Bijou64: A variable-length integer encoding

Developers of the Subduction CRDT protocol have introduced Bijou64, a new variable-length integer encoding that guarantees a single, canonical representation for each integer, enhancing both security and efficiency.

Bijou64 was created to address a subtle bug related to signature verification in the Subduction CRDT protocol. Unlike common varint formats like LEB128, Bijou64 ensures that each integer has only one valid encoding, eliminating the risk of adversarially crafted byte sequences that could cause signature mismatches or security vulnerabilities.

The encoding works by using a first byte that either directly encodes small numbers (0-247) or acts as a tag indicating how many subsequent bytes are needed to represent larger numbers. This structure allows for predictable, constant-time decoding and removes the need for additional canonicality checks.

Preliminary benchmarks indicate that Bijou64 performs several times faster than LEB128, primarily because it does less work during decoding, thanks to its structured approach and immediate knowledge of the number of bytes involved.

Why It Matters

Bijou64’s design enhances security by preventing multiple representations of the same number, a known vulnerability in formats like LEB128 that can be exploited in cryptographic or signature verification scenarios. Its efficiency also benefits protocols requiring fast, compact integer encoding, potentially influencing future implementations in distributed systems and cryptography.

Background

Variable-length integer encodings are common in binary protocols to save space, especially when small numbers are frequent. LEB128 is a widely used format but suffers from non-canonical representations, which can lead to security issues. Bijou64 was developed as part of ongoing efforts to improve protocol robustness and performance, motivated by the needs of the Subduction CRDT synchronization protocol.

The problem with LEB128 and similar formats is their allowance for multiple encodings of the same number, which complicates security and deduplication. Previous attacks and vulnerabilities in cryptographic protocols have exploited this non-canonicality, prompting the development of Bijou64.

“Bijou64 guarantees a single, canonical encoding for every integer, removing a class of security vulnerabilities while also improving decoding speed.”

— Lead developer of Bijou64

“Eliminating non-canonical representations helps prevent certain signature forgery attacks and simplifies protocol validation.”

— Cryptography researcher

Cryptography For Dummies

Used Book in Good Condition

AmazonView Latest Price

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

What Remains Unclear

It is not yet clear how widely Bijou64 will be adopted outside the Subduction protocol or how it compares in large-scale real-world deployments. Further benchmarking and security analysis are ongoing.

What’s Next

Developers plan to publish detailed specifications and open-source implementations of Bijou64. Additional testing and peer review are expected in the coming months, with potential integration into other protocols requiring secure, efficient varint encoding.

Key Questions

How does Bijou64 differ from LEB128?

Bijou64 enforces a single, canonical representation for each integer by using a structured encoding with a tag and offset scheme, unlike LEB128, which allows multiple encodings for the same number.

Why is canonical encoding important?

Canonical encoding prevents multiple representations of the same number, which is crucial for security, signature verification, and deduplication in protocols.

Is Bijou64 faster than existing varint formats?

Initial benchmarks suggest Bijou64 is several times faster than LEB128 due to its simpler, more predictable decoding process.

Can Bijou64 be used in other protocols?

While designed for the Subduction CRDT protocol, Bijou64’s principles could be adapted for other systems requiring secure, efficient varint encoding, pending further testing and validation.

Source: Hacker News