KERI & vLEI Concepts

A key event receipt is a cryptographic message structure in KERI consisting of a body that references a key event and attachments containing one or more witness signatures, providing distributed attestation that designated witnesses have observed and validated the referenced key event.

A shorthand notation in KERI's Transaction Event Log (TEL) representing 'vc revoke' (verifiable credential revoke), which is an operation that cryptographically revokes a previously issued verifiable credential by recording the revocation event in the TEL.

An authentic-data-container (ADC) is a mechanism for conveying data that allows the authenticity of its content to be cryptographically proved, serving as the foundational concept for ACDC (Authentic Chained Data Container) implementations that provide verifiable proof-of-authorship through self-addressing identifiers and digital signatures.

In KERI/ACDC, 'exp' (expose/exposition) is a message type that reveals previously sealed (encrypted or hidden) data, enabling selective disclosure of credential attributes or other cryptographically committed information.

Verification is the cryptographic process of determining the authenticity, integrity, and validity of digital objects (credentials, signatures, key states) using public keys and cryptographic proofs, enabling trust decisions without relying on intermediaries.

A top-level field map within an ACDC that provides properties or characteristics of an entity, either inherent or assigned, enabling verifiable claims about subjects through structured data representation.

A public hash-linked data structure of transactions that tracks state anchored to a Key Event Log (KEL), enabling transparent and verifiable tracking of credential lifecycle states (issuance/revocation) through cryptographically chained transaction events.

A digital signature scheme enabling multiple parties to collectively sign data, where signatures from a threshold-satisfying subset of authorized keys are required to validate operations on an identifier or credential.

Authority in KERI refers to cryptographically verifiable control over identifiers and the delegation of specific rights (signing authority, rotation authority, or proof-of-authority for credentials), established through key event logs rather than administrative hierarchies.

A duplicitous event log (DEL) is a verifiable data structure that records inconsistent event messages produced by a controller or witness with respect to a given Key Event Receipt Log (KERL), indexed to corresponding events in the KERL to provide cryptographic proof of duplicitous behavior.

A Designated Authorized Representative (DAR) is a representative of a Legal Entity who is formally authorized by that entity to act officially on its behalf within the vLEI ecosystem, with specific authority to authorize vLEI Issuer Qualification Program Checklists, execute the vLEI Issuer Qualification Agreement, and designate or replace Authorized vLEI Representatives (AVRs).

A namespace that is self-certifying and self-administrating, containing a self-certifying prefix that provides cryptographic verification of root control authority. All derived AIDs within the same autonomic namespace share the same root-of-trust, source-of-truth, and locus-of-control (RSL), with governance unified under the controller holding root authority.

In KERI/ACDC, validate refers to the process of evaluating whether data, credentials, or key event logs meet specific requirements for a particular use case, encompassing both cryptographic verification and policy-based assessment to determine fitness for purpose.

Duplicity in KERI refers to the existence of multiple, mutually inconsistent versions of a Key Event Log (KEL) for a single Autonomic Identifier (AID), where each version is internally consistent but externally inconsistent with other versions, creating provable evidence of controller misbehavior through non-repudiable signatures.

An instance of a KEL (Key Event Log) for an AID (Autonomic Identifier) in which at least one event is unique between two instances of the KEL, indicating different states or histories of the same identifier.

Self-managing computing systems that use algorithmic governance to operate autonomously without human intervention, featuring self-healing, self-configuring, and self-optimizing capabilities—a foundational concept from 1990s military research that influenced KERI's autonomic identifier design.

Loci-of-control refers to the separation of control authority in KERI between the controller's ability to promulgate authoritative key events (Key Event Promulgation Service) and the validator's independent ability to confirm those events (Key Event Confirmation Service), eliminating the need for shared governance over consensus infrastructure.

Certificate Transparency (CT) is an Internet security standard and open-source framework for monitoring and auditing digital certificates through public, append-only logs that record all certificates issued by publicly trusted certificate authorities, enabling efficient identification of mistakenly or maliciously issued certificates.

A schema in KERI/ACDC is a JSON Schema document that defines the structure, validation rules, and required fields for Authentic Chained Data Containers (ACDCs), identified by its SAID (Self-Addressing Identifier) to ensure immutability and cryptographic verifiability of credential structures.

A Foreign Function Interface (FFI) is a mechanism enabling programs written in one programming language (typically interpreted/scripted languages like Python or JavaScript) to call routines or utilize services written or compiled in another language (typically compiled languages like Rust or C), enabling cross-language interoperability for KERI/CESR implementations.

Duplicity detection is a cryptographic mechanism in KERI that identifies when a controller has created multiple conflicting versions of their Key Event Log (KEL) by comparing event logs across independent watchers and witnesses, making any attempt to present inconsistent key state histories cryptographically evident and verifiable.

The minimum required number of participants in an event needed to achieve a supermajority consensus, ensuring that one and only one agreement can be reached despite potentially faulty participants. Ample is a critical parameter in KERI's Agreement Algorithm for Control Establishment (KAACE) that establishes the threshold for witness consensus on key state.

A decentralized trust model used in PGP, GnuPG, and OpenPGP-compatible systems where participants establish the authenticity of public key-to-identity bindings through peer-to-peer validation and signature chains, creating a mesh network of trust relationships rather than relying on centralized certificate authorities.

A cryptographic string used as a primary input (seed) for creating key material for autonomic identifiers (AIDs) in KERI. The term was deliberately chosen to avoid conflicts with existing KERI terminology while maintaining semantic connection to seed-related concepts.