What is KERI?

Modern defense operations rely on digital identity to authenticate users, devices, and systems across varied contested environments. However, existing identity solutions—like traditional Public Key Infrastructure (PKI)—struggle in disconnected, intermittent, and limited (DIL) communications environments and coalition settings. These systems depend on centralized Certificate Authorities (CAs), which represent critical single points of failure and are attractive targets for adversaries.

The Key Event Receipt Infrastructure (KERI) protocol offers a fundamentally different approach: one that is decentralized, cryptographically secure, portable, and resilient. This makes KERI exceptionally well-suited for mission environments where trust must be continuously verified, even without continuous connectivity. KERI replaces the need for centralized trust with cryptographic verifiability, enabling secure peer-to-peer authentication without requiring real-time access to backend systems.

This makes KERI ideal for use cases such as:

Cross-domain and coalition interoperability
Zero Trust enforcement in DIL environments
Resilient identity for autonomous platforms, sensors, and mobile units

It uses self-certifying identifiers (AIDs) whose control is established and maintained in a  verifiable, append-only Key Event Log (KEL). This architecture provides a portable,  auditable history of an identity's key management, allowing for secure authentication and  verification even in disconnected (DIL) environments—a crucial capability for enabling  Zero Trust at the tactical edge. Unlike traditional identities that rely on a central CA, AIDs  establish trust based solely on the integrity of the key event log that created and maintains  them.

Key Features

Decentralized Trust

KERI establishes trust through cryptographic proof using self-certifying identifiers (AIDs), eliminating dependencies on vulnerable, centralized Certificate Authorities (CAs). No external authorities or third parties required to validate an identity.

Resilience & Recovery

KERI offers robust post-compromise recovery through a "pre-rotation" key management  scheme. This allows a legitimate controller to regain control of an identity even after its  operational keys have been exposed—a vital capability for assets in contested zones.

DIL/Contested Environment Operations

The protocol enables secure, local peer-to-peer authentication via portable Key Event Logs  (KELs), reducing the need for continuous network reach-back to central servers to verify an  identity's current key state.

Interoperability

Its use of portable identifiers and verifiable credentials is designed to facilitate secure  identity federation across Joint, Interagency, and Coalition environments.

Auditability for Zero Trust

KERI provides an immutable, end-verifiable log of all key management events for an  identity, creating the auditable and verifiable foundation required for a true Zero Trust  Architecture (ZTA).

KERI for Defense

In a battlefield where communications are degraded, supply chains are under cyberattack,  and adversaries are rapidly exploiting trust-based systems, KERI provides the identity  foundation needed to maintain operational continuity and security. Whether  authenticating a mobile operator’s device in a denied environment or verifying the firmware  provenance of a forward-deployed sensor, KERI delivers the cryptographic certainty  needed to support mission success.