KERI & vLEI Concepts

vrt is an abbreviation for 'verifiable data registry rotation' - a KERI operation code that performs rotation operations on verifiable data registries (VDRs), which are systems that mediate the issuance and verification of ACDCs.

A hardware security device that provides cryptographic functions including key generation, secure key storage, and platform integrity attestation through hardware-based isolation, available as a physical chip, firmware module, or virtual device.

A Key State Notice (ksn) is a KERI message type that communicates the current authoritative key state of an Autonomic Identifier (AID), derived by walking the Key Event Log (KEL) to determine the current set of signing keys, pre-rotated key commitments, witness configuration, and other control authority parameters at a specific sequence number.

JOSE (JavaScript Object Signing and Encryption) is a framework providing standardized methods for securely transferring claims between parties through a collection of specifications including JWK (JSON Web Key) and JWT (JSON Web Token).

Information-theoretic security (ITPS) represents the highest achievable level of cryptographic security for protecting cryptographic secrets (seeds, salts, private keys), where security is provable based on information theory rather than computational assumptions, meaning it cannot be broken algorithmically regardless of available computational power, including quantum computers.

A KERI event stream is a verifiable stream of KERI data consisting of a [Key Event Log (KEL)](/concept/kel) and optionally a [Transaction Event Log (TEL)](/concept/tel), serialized using [CESR](/concept/cesr) encoding and stored in files or transmitted over networks as CESR stream resources.

Proof-of-authority is cryptographic evidence that an entity possesses specific rights, permissions, or authorizations over data, distinct from proof-of-authorship which establishes original creation. In KERI/ACDC systems, proof-of-authority enables verifiable delegation chains, credentials, and authorization transfers through chained data structures.

Full disclosure is a [graduated disclosure](/concept/graduated-disclosure) mechanism in [ACDC](/concept/acdc) systems that reveals complete detailed information of previously compact or partially disclosed field maps, with context-dependent meaning: in [selective disclosure](/concept/selective-disclosure) it means detailed disclosure of the selectively disclosed attributes (not all selectively disclosable attributes), while in [partial disclosure](/concept/partial-disclosure) it means detailed disclosure of the field map that was previously only partially disclosed.

A compact variant is a compressed representation of an [ACDC](/concept/acdc) where top-level section fields contain either the [SAID](/concept/said) (Self-Addressing Identifier) of associated sections or the full [SAD](/concept/self-addressed-data) (Self-Addressed Data), enabling graduated disclosure while maintaining cryptographic commitment to all variants through the issuer's signature.

Hierarchical composition is an encoding protocol property enabling [CESR](/concept/cesr) streams to be organized in nested, tree-like structures through [count codes](/concept/count-code) and [group framing codes](/concept/group-framing-code), facilitating [pipelining](/concept/pipelining) operations ([multiplexing](/concept/multiplexing) and de-multiplexing) of complex data streams in both text and compact binary formats for scalable management of high-bandwidth applications.

A diger is a CESR primitive that represents a cryptographic digest (hash) with the ability to verify that a given input hashes to its stored raw value, providing cryptographic commitment and content-addressable identification in KERI systems.

XBRL (eXtensible Business Reporting Language) is an open international standard for digital business reporting managed by XBRL International, providing a standardized XML-based language for authoritatively defining and exchanging financial, compliance, and business report data in a rapid, accurate, and digital manner.

Reputational trust is trust established through third-party identity assurance processes performed by trusted intermediaries who verify identities and vouch for entities based on their institutional authority and reputation, complementing KERI's cryptographic attributional trust.

A verfer is a CESR primitive that represents a public key and provides the capability to verify digital signatures on data. It is one of the fundamental cryptographic building blocks in KERI implementations.

A salter is a CESR cryptographic primitive that represents a seed value and provides the capability to generate new Signer primitives (private keys) through deterministic key derivation, serving as the foundational entropy source for creating autonomic identifiers in KERI.

Lead bytes are zero-value bytes prepended to raw binary data before Base64 conversion in CESR encoding to achieve 24-bit boundary alignment, distinct from post-conversion pad characters.

A nested hierarchical delegation architecture in KERI where each layer of delegated identifiers wraps the next higher layer with compromise recovery protection, maintaining root-layer security properties throughout the entire delegation tree even when leaf nodes employ less secure key management methods.

A custodial agent is an agent owned by an individual who has granted signing authority to a custodian (typically also the host of the agent software), while retaining exclusive rotation authority through KERI's partial rotation mechanism, enabling the owner to unilaterally revoke the custodian's privileges without requiring cooperation.

Pre-pad is the action and result of prepending a string with leading pad characters (typically zero bytes) to align data to a specific length in bits or bytes, used in CESR encoding to achieve 24-bit boundary alignment before Base64 conversion.

DND (Do Not Delegate) is a boolean flag/attribute associated with an AID (Autonomic Identifier) in KERI that controls whether the identifier has the capability to perform delegation operations. The default setting is permissive (delegation allowed).

A non-fungible token (NFT) is a uniquely identifiable digital asset recorded on a blockchain, representing ownership of digital or physical items. From KERI's perspective, NFTs exhibit fundamental architectural flaws in security, transferability, and monetization that can be addressed through KERI identifiers and ACDC veracity claims.

Percolated discovery is a zero-trust information discovery mechanism based on Invasion Percolation Theory that enables scalable, non-interactive discovery of KERI/ACDC infrastructure endpoints through cryptographically end-verifiable information sharing, where each discoverer can transitively share discoveries without requiring trust in intermediaries or the percolation mechanism itself.

A quadlet is a fundamental encoding unit in CESR consisting of a group of 4 Base64 characters in the Text domain (T), equivalently represented as 3 bytes (a triplet) in the Binary domain (B), used to define variable-size primitives while maintaining 24-bit boundary alignment for composability.

In identifier systems, univalent means having a unique and non-ambiguous identifier for each entity, establishing a one-to-one correspondence. In KERI key management, it refers to an infrastructure where key-pair generation/storage and event signing facilities are co-located and share protection mechanisms.