Hash-based checksums: Computing cryptographic hashes of data enables detection of modifications, but requires storing or transmitting the original hash through a separate trusted channel.

Digital signatures: Public key cryptography enables verification that data originated from a specific source and hasn't been modified, but traditional implementations often separate the signature from the data structure itself.

Merkle trees: Hierarchical hash structures enable efficient verification of large datasets, but typically require external storage of root hashes and verification paths.

These traditional approaches share common limitations:

• Dependency on external reference data or trusted channels
• Separation between data and its integrity proofs
• Inability to verify integrity independently at any point in time
• Storage and transmission overhead for integrity metadata

KERI's Approach

KERI implements verified integrity through three complementary mechanisms across its protocol stack, each addressing different aspects of the verification challenge.

KERI Protocol: Internal Consistency and Duplicity Detection

At the protocol level, verified integrity is achieved through two fundamental properties of Key Event Logs (KELs) and Transaction Event Logs (TELs):

Internal consistency: Each event in a KEL cryptographically commits to the previous event through hash chaining, creating a tamper-evident append-only log. The inception event establishes the initial key state, and subsequent establishment events and interaction events maintain cryptographic continuity. Any attempt to modify historical events breaks the hash chain, making tampering immediately detectable.

Duplicity detection: KERI's witness infrastructure enables detection of conflicting versions of event logs. When a controller attempts to create multiple inconsistent versions of their KEL (duplicitous behavior), witnesses and watchers can detect this through comparison of signed events. The KAACE (KERI's Agreement Algorithm for Control Establishment) consensus mechanism ensures that duplicity becomes evident to validators.

This dual approach—internal consistency within a single log and duplicity detection across distributed copies—provides comprehensive verified integrity for identifier control authority.

ACDC: Self-Addressing Identifiers

Authentic Chained Data Containers (ACDCs) implement verified integrity through Self-Addressing Identifiers (SAIDs). A SAID is simultaneously:

• The cryptographic hash (digest) of the data container's content
• A field within that same data container

This self-referential design creates "verified integrity at all times by design." The SAID serves as both identifier and integrity proof—any modification to the ACDC's content would require recomputing the SAID, which would then no longer match the original identifier. This makes tampering not just detectable but impossible without changing the identifier itself.

The SAID mechanism provides several advantages:

• Immediate verification: Computing the hash of received data and comparing to the embedded SAID instantly confirms integrity
• No external dependencies: Verification requires only the data itself and standard hash functions
• Composability: SAIDs can be nested, enabling verification of complex data structures
• Compact representation: A single SAID can represent and verify an entire data structure

CESR: Composability as Integrity Proof

Composable Event Streaming Representation (CESR) achieves verified integrity through a unique property: round-robin composability. CESR primitives can be converted between text and binary representations without loss of information.

The verification mechanism is elegant: if data can successfully toggle between text and binary domains and back again, this transformation itself proves integrity. The ability to compose and decompose data across domains demonstrates that:

• The data structure is well-formed according to CESR specifications
• No information has been lost or corrupted
• The encoding/decoding process maintains consistency

CESR's code tables define precise encoding rules for cryptographic primitives. Successful parsing and domain conversion proves that data conforms to these specifications, providing verified integrity for streaming data without requiring comparison to reference versions.

Complementary Integrity Verification

KERI implements complementary integrity verification—a mechanism that verifies integrity independently without requiring access to previous data instances. This is achieved through public key cryptography from the data controller.

For example, once a KEL has been verified back to its root-of-trust at a specific point in time, that verified portion (the "tail") no longer requires re-verification. Future integrity checks can proceed from the established checkpoint rather than re-verifying the entire history. This enables:

• Storage efficiency: Verified log segments can be pruned
• Performance optimization: Eliminates redundant verification of historical events
• Scalability: Reduces computational overhead for long-lived identifiers

Practical Implications

Use Cases

Credential verification: When a verifier receives an ACDC credential, they can immediately verify its integrity by computing the SAID and comparing to the embedded identifier. No need to contact the issuer or access a registry—the credential itself contains its integrity proof.

Event log validation: Validators receiving a KEL can verify its internal consistency by checking hash chains and signatures. If witnesses have signed events, the validator can detect any duplicitous behavior by the controller without trusting any single witness.

Streaming data integrity: Systems processing CESR-encoded event streams can verify integrity continuously by testing composability. Successful parsing and domain conversion proves data integrity in real-time.

Distributed consensus: KERI's witness pools use verified integrity mechanisms to reach agreement on key state without requiring a blockchain or central authority. The combination of internal consistency and duplicity detection enables Byzantine fault-tolerant consensus.

Benefits

Trustless verification: Verified integrity eliminates the need to trust intermediaries or infrastructure providers. Cryptographic proofs enable anyone to verify data integrity independently.

Efficiency: Complementary integrity verification reduces storage and computational requirements by eliminating redundant verification of historical data.

Ambient verifiability: The self-contained nature of KERI's integrity mechanisms enables ambient verifiability—anyone, anywhere, at any time can verify data integrity.

Composability: Verified integrity mechanisms work across different protocol layers (KERI, ACDC, CESR) and can be composed to verify complex data structures.

Scalability: The ability to prune verified log segments and avoid redundant verification enables KERI systems to scale to large numbers of identifiers and long operational lifetimes.

Trade-offs

Narrow scope: KERI's verified integrity focuses exclusively on cryptographic properties. It does not address semantic correctness, business logic validation, or content veracity. Systems must implement separate mechanisms for these concerns.

Computational requirements: Cryptographic verification requires computation—hashing, signature verification, and in some cases, verification of multiple witness signatures. While efficient, this is not zero-cost.

Complexity: Understanding and correctly implementing verified integrity mechanisms requires cryptographic expertise. The self-referential nature of SAIDs and the composability requirements of CESR add conceptual complexity.

Limited to structured data: Verified integrity mechanisms work with structured data formats (event logs, JSON-based ACDCs, CESR primitives). Unstructured data requires additional wrapping or transformation.

No protection against authorized modification: Verified integrity detects unauthorized tampering but cannot prevent a legitimate controller from modifying their own data. Systems requiring immutability must implement additional controls (such as non-transferable identifiers or external anchoring).

The fundamental trade-off is between the narrow, technical focus of verified integrity (which enables objective, automatable verification) and the broader concerns of data quality, semantic correctness, and business logic validation (which require contextual judgment and cannot be fully automated through cryptography alone).

Systems should log verification failures with sufficient detail for forensic analysis while avoiding information leakage that could aid attackers.