real world you'd also need reputational trust. You can't have reputation without attributional trust."

What KERI Does NOT Provide: Veracity Determination

KERI explicitly does not determine whether statements are true. The source of truth documentation emphasizes: "KERI and ACDC commit to secure attribution but do not determine whether what was said is true."

This design choice means:

• KERI provides the mechanism for attributable statements
• External systems provide the evaluation of those statements
• Veracity remains an organizational or governance decision

Supporting Veracity Without Solving It

While KERI doesn't determine veracity, it provides critical infrastructure that enables veracity assessment:

1. Non-repudiable attribution: Controllers cannot deny making statements, enabling accountability
2. Tamper-evident records: ACDCs (Authentic Chained Data Containers) provide verifiable provenance chains
3. Cryptographic integrity: SAIDs (Self-Addressing Identifiers) ensure data hasn't been altered
4. Verifiable credential infrastructure: Foundation for building trust frameworks

The Governance Layer

Veracity determination in KERI-based systems requires a governance layer that includes:

Trust Frameworks: Policies defining:

• What types of claims require what levels of verification
• Which issuers are authoritative for which claim types
• Verification procedures and evidence requirements
• Liability and accountability structures

Credential Schemas: JSON Schema definitions in ACDCs that:

• Specify required attributes and their semantics
• Define validation rules and constraints
• Establish relationships between credentials
• Enable machine-readable verification logic

Reputation Systems: Mechanisms for:

• Tracking issuer reliability over time
• Aggregating verifier assessments
• Providing transparency about claim accuracy
• Enabling informed trust decisions

Verification Processes: Procedures for:

• Cross-referencing claims with authoritative sources
• Conducting domain-specific validation
• Temporal validity checking
• Revocation and status verification via TELs (Transaction Event Logs)

Practical Implications

Use Cases and Applications

Legal Entity Verification (vLEI):

The GLEIF vLEI (verifiable Legal Entity Identifier) ecosystem demonstrates the separation of authenticity and veracity:

• KERI provides: Cryptographic proof that GLEIF (or a QVI) issued a credential
• GLEIF provides: Verification that the legal entity information is accurate through their identity assurance processes
• Verifiers assess: Whether to trust GLEIF's verification procedures for their use case

The vLEI governance framework establishes:

• Qualification requirements for issuers
• Verification procedures for legal entity data
• Liability frameworks for false claims
• Audit and compliance mechanisms

Supply Chain Provenance:

In supply chain applications:

• KERI proves: Which entity made claims about product origin, handling, or certification
• Domain verification: Industry-specific validation (lab tests, inspections, certifications)
• Veracity assessment: Buyers evaluate whether to trust specific suppliers' claims based on reputation, third-party verification, and historical accuracy

Academic Credentials:

For educational credentials:

• KERI authenticates: The issuing institution's identity
• Institution attests: Student achievements and qualifications
• Verifiers determine: Whether to trust that institution's academic standards and verification processes

Benefits of Separation

Separating authentication from veracity provides several advantages:

Architectural Clarity: Clear separation of concerns enables:

• Cryptographic layer focused on technical security
• Governance layer focused on trust policies
• Domain-specific validation without compromising core security

Flexibility: Different trust models can be built on the same foundation:

• High-assurance identity verification (government IDs)
• Self-asserted claims (social profiles)
• Third-party attestations (certifications)
• Algorithmic verification (blockchain anchoring)

Scalability: Cryptographic operations scale independently from:

• Human verification processes
• Domain-specific validation
• Reputation aggregation

Portability: Credentials can move between trust contexts:

• Same cryptographic proof works across ecosystems
• Veracity assessment adapts to local requirements
• No lock-in to specific governance frameworks

Trade-offs and Limitations

Complexity: Users must understand:

• Authenticated ≠ True
• Multiple layers of trust evaluation
• Context-dependent veracity assessment

Responsibility: Verifiers bear responsibility for:

• Evaluating issuer trustworthiness
• Assessing claim plausibility
• Determining acceptable risk levels

Governance Requirements: Ecosystems must establish:

• Clear trust frameworks
• Issuer qualification processes
• Verification standards
• Dispute resolution mechanisms

No Automatic Trust: Unlike traditional PKI where CA validation implied trustworthiness, KERI requires explicit veracity evaluation at the application layer.

The Security Overlay Properties Trillema

The authenticity documentation introduces a critical trade-space involving three security properties:

1. Authenticity: Verifiable origin
2. Confidentiality: Protected from unauthorized disclosure
3. Privacy: Protected personal information

The trilemma states that systems can achieve any two of the three properties at the highest level, but not all three simultaneously. KERI's design prioritizes:

1. High authenticity (first priority)
2. High confidentiality (second priority)
3. As high as possible privacy (third priority)

Veracity is notably absent from this trilemma because it operates at a different architectural layer—it's not a cryptographic property but a semantic and governance property that builds upon the foundation of authenticity.

Relationship to Other Concepts

Veracity intersects with several related concepts in distinct ways:

Authenticity: Provides the foundation for veracity assessment by establishing who made claims, but does not validate claim truthfulness.

Integrity: Ensures information is complete and unaltered, but complete false information can have perfect integrity.

Provenance: Documents the history and chain of custody, but documented false information maintains provenance.

Source of Truth: KERI provides secure attribution (who said it) but not source of truth determination (is it true).

Reputation: Historical patterns of veracity contribute to reputation, which in turn informs future veracity assessments.

Identity Assurance: The process by which trusted parties establish veracity of identity claims, complementing KERI's authentication.

Conclusion

Veracity represents the semantic truth layer that must be built atop KERI's cryptographic authentication layer. This architectural separation is not a weakness but a strength—it enables flexible, context-appropriate trust models while maintaining a secure, universal foundation for attribution.

KERI's explicit non-commitment to veracity determination reflects a mature understanding that:

• Truth is context-dependent and domain-specific
• Cryptographic systems cannot solve semantic problems
• Governance and reputation must complement technology
• Separation of concerns enables better security and flexibility

By providing robust secure attribution, KERI creates the necessary foundation for veracity assessment without constraining how that assessment occurs, enabling diverse trust ecosystems to flourish on a common cryptographic infrastructure.