Comprehensive Explanation

verifiable-identifier

Technical Definition

A verifiable identifier (VID) is a cryptographic identifier over which a controller can provide cryptographic proof of control through digital signatures and key event logs. VIDs represent a fundamental shift from administrative identifier systems (which rely on trusted third parties to maintain identifier-to-key mappings) to cryptographic identifier systems where the identifier itself is derived from or cryptographically bound to the controlling key material.

In the KERI ecosystem, VIDs are implemented as Autonomic Identifiers (AIDs) - self-certifying, self-managing identifiers that must be encoded in CESR (Composable Event Streaming Representation) as qualified cryptographic primitives. The defining characteristic of a VID is that control authority can be proven through cryptographic operations alone, without requiring verification from external authorities.

Purpose in KERI/ACDC

VIDs serve as the foundational identity primitive in KERI-based systems, enabling:

1. Decentralized Control: Controllers maintain direct cryptographic control over their identifiers without intermediaries
2. Verifiable Attribution: Every statement or credential can be cryptographically attributed to a specific VID
3. Key Rotation: VIDs support secure key rotation through pre-rotation mechanisms, enabling recovery from key compromise
4. Delegation: VIDs can delegate authority to other VIDs, creating hierarchical trust structures
5. Credential Issuance: VIDs serve as issuers and subjects in ACDC (Authentic Chained Data Container) credentials

Type Classification

VIDs encompass several related identifier types:

• Self-Certifying Identifiers (SCIDs): Basic VIDs cryptographically derived from public keys
• Autonomic Identifiers (AIDs): Self-managing VIDs with key rotation capabilities via Key Event Logs
• Decentralized Identifiers (DIDs): W3C standard identifiers that can be implemented using KERI as the underlying method

Cryptographic Properties

Underlying Algorithms

VIDs leverage multiple cryptographic primitives:

Digital Signature Algorithms:

• Ed25519: Primary signing algorithm providing 128-bit security strength
• ECDSA (secp256k1): Alternative signing algorithm for Bitcoin compatibility
• Post-quantum algorithms: Future-proofing through algorithm agility

Hash Functions:

• Blake3-256: Primary hashing algorithm for content addressing
• Blake2b-256: Alternative hashing for specific use cases
• SHA-256: Legacy support and interoperability

Key Derivation:

• Hierarchical Deterministic (HD) key derivation: Enables generation of multiple keys from a single seed
• BIP-39 seed phrases: Human-readable seed representation for key recovery

Security Properties

VIDs provide several critical security guarantees:

1. Self-Certification: The identifier is cryptographically bound to the controlling key pair, making it self-authenticating
2. Non-Repudiation: Digital signatures provide mathematical proof that only the key holder could have signed
3. Duplicity Detection: KERI's key event log structure makes any attempt to create conflicting versions of identifier history cryptographically evident
4. Post-Quantum Security: Pre-rotation mechanisms protect against future quantum computing attacks by hiding next keys until needed
5. End-Verifiability: Any party can independently verify the entire history and current state of a VID without trusting intermediaries

Key/Output Sizes

Ed25519 Keys:

• Private key: 32 bytes (256 bits)
• Public key: 32 bytes (256 bits)
• Signature: 64 bytes (512 bits)

CESR-Encoded Identifiers:

• Basic identifier: 44 characters (Base64 encoding)
• Self-addressing identifier: 44 characters
• Qualified with derivation code: Varies by algorithm

Hash Outputs:

• Blake3-256: 32 bytes (256 bits)
• Blake2b-256: 32 bytes (256 bits)
• SHA-256: 32 bytes (256 bits)

Data Format & Encoding

CESR Encoding Format

VIDs are encoded using CESR, which provides dual text-binary encoding with composability. The encoding structure consists of:

1. Derivation Code: 1-4 character prefix indicating the cryptographic algorithm and identifier type
2. Encoded Key Material: Base64 URL-safe encoding of the public key or digest

Example VID Structure:

EaU6JR2nmwyZ-i0d8JZAoTNZH3ULvYAfSVPzhzS6b5CM
│└─────────────────────────────────────────┘
│                  Base64 Encoded Material
└─ Derivation Code (E = Ed25519 public key)

Text and Binary Representations

Text Domain (Base64):

• Human-readable representation
• Used in JSON, YAML, and text-based protocols
• Enables debugging and logging
• Example: EaU6JR2nmwyZ-i0d8JZAoTNZH3ULvYAfSVPzhzS6b5CM

Binary Domain:

• Compact representation for efficient transmission
• Used in binary protocols and storage
• Maintains composability with text domain
• Enables round-trip conversion without loss

Derivation Codes

Common derivation codes for VIDs:

• E: Ed25519 public key (44 characters total)
• F: Blake2b-256 digest (44 characters total)
• I: Blake3-256 digest (44 characters total)
• 1AAA: ECDSA secp256k1 public key (variable length)
• 0A: Random seed (24 characters total)

The derivation code enables:

• Algorithm identification: Verifiers know which algorithm to use
• Self-describing format: No external schema needed
• Cryptographic agility: Support for multiple algorithms in the same system

Usage in KERI/ACDC

In Which Event Types

VIDs appear in multiple KERI event types:

Inception Events (icp):

• The VID prefix is derived from the inception event data
• Establishes the initial key state and configuration
• Creates the cryptographic binding between identifier and keys

Rotation Events (rot):

• References the VID being rotated
• Updates the authoritative key set
• Maintains the identifier while changing keys

Interaction Events (ixn):

• Uses the VID to anchor external data
• Provides non-establishment events for the identifier
• Enables data attribution without key changes

Delegated Events (dip, drt):

• Establishes delegated VIDs under a delegator's authority
• Creates hierarchical identifier structures
• Enables organizational identity management

ACDC Credentials:

• Issuer field (i): VID of the credential issuer
• Subject field (i in attributes): VID of the credential subject
• Registry identifier (ri): VID controlling the credential registry

Common Usage Patterns

1. Direct Authentication:

User presents VID → Verifier requests signature challenge → 
User signs with current keys → Verifier checks KEL for key state → 
Authentication succeeds if signature valid for current keys

2. Credential Issuance:

Issuer VID creates ACDC → Signs credential with current keys → 
Anchors credential SAID to KEL via interaction event → 
Credential becomes verifiable through issuer's VID

3. Delegation Chain:

Root VID delegates to Child VID → Child VID delegates to Grandchild → 
Each delegation anchored in delegator's KEL → 
Complete chain verifiable from root to leaf

4. Multi-Signature Control:

Multiple VIDs collectively control a group VID → 
Threshold signatures required for events → 
Enables organizational governance structures

Verification Procedures

Verifying a VID involves several steps:

1. Identifier Validation:

• Parse the CESR-encoded VID
• Extract derivation code and key material
• Verify the encoding is well-formed

2. Key Event Log Retrieval:

• Obtain the complete KEL for the VID
• May require OOBI (Out-Of-Band Introduction) for discovery
• Fetch from witnesses or watchers

3. KEL Verification:

• Verify inception event creates the VID prefix
• Check all event signatures against authoritative keys
• Validate pre-rotation commitments
• Verify witness receipts meet threshold requirements

4. Current Key State Determination:

• Process all establishment events in sequence
• Apply rotations to determine current authoritative keys
• Check for any delegations or revocations

5. Duplicity Detection:

• Compare KEL against other sources
• Check for conflicting versions
• Verify first-seen policies with witnesses

6. Signature Verification:

• Use current authoritative keys to verify signatures
• Ensure signatures were created after key establishment
• Validate against the correct key state

Related Primitives

Autonomic Identifiers (AIDs)

AIDs are the primary implementation of VIDs in KERI. While all AIDs are VIDs, not all VIDs are necessarily AIDs. AIDs specifically:

• Support key rotation through KELs
• Enable pre-rotation for post-quantum security
• Provide self-managing properties
• Are encoded in CESR as qualified primitives

Relationship: AIDs are the fully-featured implementation of the VID concept, adding key management capabilities to basic verifiable identifiers.

Self-Certifying Identifiers (SCIDs)

SCIDs are a simpler form of VID that:

• Derive directly from public keys
• Do not support key rotation
• Provide basic self-certification
• Serve as building blocks for AIDs

Relationship: SCIDs are the foundational primitive that AIDs extend with key rotation capabilities.

Decentralized Identifiers (DIDs)

DIDs are W3C standard identifiers that:

• Can be implemented using KERI as the method
• Provide a standardized resolution interface
• Enable interoperability with W3C credential standards
• May or may not be cryptographically verifiable depending on method

Relationship: VIDs can be expressed as DIDs (e.g., did:keri:, did:webs:), providing W3C compatibility while maintaining KERI's security properties.

Self-Addressing Identifiers (SAIDs)

SAIDs are content-addressable identifiers that:

• Derive from the content they identify
• Provide tamper-evidence for data structures
• Enable verifiable data containers
• Are used extensively in ACDCs

Relationship: SAIDs complement VIDs by providing content integrity, while VIDs provide control authority. Together they enable verifiable credentials.

Key Event Logs (KELs)

KELs are verifiable data structures that:

• Record the complete history of a VID
• Enable key rotation and recovery
• Provide duplicity detection
• Serve as the source of truth for key state

Relationship: KELs are the mechanism by which VIDs maintain verifiable control authority over time, enabling the "verifiable" property of VIDs.

Trust Spanning Protocol (TSP) Integration

VIDs play a central role in the Trust Spanning Protocol (TSP), which uses VIDs to sign every message on the internet and make them verifiable. TSP demonstrates the practical application of VIDs for:

• Message Authentication: Every TSP message is signed by a VID
• Confidential Communication: VIDs enable encrypted channels
• Privacy Protection: VIDs can be used in nested relationships to protect metadata
• Universal Verification: Any party can verify TSP messages using VID verification

The TSP architecture shows how VIDs can serve as a universal trust layer, replacing traditional PKI and certificate authority systems with cryptographically verifiable identifiers.

vLEI Ecosystem Application

In the vLEI (verifiable Legal Entity Identifier) ecosystem, VIDs enable:

• Organizational Identity: Legal entities receive VIDs bound to their LEI
• Role Credentials: Individuals receive VIDs for their organizational roles
• Delegation Chains: Authority flows from GLEIF through QVIs to legal entities
• Verifiable Credentials: All vLEI credentials are issued to and by VIDs

This demonstrates VIDs' capability to support enterprise-scale identity systems with regulatory compliance requirements.

Security Considerations

Key Management:

• VIDs require secure generation and storage of private keys
• Compromise of current keys can be mitigated through pre-rotation
• Compromise of pre-rotated keys requires immediate rotation

Duplicity Attacks:

• Malicious controllers might create conflicting KEL versions
• Witnesses and watchers provide duplicity detection
• First-seen policies prevent retroactive attacks

Privacy Trade-offs:

• VIDs are pseudonymous but can be correlated across contexts
• Contextual linkability remains a challenge
• Contractually-protected disclosure provides legal safeguards

Quantum Resistance:

• Pre-rotation provides post-quantum security for future rotations
• Current keys remain vulnerable to quantum attacks
• Algorithm agility enables migration to quantum-resistant algorithms