Structural Organization

The version-string follows a regex-parseable format that encodes multiple pieces of information in a compact representation. According to Document 13, ACDC version strings follow the pattern:

ACDCvvSSSShhhhhh_

Where:

• ACDC: Protocol identifier (4 characters)
• vv: Major and minor version numbers (2 characters)
• SSSS: Serialization kind code (4 characters)
• hhhhhh: Hexadecimal message size (6 characters)
• _: Terminator character

For KERI events, Document 11 shows version strings like KERI10JSON0000e6_, following a similar pattern:

KERIvvKKKKSSSSSS_

Where:

• KERI: Protocol identifier
• vv: Version number (e.g., "10" for version 1.0)
• KKKK: CESR genus version or kind
• SSSSSS: Serialization type and size
• _: Terminator

Key Components

The version-string contains several critical components:

Protocol Identifier: The leading characters ("KERI" or "ACDC") immediately identify which protocol specification governs the message structure. This allows parsers to load the appropriate validation rules and field definitions.

Version Numbers: The version component enables protocol evolution while maintaining backward compatibility. Parsers can determine whether they support a given version and handle version-specific features appropriately.

Serialization Kind: The serialization indicator tells parsers which codec to use for deserialization. Common values include:

• JSON: JavaScript Object Notation (text-based)
• CBOR: Concise Binary Object Representation (binary)
• MGPK: MessagePack (binary)

Size Information: The hexadecimal size field specifies the total byte count of the serialized message body. This is the critical component that enables self-framing behavior.

Terminator: The underscore character marks the end of the version-string, allowing parsers to distinguish it from the message body.

Data Format

Field Definitions

The version-string is always represented as a string type in the serialization format. In JSON, it appears as:

{
  "v": "ACDC10JSON00011c_",
  "d": "EAdXt3gIXOf2BBWNHdSXCJnFJL5OuQPyM5K0neuniccM",
  ...
}

The field label is consistently "v" across all KERI and ACDC structures. Document 37 confirms that the version string "must always appear first when present" in the field ordering.

Encoding Format

The version-string uses ASCII-compatible characters exclusively, ensuring it can be parsed in both text and binary serialization formats without encoding ambiguity. The components are encoded as:

Protocol and Version: Plain ASCII text (e.g., "KERI10", "ACDC10")

Serialization Kind: ASCII text codes:

• "JSON" for JSON serialization
• "CBOR" for CBOR serialization
• "MGPK" for MessagePack serialization

Size Field: Hexadecimal ASCII digits (0-9, a-f) representing the byte count. The use of hexadecimal allows compact representation of large sizes while maintaining ASCII compatibility.

Terminator: The underscore character "_" provides an unambiguous end marker.

Size and Constraints

The version-string has a fixed length determined by its format specification. For ACDC version strings following the ACDCvvSSSShhhhhh_ pattern:

• Total length: 17 characters
• Protocol identifier: 4 characters
• Version: 2 characters
• Serialization: 4 characters
• Size: 6 hexadecimal characters (supports messages up to 16,777,215 bytes)
• Terminator: 1 character

For KERI version strings, the length varies based on the specific format but follows similar principles. Document 25 shows examples like KERI10JSON000188_ with 18 characters.

The size field constraint is particularly important. With 6 hexadecimal digits, the maximum representable size is 0xFFFFFF = 16,777,215 bytes (approximately 16 MB). This is sufficient for most KERI events and ACDC credentials while maintaining a compact version-string.

Operations

Creation and Initialization

Creating a version-string involves several steps:

1. Determine Protocol and Version: Select the appropriate protocol identifier (KERI or ACDC) and version number based on the message type being created.

2. Choose Serialization Format: Select JSON, CBOR, or MGPK based on the use case:

• JSON for human-readable debugging and development
• CBOR or MGPK for compact binary transmission

3. Serialize Message Body: Serialize the complete message structure (excluding the version-string itself) using the chosen format.

4. Calculate Size: Compute the byte length of the serialized message body. This must be the exact byte count, not character count.

5. Format Size as Hexadecimal: Convert the byte count to hexadecimal and pad with leading zeros to the required width (typically 6 digits).

6. Construct Version-String: Concatenate all components in the specified order with the terminator.

7. Prepend to Message: Add the version-string as the first field in the serialized structure.

Document 13 emphasizes that the version-string must be computed over the compact serialization (no whitespace) to ensure consistent size calculation.

Updates and Modifications

The version-string is immutable once a message is created. Any modification to the message body requires:

1. Reserialize: Serialize the modified message body

2. Recalculate Size: Compute the new byte length

3. Regenerate Version-String: Create a new version-string with the updated size

4. Replace: Substitute the new version-string for the old one

This immutability is critical for maintaining message integrity. In ACDC structures that use SAIDs, modifying the message body would invalidate the SAID, requiring recomputation of the entire cryptographic commitment chain.

Verification and Validation

Parsers must validate version-strings to ensure message integrity:

Format Validation:

• Verify the version-string matches the expected regex pattern
• Confirm the protocol identifier is recognized
• Check that the version number is supported
• Validate the serialization kind is known

Size Verification:

• Parse the hexadecimal size field
• Read exactly that many bytes from the stream
• Verify the deserialized structure is complete
• Detect truncated or oversized messages

Protocol Compliance:

• Ensure the version-string appears as the first field
• Verify field ordering matches the protocol specification
• Check that required fields for the specified version are present

Document 6 describes how the sniffer component uses regex matching to locate version-strings in mixed-format streams, extracting the length information to determine message boundaries.

Usage Context

In Which Protocols

The version-string appears in multiple KERI ecosystem protocols:

KERI Key Event Messages: All key events (inception, rotation, interaction) include version-strings. Document 43 shows examples:

{"v":"KERI10JSON0000e6_","t":"icp","d":"EH7Oq9oxCgYa-nnNLvwhp9sFZpALILlRYyB-6n4WDi7w",...}

ACDC Credentials: All ACDC variants (compact, full, public, private) include version-strings. Document 29 demonstrates:

{"v":"ACDC10JSON00011c_","d":"EAdXt3gIXOf2BBWNHdSXCJnFJL5OuQPyM5K0neuniccM",...}

IPEX Messages: Issuance and Presentation Exchange protocol messages use version-strings. Document 12 shows IPEX exchange messages include version-strings in their structure.

TEL Events: Transaction Event Log events for credential registries include version-strings for self-framing.

Lifecycle Management

The version-string participates in the complete message lifecycle:

Creation Phase: Generated during message construction as described above.

Transmission Phase: The version-string enables stream processing. Document 5 explains how Parside uses version-strings to parse streams:

1. The sniffer detects the serialization format
2. Regex extracts the version-string
3. The size field determines message boundaries
4. The parser extracts exactly that many bytes
5. Processing resumes with the next message

This enables pipelined processing of concatenated messages without delimiters.

Reception Phase: Receivers validate the version-string to ensure:

• Protocol compatibility
• Supported serialization format
• Complete message reception

Archival Phase: Version-strings enable format migration. Archives can identify message formats and versions, facilitating conversion to newer formats while preserving semantic content.

Related Structures

The version-string interacts with several related KERI/ACDC structures:

Version Code: Document 7 distinguishes version-code from version-string. The version-code is a CESR count code that specifies which CESR code tables are active in a stream section. The version-string, by contrast, is a field within a message that describes that specific message's format.

CESR Primitives: Version-strings enable non-CESR formats (JSON, CBOR, MGPK) to achieve self-framing properties required for CESR composability. Document 4 explains that CESR primitives are inherently self-framing, but JSON/CBOR/MGPK require version-strings to achieve this property.

Field Maps: The version-string is always the first field in field-maps. Document 37 establishes the normative field ordering with v first, followed by t (type), d (SAID), and other fields.

SAIDs: In structures using SAIDs, the version-string is included in the SAID computation. Document 13 specifies that the SAID is computed over the entire serialized structure including the version-string, binding the format metadata cryptographically to the content.

Implementation Considerations

Parser Design

Implementing version-string parsing requires careful attention to several details:

Regex Patterns: Parsers should use robust regex patterns that match the expected format while rejecting malformed version-strings. The pattern should capture all components for validation.

Size Handling: The hexadecimal size field must be parsed correctly:

• Convert hex string to integer
• Handle leading zeros properly
• Validate the size is within acceptable bounds
• Allocate appropriate buffer space

Stream Positioning: After reading the version-string and message body, the parser must position the stream pointer correctly for the next message. Off-by-one errors can cause catastrophic parsing failures.

Serialization Format Selection

Choosing the appropriate serialization format involves trade-offs:

JSON:

• Advantages: Human-readable, widely supported, easy debugging
• Disadvantages: Verbose, slower parsing, larger message size
• Use Cases: Development, debugging, human inspection, text-based protocols

CBOR:

• Advantages: Compact binary, efficient parsing, standardized (RFC 8949)
• Disadvantages: Not human-readable, requires specialized tools
• Use Cases: Production systems, bandwidth-constrained networks, high-performance applications

MessagePack (MGPK):

• Advantages: Very compact, fast parsing, good library support
• Disadvantages: Not human-readable, less standardized than CBOR
• Use Cases: High-throughput systems, embedded devices, real-time applications

Document 15 emphasizes that CESR's composability property enables zero-cost switching between text and binary formats, allowing developers to use JSON during development and switch to CBOR/MGPK for production without code changes.

Version Migration

As protocols evolve, version-strings enable graceful migration:

Backward Compatibility: Parsers should support multiple version numbers, allowing older messages to be processed alongside newer ones.

Forward Compatibility: When encountering unknown versions, parsers should fail gracefully with informative error messages rather than crashing or producing incorrect results.

Version Negotiation: In interactive protocols, parties can exchange version-strings to negotiate a mutually supported version before beginning substantive communication.

Error Handling

Robust implementations must handle various error conditions:

Malformed Version-Strings: Detect and reject version-strings that don't match the expected format.

Unsupported Versions: Gracefully handle version numbers that aren't supported by the implementation.

Size Mismatches: Detect when the actual message size doesn't match the size field in the version-string, indicating truncation or corruption.

Serialization Errors: Handle cases where the message body can't be deserialized using the indicated format.

Security Implications

Attack Surface

The version-string represents a potential attack surface:

Size Field Attacks: Malicious actors could craft version-strings with incorrect size fields to cause:

• Buffer overflows (size too large)
• Incomplete parsing (size too small)
• Denial of service (extremely large sizes)

Implementations must validate size fields against reasonable bounds and available resources.

Format Confusion: Attackers might specify one serialization format in the version-string but provide data in a different format, potentially exploiting parser vulnerabilities.

Version Downgrade: In protocols that support multiple versions, attackers might force use of older, less secure versions through version-string manipulation.

Integrity Protection

In ACDC structures, the version-string is protected by the SAID mechanism. Any tampering with the version-string invalidates the SAID, making the attack detectable. However, in contexts where SAIDs aren't used, additional integrity protection (signatures, MACs) may be necessary.

Performance Optimization

Parsing Efficiency

Version-string parsing is on the critical path for message processing. Optimizations include:

Compiled Regex: Pre-compile regex patterns rather than compiling on each parse.

Direct Parsing: For performance-critical code, consider hand-written parsers that directly extract components without regex overhead.

Caching: Cache parsed version-string components when processing multiple messages with the same format.

Zero-Copy: Design parsers to avoid copying the message body, using the size field to create views into the original buffer.

Size Calculation

Computing the size field efficiently is important for message generation:

Streaming Serialization: Some serialization libraries support streaming output, allowing size calculation during serialization rather than requiring a separate pass.

Size Estimation: For formats with predictable size characteristics, estimate the size and allocate buffers accordingly, adjusting if the estimate is incorrect.

Incremental Updates: When modifying messages, track size changes incrementally rather than reserializing the entire structure.

Ecosystem Integration

The version-string is a foundational element that enables interoperability across the KERI ecosystem:

Multi-Language Implementations: Version-strings provide a language-agnostic format specification, enabling implementations in Python (keripy), Rust (keriox), JavaScript/TypeScript (signify-ts), and other languages to interoperate seamlessly.

Protocol Layering: Version-strings enable clean protocol layering. KERI events can be embedded in ACDC credentials, which can be embedded in IPEX messages, with each layer having its own version-string for independent evolution.

Tooling: Version-strings enable generic tooling that can inspect, validate, and transform KERI/ACDC messages without protocol-specific knowledge, simply by parsing the version-string to determine format and structure.

The version-string, despite its apparent simplicity, is a critical architectural element that enables the KERI ecosystem's composability, interoperability, and evolvability.

Security Considerations

1. Size Field Attacks: Validate size fields against maximum message sizes and available memory. Reject unreasonably large sizes before allocation.

2. Format Confusion: Verify that the message body actually uses the serialization format specified in the version-string. Don't blindly trust the format indicator.

3. Version Downgrade: In protocols supporting multiple versions, implement version negotiation carefully to prevent downgrade attacks.

4. Integrity Protection: In contexts without SAID protection, consider additional integrity mechanisms (signatures, MACs) to protect version-strings from tampering.

Performance Optimization

1. Compiled Regex: Pre-compile regex patterns at initialization rather than compiling on each parse operation.

2. Zero-Copy Parsing: Design parsers to create views into the original buffer rather than copying message bodies when possible.

3. Streaming Serialization: Use serialization libraries that support streaming output to calculate sizes during serialization rather than requiring separate passes.

4. Buffer Pooling: Reuse allocated buffers across multiple message parsing operations to reduce allocation overhead.

Testing Requirements

1. Format Validation: Test parsing of valid and invalid version-strings, including edge cases like maximum sizes and boundary conditions.

2. Size Accuracy: Verify that generated version-strings contain accurate size fields by deserializing and measuring the result.

3. Stream Processing: Test parsing of concatenated messages with various sizes and formats to ensure correct boundary detection.

4. Error Conditions: Test error handling for truncated messages, oversized messages, and format mismatches.

5. Cross-Format: Test round-trip conversion between JSON, CBOR, and MessagePack to verify format-independent semantics.

Library Integration

When integrating with existing KERI/ACDC libraries:

1. keripy (Python): Use the built-in serialization functions that automatically generate correct version-strings.

2. signify-ts (TypeScript): Follow the patterns in the vLEI training examples for credential creation with proper version-strings.

3. keriox (Rust): Use the SAID derive macro which handles version-string generation automatically when the version attribute is specified.

4. Custom Implementations: Study the reference implementations to understand subtle details like field ordering and size calculation edge cases.