KERI & vLEI Concepts

In KERI, 'stable' refers to the state of cryptographic verifiability across a network where a particular identifier, event, or data set is consistent, fully verified, and cannot be contested within the KERI infrastructure.

A directed acyclic graph (DAG) is a mathematical structure consisting of vertices connected by directed edges with no cycles, meaning following edge directions never forms a closed loop. In KERI/ACDC, DAGs provide the foundational data structure for verifiable credential chains and proof-of-authorship graphs.

IPEX (Issuance and Presentation EXchange) is a KERI protocol that provides a unified mechanism for both issuing and presenting ACDC credentials by modeling both operations as disclosure events between a Discloser and Disclosee, where the difference lies in what information is disclosed rather than how disclosure occurs.

The **issuee** is the entity to which an ACDC credential is issued, identified by their AID (Autonomic Identifier) in the credential's attribute section. Unlike the mandatory issuer, the issuee is optional, enabling both targeted credentials (with a specific recipient) and untargeted credentials (bearer-style).

Percolated Information Discovery (PID) is a bootstrap discovery mechanism in the OOBI protocol that enables scalable, zero-trust discovery of KERI and ACDC resources through end-verifiable information propagation based on Invasion Percolation Theory, where each discoverer can share discoveries with subsequent discoverers without requiring trust in intermediaries.

A Key Event Receipt Log (KERL) is a verifiable append-only data structure that extends a Key Event Log (KEL) by incorporating all consistent key event receipt messages created by the associated set of witnesses, providing distributed consensus and duplicity detection capabilities for an Autonomic Identifier (AID).

Key compromise refers to the unauthorized access to or exposure of private cryptographic keys, or more broadly in KERI, the compromise of any of the three critical key management infrastructures: key pair creation and storage, event signing, or event signature verification.

Correlation is the ability to link different identifiers, credentials, or data points to the same entity through observable patterns, particularly when public keys are reused across contexts, enabling external parties to track relationships and behaviors that compromise privacy.

A version-string is the first field in any top-level KERI field map that specifies the protocol version, serialization format, and message size in a regex-parseable format, enabling self-framing behavior in serialization formats (JSON, CBOR, MGPK) that don't natively support it.

Base64 is a binary-to-text encoding scheme that represents binary data as sequences of 24 bits encoded as four 6-bit characters using a URL-safe alphabet (A-Z, a-z, 0-9, -, _), fundamental to CESR's text domain representation of cryptographic primitives.

Zero-trust computing is a security architecture based on the principle "never trust, always verify," requiring continuous cryptographic verification of all entities, data, and communications without relying on network location, prior authentication, or trusted intermediaries.

A graph-fragment is a verifiable data structure component consisting of one node property and one or two edge properties that forms an atomic unit within a larger directed acyclic graph (DAG), specifically implemented in ACDCs as labeled property graph fragments with cryptographically verifiable connections.

Transmission Control Protocol (TCP) is a connection-oriented transport layer protocol that provides reliable, ordered delivery of data streams between applications over IP networks, used by KERI infrastructure components for network communication between witnesses, watchers, controllers, and other protocol participants.

Cryptographic strength refers to the computational resistance of a cryptographic algorithm or primitive against attacks, typically measured in bits of entropy (e.g., 128 bits, 256 bits), indicating the number of operations required for successful brute-force compromise.

The minimum number or fractional weights of signatures from the current set of authoritative keys required to be attached to a Message for that Message to be considered fully signed in KERI.

A version-code is a unique identifier in CESR streams that specifies which version of the CESR code tables should be loaded for parsing, determining the table state and enabling version-specific interpretation of primitives and count codes.

A domain name is a string that identifies a realm of administrative autonomy, authority, or control within the Internet, used in networking contexts and for application-specific naming and addressing purposes.

A TCP endpoint is a network service endpoint using the Transmission Control Protocol (TCP) for communication, identified by an IP address and port number combination that enables reliable, connection-oriented data transmission between KERI infrastructure components.

A transferable identifier is a persistent identifier whose control authority can be transferred to new cryptographic keys through key rotation, enabling the identifier to maintain continuity despite changes in its controlling key pairs.

The KERI suite is the comprehensive set of inter-related protocols and technologies developed under the WebOfTrust GitHub organization, including KERI (Key Event Receipt Infrastructure), ACDC (Authentic Chained Data Containers), CESR (Composable Event Streaming Representation), OOBI (Out-of-Band Introduction), and IPEX (Issuance and Presentation Exchange), designed to provide a secure, decentralized identity and verifiable credential infrastructure.

Self-framing is an encoding property where each primitive contains type, size, and value information in a single atomic unit, enabling parsers to extract elements from a stream without external delimiters or schemas by reading only the beginning of each element.

A verifiable data registry (VDR) is a system that mediates the issuance and verification of ACDCs (Authentic Chained Data Containers) by maintaining cryptographically verifiable records of credential state, typically implemented as Transaction Event Logs (TELs) anchored to KERI Key Event Logs (KELs).

A trust domain is the ecosystem of interactions that rely on a specific trust basis—the cryptographic and logical bindings between controllers, identifiers, and key-pairs. It defines the scope within which cryptographically verifiable, non-repudiable statements can be made and verified.

The vLEI Ecosystem Governance Framework is the comprehensive set of authoritative policy documents published by GLEIF that establishes information trust policies, technical requirements, credential frameworks, and operational procedures governing the verifiable Legal Entity Identifier (vLEI) ecosystem built on KERI protocol infrastructure.