Bijou64: A variable-length integer encoding

Developers of the Subduction CRDT protocol have introduced Bijou64, a new variable-length integer encoding that ensures each number has a single, canonical representation. This design aims to improve security by preventing encoding ambiguities and has demonstrated faster performance than the commonly used LEB128 encoding.

Bijou64 was created to address a subtle bug in signature verification caused by multiple valid encodings of the same integer in existing varint formats like LEB128. Unlike LEB128, which encodes integers in 7-bit segments with continuation bits, Bijou64 guarantees a single encoding per number by design. It achieves this through a two-part structure: the first byte either directly encodes values 0–247 or serves as a tag indicating the number of subsequent bytes, which are offset-based to prevent multiple representations of the same value.

This approach simplifies decoding, as the first byte indicates exactly how many bytes follow, enabling efficient memory allocation. The encoding’s structure makes it inherently canonical, removing the need for additional validation checks that are often overlooked in other varint formats, thus enhancing security against adversarial inputs.

Why It Matters

Bijou64’s canonical design reduces the risk of encoding-based attacks that exploit multiple valid representations of the same number, which have historically been used in cryptographic protocols and digital signatures. Its improved speed over LEB128 can also benefit performance-critical applications, especially in cryptography, distributed systems, and blockchain protocols where data integrity and efficiency are paramount.

Background

Variable-length integer encodings are widely used in binary protocols to save space, especially for small numbers. LEB128 has been a popular choice but suffers from non-uniqueness, leading to potential security vulnerabilities. Prior efforts to enforce canonical forms involve additional checks, which are often omitted, creating risks. Bijou64 emerges from the need for a secure, efficient, and inherently canonical varint encoding, developed specifically for the Subduction CRDT project, which prioritizes both security and performance.

“Bijou64 guarantees a single, unique encoding for each integer, removing the need for separate canonicality checks and enhancing security.”

— Developer of Bijou64

“Our encoding not only fixes a subtle bug in signature verification but also runs several times faster than traditional varint formats like LEB128.”

— Subduction Protocol Team

What Remains Unclear

It remains unclear how widely Bijou64 will be adopted outside the Subduction protocol or whether it will be integrated into existing systems. The full security analysis and performance benchmarks across diverse use cases are still ongoing, and compatibility with other protocols has yet to be established.

What’s Next

Developers plan to publish formal specifications and benchmarks for Bijou64, encouraging adoption in other security-sensitive applications. Further testing and peer review are expected to validate its security guarantees and performance benefits, with potential integration into broader cryptographic and distributed systems.

Key Questions

How does Bijou64 differ from LEB128?

Bijou64 guarantees a single, canonical encoding for each integer by using a structured first byte and offset-based subsequent bytes, unlike LEB128, which allows multiple valid representations for the same number.

Why is canonical encoding important?

Canonical encoding prevents ambiguity, which is crucial for security protocols that rely on exact byte representations, such as digital signatures and cryptographic signatures.

Is Bijou64 faster than existing varint formats?

Preliminary benchmarks indicate that Bijou64 is several times faster than LEB128, mainly because it requires fewer bytes to decode and simplifies the decoding process.

Will Bijou64 be adopted outside the Subduction protocol?

It is not yet clear; adoption depends on further validation, peer review, and whether other projects see value in its security and performance features.

Source: Hacker News