Key Event Receipt Infrastructure (KERI)
share
A decentralized key management infrastructure (DKMI) that uses the design principle of minimally sufficient means is presented. The primary key management operation is key rotation via a novel key pre-rotation scheme. Two trust modes are presented, the online or pair-wise mode and the offline or any-wise mode. The offline mode depends on witnessed key event receipt logs (KERL) as an additional trust basis for validating events. This gives rise to the acronym KERI for key event receipt infrastructure. The KERI approach may be much more performant and scalable than more complex approaches that depend on a total ordered distributed consensus ledger. KERI may be augmented with distributed consensus ledgers but does not require them. The KERI approach allows more granular architecture in a DKMI. Moreover, because KERI is event streamed it enables DKMI that operates in-stride with data events streaming applications such as web 3.0, IoT, and others where performance and scalability are more important. KERI is designed to support DIDs but its core services are identifier independent (this includes DID method independence). This makes KERI a candidate for a universal portable DKMI.
READ FULL TEXT
