THIS IS UNDER CONSTRUCTION Would you like to contribute? Join us at the Concepts, Terms and Edu bi-weekly Zoom session
This concepts page explains the main design objectives of KERI and ACDC, which results in a scope (or context) and links them to
- the things we've designed (whitepapers, technical designs)
- the things we've created (repos and code)
- the terminology we use.
To be better and quicker understood. It's a way to anchor our language and the words we use to our objectives. This pages shares and exchanges our criteria to why and in which situation something is important to us.
The ultimate goal is to make sense in the perception of respectively the newbie -, the advanced - and the advanced identity expert.
We'll not try to reach out to laymen.
A static site generated on Github, that uses resources all over the web and can be commented on.
Also a howto will be written along side to inform contributors how to add, link and amend resources.
The intention is to have resources (glossaries, videos, etc.) and howtos available continuously. It'll hopefully improve over time. The resulting static WebofTrust-site is already here: https://weboftrust.github.io/WOT-terms/ and will be automatically generated with Github Actions. All intermediate results are also directly available:
- resources
- howtos
- Glossaries: TrustoverIP/ACDC and eSSIF-lab
The Mental Model of KERI suite gives the frame of reference for our concepts below.
We reuse and reorganise as much as possible, using open source tools.
Contributions welcome!
Concepts use existing terms (which could create confusion) and introduces new terminology. It's aimed at identity experts in general and Self-Sovereign Identity experts specifically.
We explain the terminology at various levels of understanding, and also our criteria how we judge certain terms to be defined for the sake of KERI / ACDC. E.g. multisignatures, validators and verifiers. What are they exactly?
Understanding could vary in different domains and use-cases (e.g. a controller in finance is quite different from a controller of an identifier). We need to be sure that sender and recipient are talking about "the same thing".
KERI is a new development. ACDC is build on top of KERI; so it's new too. Inevitably, new terminology has surfaced in the design of KERI and ACDC. In this concepts page we try to explain related terms in a few levels of understanding. We've used analogies and symbols to clear up complex and intangible concepts for those new to KERI / ACDC and even for those experts that we consider being 'advanced'. The ultimate goal is to try to make sense in the perception of respectively the newbie - and the advanced identity expert.
- existance and persistance
- access and transparency
- privacy - consent to use
- confidentiality - minimal disclosure
- commitment en compliance to rules - signature
- freedom of speech and movement - inception of AIDs, rotation
- self-sovereignty - delegation and revocation
- Protection – users’ rights, censorship-resistant
KERI came to be in occasional happenings, online and in-person, in which individuals voluntarily participated. It has no members, and no dues. This is how the KERI community strives to further work.
Manifestation: KERI has found the IETF as a home. This is because its value statement and organizational principles strongly resonate with KERI.
The KERI team maintains the following rules of thumb for all the repos in the WoT project:
- 'outgoing == incoming' policy (Read more)
- No restrictions more stringent than Apache2 (No poisoning)
- comprehensive licensing
- No splitting contributions between different licenses
- Possible to have less restrictive outgoing than incoming ( Read more )
All the repos in the WoT project where the KERI code and related standards reside, have a 'outgoing == incoming' policy. This means that someones use (outgoing) of a contribution (incoming) is on the same basis or license.
Prevent contributions to the code from being poisoned by other contributions that have a different i.e. more restrictive outgoing license, because once contributed there is no way to separate contributions.
Example: IETF requires that IETF spec language be contributed under BSD not Apache2. But BSD is no less restrictive than Apache2 for outgoing so it does not poison the apache2 contributions. A consumer can consume under apache2 or via IETF through BSD. BSD is no more restrictive than Apache2. The license for the IETF spec repos in WoT include the BSD outgoing in addition to Apache2 for this reason.
or have multiple outgoing licenses that are of the same or less level of restriction but with different names because some consumers want to consume (outgoing) under a different license.
Manifestation:
Apache2 license default
Need: Fix the limitations of the original PKI-based WebofTrust. Goal: Achieve a truly decentralized trust spanning layer for the Internet; (see Hourglass Model)
Manifestation:
security - maximum coverage (extensible prefixes) - no middle men - portability
We only have one set of tools for truly secure data control! Cryptographic one-way functions! source
Self-contained data - Self addressing identifier - self proving data blocks - provable consistency - signed commitments by controllers of the identifiers
All designs accommodate for the foreseeable future in terms of size and number of types or variations.
Example in CSER:
The design aesthetic is based on the understanding that there is a minimally sufficient cryptographic strength and more cryptographic strength is just wasting computation and bandwidth. The accepted minimum for cryptographic strength is 128 bits of entropy or equivalently 2**128 (2 raised to the 128th power) brute force trials. Source IETF Draft CESR
See the features here : https://github.com/trustoverip/acdc/wiki/transfer-off-ledger
"The point is to be used, not to use the latest, coolest technique that is also very difficult to implement properly. That's the principle of KERI: solve a problem in the real world with the minimum techniques needed. The dumber the technology, but still sufficient to solve the problem, the better. 'Dumb technology' is freely available, understandable to everyone and easy to implement. In our case: just hashes and digital signatures." Source: Sam Smith 2022
Samuel Smith about English Semantic Naming:
- English has operators and has 6M words. Operators can be used to create valid words that are not in the dictionary. 6 million words in the English language, many relatively unused, and without baggage.
GOAL: Keep KERIpy more readable with short, evocative names.
- To Polysemy (ambiguity): ‘Type’ as an example -> too many meanings, you need to disambigue this
- Book “C elements and style” is advised: https://www.amazon.com/Elements-Style-Programmers-Elegant-Programs/dp/1558512918
Example: Habitat ‘where everything resides’ -> Hab -> Habery
- {noun}
- Er = object instances that do stuff
- Ery = factory classes or classes that manage other classes
- {noun}+s -> Sigs, Sigers = a list of Sig and a list of Siger
Example II:
- siger - creates signatures
- sig - would be qb64 representation of a signature
- sigs - would be a list of signatures
ACDC has been implemented inside of keripy. We have full credential issuance, revocation and streaming support in both the REST API as well as the command line.
Source P. Feairheller, 2022
"We don't have version 1 of the specs of KERI yet.""
As soon as we do, the code will look the version up, and act accordingly (backward compatibility).
We split the KERIpy repo in two branches dev and main, so people can rely on a stable production version in main.
- Authentic
- Chained
- Data containers (serialization of them) Mainly through SAIDs.
Embedding a SAID as a field in the associated serialization indicates a preferred content-addressable identifier for that serialization that facilitates greater interoperability, reduced ambiguity, and enhanced security when reasoning about the serialization. Moreover, given sufficient cryptographic strength, a cryptographic commitment such as a signature, digest, or another SAID, to a given SAID is essentially equivalent to a commitment to its associated serialization. Any change to the serialization invalidates its SAID thereby ensuring secure immutability evident reasoning with SAIDs about serializations or equivalently their SAIDs. Thus SAIDs better facilitate immutably referenced data serializations for applications such as Verifiable Credentials or Ricardian Contracts.\
The purpose of this paper is to capture and convey to a broader audience my increasingly worrisome concerns about the adoption path for Verifiable Credentials (VCs). My concerns began with the security limitations of VCs that use Linked Data (otherwise known as JSON-LD/RDF) and have since extended to the semantic inference limitations of Linked Data. My concerns may be expressed succinctly as, the VC standard appears to be an adoption vector for Linked Data, not the other way around. My overriding interest is that the concept of a VC as a securely attributable statement is a very powerful and attractive one and therefore should be widely adopted. We should therefore be picking the best technologies that best support broad VC adoption, not the other way around.
Source: VC Spec Enhancement Strategy Proposal by Sam Smith
Use trans-contextual value creation and capture to fuel cooperative network effects.
Sam is going to develop this
Security first (no compromise), then confidentiality (gradually give up in exchange for), then privacy (personal choice within the boundaries of confidentiality at hand)
Security: technical
Sufficient cryptographic strength (quantum safe)
Everything signed enforced (strong bindings and commitments, immutability)
Verifiable to root-of-trust (no middlemen)
Fine-grained control mechanisms (lossless scalable in every technical direction; speed, prog.languages, codetables in CESR, )
Proven technology for cryptographic functions (robustness)
Interoperable by design (covers everthing; internet and off-line)
Minimalized attack surface (reuse of primitives)
Continuous internal and external consistency checks of data structures (duplicity)
Security: human self protection
Private keys as far away from agents as possible (only signatures exposed)
pre-rotation (double-checked control authority)
Rotation (act when you smell danger)
Delegation (engage service provider without losing control; middleman on a leash)
Revocation (minimize effects of adversely situation)
Scalable witness & watchers network (reconciliation options; first seen)
Round-robin composable streaming (for readability of commitments)
Tamper evident (duplicity checks)
Non-repudiation
- Private keys are not being kept private
- Private keys are reused over and over to sign stuff
- Controller binds cryptographic protected data to him/herself (by mistake)
- Graduated disclosure isn't used {TBW}
- Third party binds cryptographic protected data to other actors involved (by mistake) {TBW}
| BASIS FOR COMPARISON | PRIVACY | CONFIDENTIALITY |
|---|---|---|
| Meaning | The state of being secluded is known as Privacy. | Confidentiality refers to the the situation when it is expected from someone that he will not divulge the information to any other person. |
| What is it? | It is the right to be let alone. | It is an agreement between the persons standing in fiduciary to maintain the secrecy of sensitive information and documents. |
| Concept | Limits the access of the public. | Prevents information and documents from unauthorized access. |
| Applies to | Individual | Information |
| Obligatory | No, it is the personal choice of an individual | Yes, when the information is professional and legal. |
| Disallowed | Everyone is disallowed from involving the personal affairs of an individual. | Only unauthorized persons are disallowed from using the information. |
Source: Keydifferences.com
Security first
Security first, confidentiallity, privacy
The KERI design approach is to build composable primitives instead of custom functionality that is so typical of other DKMI approaches:
- transferable identifiers
- non-transferable identifiers
- delegated identifiers Consequently when applied recursively, delegation may be used to compose arbitrarily complex trees of hierarchical (delegative) key management event streams.
This is the arguably most powerful capability that may provide an essential building block for a generic universal decentralized key management infrastructure (DKMI) that is also compatible with the demand of generic event streaming applications. (new invention) More in the whitepaper
Transaction event log (TEL) separated - anchored in KEL - minimal sufficient means - secondary root-of-trust (dependent of anchoring KEL for primary root-of-trust validation)
See glossary item
KERI alternative to total global ordering and consensus protocols is a mechanism called duplicity detection. In the verification and validation watchers are all that matter; they guarantee that logs are immutable by one very simple rule: "first seen wins".
Pre-rotation - quantum protection - security fallback (exposure, theft) - portray changing power dynamics
Because the cryptographic material in the events may be of variable length, a fixed field length serialization is not a viable approach. Consequently KERI must support variable length field serialization.
Only the controller of the associated identifier prefix may compose KERI events, the ordering of elements in the event serialization may be determined solely by that controller. Other entities may sign the event serialization provided by the controller but do not need to provide a serialization of their own.
In summary, the necessary constraint for complete event serialization is support for arbitrary data structures with variable length fields that are serializable and de-serializable in multiple formats. Reproducible ordering is not a necessary constraint. Source
(Source)
CESR uses a parse table so the same parsing code works on all codes.
The text domain representation of a stream enables better usability (readability) and the binary domain representation of a stream enables better compactness.
Allow efficient conversion or off-loading for concurrent processing of composed (concatenated) groups of primitives in a stream without having to individually parse each primitive before off-loading.
CESR is digital data streaming that
- can freely concatenate pieces of data
- Has a fixed streamlet size in both text and binary format
- Converts back and forth from text to binary without data loss and round robin
- Is able to express complex data structures
- Is extensible with derivation codes
- Is extremely compact
- Works asynchronously, e.g. collecting primitives, such as individual signatures of a Multisig from the web.
- Is ready for post-quantum cryptography
- Contributes to legally sound identifiers, because everything is “readable” in text format.
“CESR doesn’t provide post-quantum proofing. The hash does. CESR just makes it easier to process the crypto material. How you use crypto material is not up to CESR.”
Samual M. Smith
This list of reinforcing features might make you think of new fields of application. That’s not entirely surprising and, to reiterate, that was my only goal with this article.
Let me offer you a few applicable and hopefully inspiring facts to play around with in your head.
Composability allows text domain streams of primitives or portions of streams (streamlets) to be converted as a whole to the binary domain and back again without loss.
Fully qualified KERI cryptographic primitives are composable via concatenation in both the text (Base64) and binary domains.
CESR’s approach to filling its derivation-code tables is a first needed, first served basis.
In addition CESR’s requirement that all cryptographic operations maintain at least 128 bits of cryptographic strength precludes the entry of many weak cryptographic suites into the tables.
"There are many coding schemes that could satisfy the composability constraint of alignment on 24-bit boundaries. The main reason for using a text domain-centric encoding is higher usability, readability, or human friendliness. Indeed a primary design goal of CESR is to select an encoding approach that provides high usability, readability, or human friendliness in the text domain. This type of usability goal is simply not realizable in the binary domain.
The binary domain's purpose is merely to provide convenient compactness at scale. We believe usability in the text domain is maximized when the type portion of the prepended framing code is stable or invariant. Stable type coding makes it much easier to recognize primitives of a given type when debugging source, reading messages, or documents in the text domain that include encoded primitives. This is true even when those primitives have different lengths or values."
Source IETF Draft CESR.
There are two possibilities for CESR's coding scheme to ensure a composable 24-bit alignment. The first is to add trailing pad characters post-conversion. The second is to add leading pad bytes pre-conversion. Because of the greater readability of the value portion of both the fully qualified text, T, or fully qualified binary, B, domain representations, the second approach was chosen for CESR.
Source IETF Draft CESR.
Good cold start re-synchronization is essential to robust performant stream processing. Special CESR count codes support re-synchronization at each boundary between interleaved CESR and other serializations like JSON, CBOR, or MGPK
The design goals for CESR framing codes include minimizing the framing code size for the most frequently used (most popular) codes while also supporting a sufficiently comprehensive set of codes for all foreseeable current and future applications. The design strives for a high degree of both flexibility and extensibility. We believe this is best achieved with multiple code tables each with a different coding scheme that is optimized for a different set of features instead of a single one-size-fits-all scheme. Source.
principles and pre-conditions
Secondary root-of-trust - non-portable anchoring to blockchains as an extra layer of guarantee (above KELs)
principles and pre-conditions
We have two types: witnesses (for the controller) and backer to check duplicity in the network. The reason we've done this because we thus avoid the eclipse attack, that blockchains suffer from.
We foresee witness and watcher hosting services, just like web hosting currently. Technically speaking a watcher and a witness use the same code and protocol, watchers run in promiscuous mode.
Correlation between identifiers and there controlling human beings and binding of identifiers to human beings in general.
Applying salts, stretching passwords, etc.
There are a few commons reasons to choose development tools. Mostly because they have the following features:
- open source
- not patented
- best of breed
- universally applicable
- tested for a few years
The 10 principles were coined by Christopher Allen, one of the pioneers within this world, concerning the Self-Sovereign Identity (SSI). According to Allen, SSI can be interpreted in two ways: the first is ideological, which (key reading) affirms the importance of being able to control one’s own identity on the network without the need to counter trust; the second is technological, which means analysing which technologies and technological standards can enable this objective.
The 10 principles of the SSI are precisely intended to define what values and goals the idea and technology should pursue. They were first enunciated in Allen’s blog.
We've integrated the 10 principles in Social Values and Societal Values above.
It weakens them, because it exposes it and allows people an opportunity to try and work against it.
It's all your own identifier and you're controlling your identifier, so it's up to you what security constraints you want for that identifier. Anchoring, witness pools, thresholds, etc.
Best and compactly described by Daniel Hardman in Security, Silos, and Sovereignty 2022:
"SSI is not bestowed by corporate IT (Active Directory/LDAP systems); it’s not granted by internet giants (“sign in with Google/Facebook”); it’s not arranged through single sign-on vendors. SSI is for ordinary people who detest their messy collection of usernames and passwords, and just want bad guys to go away and good guys to enjoy the trust they deserve. SSI puts us — not institutions that leak our data to hackers, sell our data to partners, or surveil us for their own purposes — in charge. It also empowers governments, businesses, and other institutions that want to revolutionize privacy, redefine the cybersecurity and regulatory landscape, reduce cost and risk, keep people safe in pandemics, and do right by the people they serve."
Principle: In a society there needs some control and surveillance of individuals (or individual entities) for the sake of the security of society as a whole. However, those situation should be limited to absolute minimum needed and be strictly independently monitored. We consider all other control and surveillance to be 'needless'.
Manifestion: A robust witness network along with consistent witness rotation provides protection from monitoring and association of an individual's activity inside a KERI network.
Source Phil Feairheller