KERI & vLEI Concepts

KAWA (KERI's Algorithm for Witness Agreement) is a Byzantine Fault Tolerant (BFT) consensus algorithm that enables distributed witnesses to reach verifiable agreement on the authoritative state of key events in a KEL, ensuring that control authority over an AID can be established without centralized coordination.

A specialized presentation exchange where the Discloser is the Issuer of the origin (Primary) ACDC in a directed acyclic graph (DAG) of chained ACDCs, enabling direct credential issuance from issuer to holder with optional alignment where the Disclosee MAY also be the origin ACDC's Issuee.

Multiplexing in CESR is the process of combining multiple self-framing cryptographic primitives into a single composite stream using count codes and group framing codes, enabling efficient parallel processing through pipelining while maintaining the ability to demultiplex (separate) the primitives back into individual components without loss.

vcp (verifiable data registry inception) is a KERI protocol operation code that denotes the inception event for creating a verifiable data registry (VDR) within the Transaction Event Log (TEL) system.

A rainbow table attack is a password-cracking method that uses precomputed lookup tables (rainbow tables) to reverse cryptographic hashes and recover original passwords from stolen hash databases, exploiting systems that store passwords as unsalted hashes.

Liveness is a property of concurrent and distributed systems guaranteeing that "something good will eventually occur" - the system continues to make progress despite processes competing for critical sections. KERI deliberately omits strict liveness guarantees in favor of safety, decentralization, and eventual consistency.

keride is a Rust programming language library implementation of the KERI (Key Event Receipt Infrastructure) protocol, providing foundational cryptographic primitives, CESR encoding/decoding, signing operations, prefixing, pathing, and parsing capabilities for building KERI-based applications.

Perfect security is a special case of information-theoretic security where ciphertext provides zero information about the encryption key, making cryptanalysis impossible regardless of computational resources. This represents the highest achievable cryptographic security level, exemplified by one-time pads and secret splitting schemes.

A schema registry is a centralized repository for managing credential schemas based on namespaces. In KERI/ACDC systems, Self-Addressing Identifiers (SAIDs) and verifiable data structures have eliminated the need for centrally controlled schema registries, enabling decentralized schema management through cryptographic self-addressing.

KRAM (KERI Request Authentication Method) is a non-interactive authentication protocol that provides replay attack protection by requiring all web client requests to include an ISO-8601 formatted timestamp that must fall within an acceptable time window relative to the server's current time, enabling scalable, path-independent end-to-end verifiability without challenge-response handshakes.

Parside is a CESR stream parsing component responsible for extracting and parsing groups of primitives from CESR streams using count codes and group codes, while delegating individual primitive parsing to Cesride.

A special Count Code in CESR that specifies the version of all CESR code tables to be used when parsing a given stream or stream section, enabling parsers to correctly interpret primitives according to the appropriate encoding specification.

A live attack is a security compromise in KERI that targets cryptographic keys currently in active use—either the current signing keys used for non-establishment events or the current pre-rotated keys needed to sign subsequent establishment events—representing an active threat to identifier control authority.

The authentic web is a vision of the internet as a unified verifiable data structure—a global directed acyclic graph where all data maintains cryptographic provenance through persistent signatures, enabling objective verification of origin and integrity without centralized authorities.

GEDA (GLEIF External Delegated AID) is a KERI Autonomic Identifier delegated from the GLEIF Root AID, used by GLEIF to manage its relationship with and authorize Qualified vLEI Issuers (QVIs) within the vLEI ecosystem.

I2I (Issuer-To-Issuee) is the default edge operator in ACDC credential chains that enforces a strict constraint: the issuer of a child credential MUST be the issuee (subject) of the parent credential it references, creating a direct chain of delegated authority.

Attributional trust is cryptographically verifiable proof that a specific entity made a particular statement or claim, established through KERI's self-certifying identifiers and key event logs without requiring trusted intermediaries.

A human-meaningful identifier (LID) that has been cryptographically legitimized through verifiable authorization within the trust domain of an Autonomic Identifier (AID), forming a secured identifier couplet expressed as aid|lid that unifies cryptographic security with human usability.

A trust model where an Autonomic Identifier (AID) serves as the cryptographic root-of-trust, establishing verifiable control authority through self-certifying identifiers and key event logs without requiring external consensus mechanisms or trusted third parties.

Custodial rotation is a KERI key management mechanism that splits control authority between signing authority (delegated to a custodial agent) and rotation authority (retained by the original controller), enabling secure operational delegation while maintaining ultimate control through the ability to unilaterally rotate keys.

A specialized [Transaction Event Log (TEL)](/concept/transaction-event-log) that signals the creation of a Virtual Credential Registry (VCR) and tracks the list of Registrars that act as [Backers](/concept/backer) for individual [VC TELs](/concept/virtual-credential-transaction-event-log), providing the governance and infrastructure layer for KERI-based credential registries.

Contingent disclosure is a privacy-preserving mechanism where only specific information or attributes are disclosed under defined conditions, enabling selective sharing of data such that only required information is revealed to a relying party without exposing unrelated or sensitive details.

A dead attack is an attack on an establishment event that occurs after the key-state for that event has become stale because a later establishment event has rotated both the signing keys and pre-rotated keys to new sets, rendering the attack ineffective due to the forward security properties of KERI's key rotation mechanism.

SKRAP (Signify-KERIA Request Authentication Protocol) is the authentication and communication protocol that defines how Signify clients establish delegated relationships with KERIA agent workers, enabling lightweight edge clients to control KERI AIDs through cloud-hosted agents while maintaining cryptographic security through cooperative delegation.