[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Canonical form for signing S-expressions
There needs to be a canonical form for signing S-expressions. That is,
a way of interpreting an S-expression as a sequence of bytes to be fed
into a hash function. This byte sequence does not need to be the same
as the byte sequence used to transmit the S-expression, nor does it need
to be the same as the memory layout of the S-expression. It should be
easy to generate from whatever memory layout you use for S-expressions,
and it should be compact, so as to keep the hashing efficient. (I note that
the production of the canonical form byte-string can be done piecemeal, as
most hash functions can take their input in chunks.)
Given these requirements and considerations, I have heard no technical
arguments against the following proposal, and I suggest we go with it.
-- represent all byte strings "verbatim" as e.g.
#3:abc
with #,hexadecimal length,colon,byte-string
(Using this format gives maximum efficiency for long byte strings.)
-- represent lists with parentheses
-- use no spaces to separate elements, and no fragmentation of
byte strings.
Example: The S-expression
(a b (cd e fgh))
has canonical form for signing
(#1:a#1:b(#2:cd#1:e#3:fgh))
Agreed?
Ron Rivest
Follow-Ups: