Deterministically Encoded CBOR (D-CBOR)

Deterministically Encoded CBOR (D-CBOR) Independent

Montpellier France anders.rundgren.net@gmail.com https://www.linkedin.com/in/andersrundgren/

Application CBOR CBOR Encoding Deterministic This document describes a deterministic encoding scheme for CBOR intended for usage in high-end computing platforms like mobile phones, Web browsers, and Web servers. In addition to enhancing interoperability, deterministic encoding can also support cryptographic operations like signing CBOR data items. Using this specification, the latter can achieved without wrapping such data in byte strings or depend on non-standard canonicalization procedures.

Introduction This specification introduces a deterministic encoding scheme for data expressed in the CBOR format. This scheme is subsequently referred to as D&nbhy;CBOR. Note that this document is not on the IETF standards track. However, a conformant implementation is supposed to adhere to the specified behavior for security and interoperability reasons.

Background supports a number of deterministic encoding options that are mutually incompatible, like Rule 1-3 in Section 4.2.2. This complicates large scale rollout of applications needing deterministic CBOR encoding.

Objectives The primary objective of D&nbhy;CBOR is providing an interoperable CBOR profile, primarily targeting high-end computing platforms like mobile phones, Web browsers, and Web servers. In addition, due to the underpinning deterministic encoding scheme, D&nbhy;CBOR also enables performing cryptographic operations like signatures over "raw" (unwrapped) CBOR data items since signatures depend on a unified representation of the data to be signed. Furthermore, building on the same foundation, D&nbhy;CBOR also permits decoded CBOR data to be subjected to simple and secure transformation and reencoding operations. The deterministic encoding scheme described in this document is characterized by being bidirectional also when CBOR is provided in diagnostic notation (Section 8 of ), making D&nbhy;CBOR comparatively easy to understand, debug, and implement. In spite of the enhanced functionality, this specification retains full compatibility with . See also which represents an alternative approach to deterministic encoding.

Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", " SHALL NOT ", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

Specification The deterministic encoding scheme used by D&nbhy;CBOR builds on Section 4.2 of . However, to achieve a fixed and bidirectional representation of numbers, Rule 2 in Section 4.2.2 MUST also be adhered to. provides additional information regarding numbers in D&nbhy;CBOR. Occurrences of unknown or malformed CBOR data items MUST be rejected. Map keys MUST only be compared and sorted based on their bytewise lexicographic order of their deterministic encoding. For applications that depend on deterministic reencoding of CBOR data items, compliant decoder implementations MUST be able to recreate such data in its original form. This means for example that the string component of date items (tag 0) MUST be preserved "as is" in order to maintain consistency. The optional numerical extensions described in Section 3.4.4. of MUST be treated as distinct data items as well as not be subjected to any transformations at the encoding level. A compliant D&nbhy;CBOR implementation SHOULD as a minimum support the following CBOR data items: Supported CBOR Data Items

Data Item	Encoding
`integer`	Major type `0` and `1`
`bignum`	`0xc2` and `0xc3`
`floating point`	`0xf9`, `0xfa` and `0xfb`
`byte string`	Major type `2`
`text string`	Major type `3`
`false`	`0xf4`
`true`	`0xf5`
`null`	`0xf6`
`array`	Major type `4`
`map`	Major type `5`
`tag`	Major type `6`

See also .

IANA Considerations This document has no IANA actions.

Security Considerations This specification inherits all the security considerations of CBOR . Applications that exploit the uniqueness of deterministic encoding should verify that the used decoder actually flags incorrectly formatted CBOR data items.

References Normative References Informative References Gordian dCBOR: Deterministic CBOR Implementation Practices Blockchain Commons Blockchain Commons

Encoding of Numbers This section is normative. The following sub sections hold examples of numbers expressed in diagnostic notation (Section 8 of ) and their D&nbhy;CBOR encoded counterpart (expressed in hexadecimal). Note that the values and encodings are supposed to work in both directions.

Integer Numbers The following table holds a set of integers highlighting the selection between integer and bignum data items. Integer Numbers

Value	Encoding
`0`	`00`
`-1`	`20`
`23`	`17`
`24`	`1818`
`-24`	`37`
`-25`	`3818`
`255`	`18ff`
`256`	`190100`
`-256`	`38ff`
`-257`	`390100`
`65535`	`19ffff`
`65536`	`1a00010000`
`1099511627775`	`1b000000ffffffffff`
`18446744073709551615`	`1bffffffffffffffff`
`18446744073709551616`	`c249010000000000000000`
`-18446744073709551616`	`3bffffffffffffffff`
`-18446744073709551617`	`c349010000000000000000`

Floating Point Numbers

Dedicated Floating Point Numbers The following table holds the set of dedicated IEEE 754 values. Note that NaN "signaling" MUST be flagged as an error. Dedicated Floating Point Numbers

Value	Encoding
`0.0`	`f90000`
`-0.0`	`f98000`
`Infinity`	`f97c00`
`-Infinity`	`f9fc00`
`NaN`	`f97e00`

Assorted Floating Point Numbers The following table holds a set of "ordinary" IEEE 754 values including some edge cases. Note that subnormal floating point values MUST be supported. Assorted Floating Point Numbers

Value	Encoding
`-5.960464477539062e-8`	`fbbe6fffffffffffff`
`-5.9604644775390625e-8`	`f98001`
`-5.960464477539064e-8`	`fbbe70000000000001`
`-5.960465188081798e-8`	`fab3800001`
`0.00006097555160522461`	`f903ff`
`65504.0`	`f97bff`
`65504.00390625`	`fa477fe001`
`65536.0`	`fa47800000`
`10.559998512268066`	`fa4128f5c1`
`10.559998512268068`	`fb40251eb820000001`
`3.4028234663852886e+38`	`fa7f7fffff`
`3.402823466385289e+38`	`fb47efffffe0000001`
`1.401298464324817e-45`	`fa00000001`
`1.1754942106924411e-38`	`fa007fffff`
`5.0e-324`	`fb0000000000000001`
`-1.7976931348623157e+308`	`fbffefffffffffffff`

Implementation Constraints This section is informative. Note that even if an application does not support (or need) bignum or floating point data items, you can still use D-CBOR since a strict subset is upwardly compatible with full-blown implementations. Low-end platforms typically also restrict CBOR map keys to integer and text string data items. Since these issues are application specific, they are out of scope for this specification.

Reference Implementations This section is informative. Reference implementations that conform to this specification include:

JavaScript:
JDK 17+:
Android/Java:

Online Tools This section is informative. The following online tools enable testing D&nbhy;CBOR without installing any software:

Acknowledgements TBD

Document History [[ This section to be removed by the RFC Editor before publication as an RFC ]] Version 00:

Initial publication.

Version 01:

Added Table 1: Supported CBOR Data Types

Version 02:

Added bidirectional + reencoding to 2

Version 03:

Added ref to 3.4.4. Decimal Fractions and Bigfloats.
Type => Data Item (throughout the spec).

Version 04-00:

Document name spelling error.

Version 01:

Minor tweaks.

Version 02:

ISE submission and associated changes.

Version 03:

Number table clarifications.

Version 04:

Word-smithing.

Version 05:

ISE input resulted in Background section.

Version 06:

Word-smithing.

Version 07:

Word-smithing.