KERI is not complex or complicated. Instead, it simplifies.
One of the most well-known misconceptions is that KERI is complex or complicated. This article aims to debunk this myth and shed light on how KERI simplifies the digital identity space, dispelling any confusion.
You will always remember the predictability criterion and embrace the simplicity that KERI introduces in one step.
KERI, or Key Event Receipt Infrastructure, is a protocol that revolutionizes digital identity management. Understanding its simplicity is crucial for those working with or interested in this field.
Often heard opinion:
“KERI is interesting but introduces more complexity than needed.”
Let’s first introduce the different meanings behind the terms complexity and complication. Then, we investigate the simplifications the KERI protocol offers to show that KERI doesn’t fit into the complex or complicated category.
Why make a difference between complex and complicated?
To native speakers, complex and complicated are terms that cover, more or less, the same concept. However, they can be used for separate concepts.
A living creature is complex. Even a single living cell is complex, let alone the whole body. The range of events that can happen in interactions between various parts of a living cell is enormous and unpredictable.
Identity is also complex. Even digital identifiers can be considered complex due to constantly evolving cryptography, growing computational power, and the unpredictable surfacing of malicious or compromised actors.
By contrast, KERI could be perceived as complicated. Yes, it is not straightforward. Admittedly, the KERI Suite, which includes a comprehensive set of tools and protocols for securely managing digital identities, is thorough and pretty ‘different’ from the digital identifier solutions we’ve seen so far.
KERI is not entirely ready yet. That makes it a moving target to assess or judge. These are the parts that the KERI team has designed and standardized but still have to finalize in programming code:
- Wallet (user friendly) — inception and further key management
- Witness services— promulgation of key state
- Watcher services — validation of authoritative key state
- Web — infrastructure -> 3 W’s in the list leverage this -> we must build an API.
- Wizard — which is a foolproof assistant that makes it harder to misuse the other 4 W’s
Although KERI has had customers since 2022 that have KERI-based systems in production (Example vLEI of GLEIF), we need to build a full tooling suite for the KERI infrastructure, guide rails, and bumpers in a system that has everything under the hood. People don’t want to understand the details; they want to be able to use the system securely.
Some people currently perceive KERI as complex rather than complicated. But in the end, it’ll still be just a predefined solution with a fixed set of elements that interact with each other and the outside world. KERI’s behavior is predictable. Meanwhile, KERI operates over different axes in the security space and solves hard problems simultaneously. Still, because we are dealing with predictability in a digital world, it just seems complicated to the maximum.
And it’s getting better:
- We can and will reduce complication
- Once you master a One-Click KERI install*, things will simplify significantly.
* The article’s details of One-Click KERI are out of scope.
But hold on, let’s not be overly enthusiastic at first; back to complexity vs. complication.
Criteria are king
Why is it a fundamental and relevant distinction that of the two, complicated or complex, KERI should be perceived as only complicated? KERI is an identifier system, so shouldn’t we consider it complex, too?
The reasoning above, saying that KERI is just complicated, might smell like some kind of ‘victim blaming’ to some readers. You might think, “I see what you’re doing here! Conveniently typifying KERI as just complicated and blaming perception of its complexity on my lack of knowledge or insufficient intelligence.”
It needs little argumentation that we value people’s intelligence and perspective in our relentless effort to make KERI understandable.
We need clear criteria so anyone can determine what falls into a specific category or concept covered by a term. Generally applicable criteria are king because they settle the case. We’re going to share valuable criteria a bit later, but first:
Understanding the difference between complicated and complex and why it is relevant to those who work with KERI, for example, those who believe a KERI’ light’ will be sufficient for many tasks { Here will be a link to the future article}, is crucial. By grasping this distinction, you can make more informed decisions about the digital identity systems you use, and appreciate the simplifications, rather than labels of complication or complexity, that KERI brings to the table.
If we understand complexity and complication, we might be better capable of knowing who’s right or wrong, if anyone. And we might find common ground faster.
Or, even better, can we create a clearer set of constraints and use cases for reduced and simplified versions of KERI?
Well, let’s give it a try! But keep in mind that a big objective of this article is to make you never forget that complication and complexity are both relative; neither is 100% absolute.
There we go. I’ve found this article by Benjamin Sangwa about Complexity versus Complication, and it matches our case nicely:
“Complexity refers to the inherent nature of something composed of many interconnected parts. Complex systems, such as living organisms or societies, are difficult to understand or predict because they are made up of many interacting elements. Complexity is often associated with the concept of emergence, where new properties or behaviors arise from the interactions of the parts and are not present in any single element.
Complication, on the other hand, refers to the addition of extraneous elements to a system, making it more difficult to understand or navigate. Complicated systems are not necessarily complex, but they are often made so by the presence of unnecessary or redundant elements.”
Criteria revisited
The fundamental choice of typifying something as “complicated” or “complex” could be determined by these two criteria:
A. Is it a bounded system that consists of predefined elements?
B. Are the elements interacting predictably?
If the answer to A and B is ‘yes,’ then it’s just complicated.
You see? We deliver on the promise that we will share generally applicable criteria. Et Voila!.
Now, let’s do two things with KERI:
1. Apply the criteria to all parts of the KERI Suite.
If we then conclude that KERI falls within complicated systems instead of complex, continue with
2. Look for simplifications that KERI has brought to the stage because that would put the complication, which KERI inevitably introduces, into a softer perspective. Is that agreed?
Predictability and reducibility
Benjamin Sangwa helps us with the primary objective of this article:
“The key difference between complexity and complication is that complex systems do not have defined solutions, while complicated systems do. Complex systems are often difficult to understand or predict because their behavior is emergent and not reducible to the properties of individual elements. Complicated systems, on the other hand, can be simplified by removing unnecessary elements or reducing the system to its essential components.”
KERI is predictable but not reducible. All automated systems have a limited and predictable set of interactions between their parts. It may be a vast number of relations and interactions, but it still is finite. If something happens that you didn’t expect, we call that a bug, a loophole, or whatever, but it’s not a “black swan” because if you analyze after the fact, you will always see that it could have been predicted.
Interestingly, KERI is not reducible. (There’s a separate article in a process called ‘How Dare You Think KERI is Superfluous’, so I’ll leave that aside now.)
If KERI is not reducible, we can’t make it simpler to have the same security feature, and that’s a good reason from the definition perspective to put KERI in the complex rather than complicated category.
* We know that for native English speakers, it’s more or less the same, but therefore, we introduced two distinct concepts to cover the different meanings of the terms!
Now, here’s my thesis
So, there we are, still wrestling with the choice between complicated or complex to describe Keri when, in fact, we should focus on its simplification. The predictability of the finite complications of the complete KERI Suite system under the hood is easily outweighed by the simplifications it has undeniably brought to the world.
Simplifications through the KERI Suite protocol
KERI’s simplification of the Internet and identifier systems is an indirect result of fixing real problems, not acts by a magician. It’s a spin-off instead of something deliberately done. Even Dr. Samuel M. Smith has yet to foresee most of the simplification the KERI Suite brings about.
“Darling, what are you doing in your office all morning?”
“Ooh, I just made a few simplifications for the internet, but I’ll be right with you.”
Of course, it doesn’t work this way. Why not? Well, it would be rare for a single human being to outsmart the whole world in an instant. Yes, some smartasses are good. But mostly, there is a good reason why changes come through responsive development.
Why did Linus Torvalds create git? He needed it badly. Too many coders started contributing to Linux, and old-school version management became a mess. Linus needed to get Linux version management to go decentralized.
Why did Sam Smith create CESR? Because he needed it to get KERI going.
Apart from a few exceptions, it’s like repairing an airplane while it’s in the air: Don’t try it on your flight. But if you have to, you might just succeed, with sometimes incredible results that spin off.
Another example is Coca-Cola. Nobody sat down and invented Coca-Cola. Somebody invented a headache painkiller. Then came alcohol prohibition in the US. The headache painkiller inventor took some sparkling water and lots of sugar, mixed it with his rather complicated-to-sell painkiller, and Coca-Cola was born.
Two takeaways from both narratives:
- Simplifications through KERI are often unexpected spin-offs from KERI
- Samuel M. Smith is a brilliant man, but not as smart as he tries to make you believe: some stuff happens to him, too! But he’s good at acting as if he foresaw ;)
Please show me the meat!
OK, OK. May I remind you that the only objective of this article is to help you never forget that KERI is neither complex nor complicated? And that, instead, KERI introduces simplicity (and, in my opinion, clarity, but I am slightly biased).
I can present a quick fix to show the meat of simplifications.
These are the known and unintended simplifications so far that KERI, ACDC, and CESR have brought to the world:
1. KERI’s novel pre-rotating mechanism (intended) means private keys are quantum-attack resistant via a clever trick (spin-off).
2. KERI has cut out intermediaries (intended) from the equation in binding between the controller, private, and public keys. The purely cryptographic nature of these bindings simplifies them: they are all cryptographically strong and end-to-end verifiable (spin-off).
3. KERI is omnipresent and trust-spanning (intended). Simplification: No blockchain silos with a need to build and maintain interoperability forever (spin-off).
4. CESR (needed) has ended the streaming encoding wars between CBOR, JSON, and MSGPACK; it handles them all (spin-off).
5. CESR has round-robin composability between text and binary (intended). This eliminates the need to prove the consistency and authenticity of readable legal digital documents when sent over the Internet (spin-off).
6. In ACDCs, the system guides you to sign everything* at rest (KERI’s KEL and TEL) and in motion (CESR). You don’t have to ask yourself whether this is signed off. It is always, anywhere, by anyone or anything.
* Most verifiable credentialing systems sign at rest. ACDCs bind the issuance to the key state at the time of issuance. They are bound or sealed at rest to the key state, and that key state is signed. The ACDCs themselves are not signed but have Seals anchored in TELS which in turn have Seals anchored in KELS.
KERI solves the problem of having to reissue all issuances (it’s necessary) every time you rotate keys.
7. The all-encompassing non-repudiability and duplicity evidence of operations that seal, bind, or anchor (synonyms in KERI) actions to the controller of the current signing key of a KEL simplifies life substantially: IT personnel can’t “get away” anymore with acting maliciously. Until today, in systems without KERI, a system administrator can easily obfuscate his actions. Any external party cannot do a risk assessment. Often, only weeks or months later, malicious actors with root user rights can be demasked. KERI makes life easier.
If you now consider that KERI is, just “maybe,” a bit complicated while delivering these overwhelming spin-off simplifications, then my work is all but done.
Conclusion
KERI is “and and”:
- It’s predictable, therefore at the maximum complicated, instead of complex) and
- Although KERI’s features and code and interrelations between components aren’t reducible as such (next article), its complicatedness can be reduced by black-boxing KERI and
- KERI’s killer feature is that it simplifies the Identity space by combining planned and unforeseen characteristics.
Cliff hanger
Critics only perceive KERI in the narrow definition of complicated. We can and will further reduce KERI’s complication by working on 5W’s:
Wallet, Witness, Watchers, Web, and Wizard.
Would we ever reduce complications by throwing essential parts out?
And if we could throw out non-essential parts, would we have complied with our own minimal-sufficient-solution rule in the first place?
Twice, the answer is ‘no.’ For those still puzzled and thinking, ‘How can you reduce complications if you don’t throw anything out?’ ->
That’s the topic of another article.
Acknowledgments
Thanks to William Lindsay for his editing and disarming view on the expletives I use.
Thanks to Sam Smith for his amendments to the article and for taking a leap forward on the next article in the first comment.
Complexity versus Complication, Benjamin Sangwa, (https://www.linkedin.com/pulse/complexity-vs-complication-benjamin-sangwa/)
Fictive Living Cell and Repair Plane Mid Air — OpenAI. (2024). ChatGPT (4o) [Large language model]. https://chatgpt.com
I see what you’re doing here! — [What are you doing here?](https://images.app.goo.gl/zpDbatY9v1h2zq6C6) | Lee D. Baker | Flickr — CC BY-NC-ND 2.0
Coca-Cola replica bottles https://images.app.goo.gl/bfq1XFSRm6FCzpLA8 CC BY-NC 2.0
