Key Event Receipt Infrastructure (KERI)

Key Event Receipt Infrastructure (KERI) is a protocol for establishing and maintaining self-certifying identifiers (SCIDs) and decentralized key management. It enables entities—people, organizations, or devices—to generate their own globally unique identifiers using cryptographic key pairs, where the identifier is a direct cryptographic digest of the public key. The core innovation is its independence from any specific blockchain or consensus mechanism, instead using a witness-based receipting model to provide cryptographic proof of the integrity and sequence of key management events.

The protocol operates through a series of signed Key Event Logs (KELs). A KEL is a tamper-evident record of all key management events for an identifier, such as creation, rotation, or delegation. To establish trust without a central ledger, KERI employs witnesses—trusted entities that observe and cryptographically sign (provide a receipt for) each event in the KEL. This creates a Key Event Receipt Log (KERL), a collection of receipts that allows any verifier to independently audit the entire history and confirm the current valid keys for an identifier, achieving a form of distributed consensus on state.

KERI's architecture provides several key advantages. Its ledger-agnostic design avoids lock-in to any single blockchain platform. It supports cryptographic agility, allowing for the migration to new quantum-resistant algorithms. The protocol also enables privacy-preserving interactions through non-transferable identifiers and selective disclosure. These features make KERI a foundational layer for Decentralized Identity (DID) systems, verifiable credentials, and secure, portable digital relationships across different ecosystems.

A primary use case is implementing the W3C Decentralized Identifiers (DIDs) specification. KERI provides a concrete method for fulfilling the DID Core requirements of persistence, resolvability, and cryptographic verifiability. For example, a KERI-based DID allows a user to rotate their compromised private key by publishing a new key event to their KEL, with witnesses providing receipts. Any verifier can then resolve the DID, audit the KEL and KERL, and cryptographically verify that the new key is authoritative, all without querying a universal ledger.

The development of KERI is closely associated with the Trust over IP (ToIP) Foundation and its Decentralized Key Management (DKMS) specification. It represents a shift from ledger-centric trust models to a cryptographic receipt-based trust model. By separating the mechanism for proving control of an identifier from the mechanism for proving the history of that control, KERI aims to create a more scalable, secure, and interoperable foundation for the future of digital trust on the internet.

KERI operates through a cryptographically verifiable log of key events that document the complete lifecycle of a decentralized identifier (DID). The core mechanism involves the identifier's controller signing a sequence of events—starting with an inception event that establishes the initial public key—and broadcasting them to a set of chosen witnesses. These witnesses, which can be any reliable entity, provide receipts by countersigning the events, creating a distributed consensus on the identifier's state without a global consensus layer. This process creates a verifiable data structure that anyone can audit.

The protocol's security is anchored in pre-rotation. Before a current key is compromised or needs to be changed, the controller pre-authorizes the next key in a rotation event. This event is signed by the current key and disseminated to witnesses. Because the new key's hash was committed in the previous event, the transition is cryptographically chained and verifiable. This prevents hostile takeovers and ensures cryptographic continuity, meaning the identifier remains stable even as its controlling keys change over time.

A critical innovation is the use of a self-addressing identifier (SAID), where the identifier itself is a cryptographic hash of the inception event. This makes every identifier self-certifying; its provenance and initial state are proven by its own name. All subsequent events reference prior events by their SAIDs, creating an immutable, hash-linked chain. This design allows any verifier to reconstruct the entire key history from a trusted copy of the event log, enabling portable control and verification entirely off-chain.

KERI supports multiple witness configurations for different trust models, from a single witness for personal use to a robust, decentralized quorum. Witnesses do not need to know each other or run the same software; they only need to follow the protocol for signing receipts. This separation of the consensus layer (witness receipting) from the application layer (using the identifier) provides unparalleled flexibility. The system achieves sufficient consensus for key event validity, which is a lighter, more scalable requirement than the total ordering needed for transaction consensus in blockchains.

In practice, to verify a signature or an identifier's current key, a verifier obtains the relevant key event log and the associated witness receipts. By checking the cryptographic signatures on the event chain and validating that a sufficient threshold of witnesses has receipted each event, the verifier can independently confirm the authoritative current key without querying a central registry. This mechanism enables truly decentralized digital trust for applications like secure messaging, verifiable credentials, and decentralized autonomous organizations (DAOs).

The term Key Event Receipt Infrastructure (KERI) is a compound noun that precisely describes its core architectural principle. Key Event refers to any cryptographic state change—such as key rotation or delegation—that is immutably logged. Receipt signifies the cryptographic proof, generated by verifiers (witnesses), that the event was seen and its integrity can be verified. Infrastructure denotes the underlying protocol suite that provides the framework for managing these self-certifying identifiers and their associated event logs, independent of any specific distributed ledger.

KERI was conceived by Samuel M. Smith, Ph.D., as a foundational layer for decentralized identity, emerging from research into the limitations of blockchain-based identifiers like those in Decentralized Identifiers (DIDs). Its design philosophy is rooted in the principle of cryptographic autonomy, where control and verification are entirely key-based, eliminating dependency on external consensus mechanisms or ledgers for identifier provenance. This origin positions KERI not as a competitor to blockchains, but as a complementary, more minimalistic base layer for portable, self-sovereign identity.

The protocol's conceptual lineage draws from secure cryptographic engineering and database journaling techniques. Its event-sourcing model, where the current state is derived from a verifiable log of all prior key events, mirrors principles from cryptographic verifiable data structures. This design ensures cryptographic agility, allowing the underlying algorithms to be upgraded without breaking the identifier itself, a critical feature for long-lived digital entities in a post-quantum computing future.