Bijou64: Solving Security and Performance via Canonical-by-Construction Encoding

Research lab Ink & Switch has introduced bijou64, a new variable-length integer (varint) encoding designed to address the security risks of non-canonical representations in binary protocols. Traditional varints like LEB128 allow a single number (such as 0) to be represented in multiple ways (e.g., 0x00, 0x80 0x00, etc.), which creates critical vulnerabilities like signature malleability in signed data.

By structuring the encoding so that every integer has exactly one valid representation, bijou64 eliminates the need for expensive, separately deletable runtime validation checks. Surprisingly, this security-first design also yields dramatic performance gains: bijou64 decodes 2x to 10x faster than LEB128 by avoiding branch-unfriendly continuation-bit scanning and allowing the decoder to determine payload length directly from the first byte.

The Architectural Trade-offs

• Security by Construction: In bijou64, canonicality is a property of the format itself. This prevents the common bug class where developers forget or optimize away runtime validation checks, which historically led to severe exploits in systems like ASN.1, Bitcoin transactions, and JWT libraries.
• Performance vs. Size: While bijou64 is significantly faster at decoding and highly predictable for CPU branch predictors, it sacrifices some compactness compared to LEB128. For example, LEB128 remains 2 bytes all the way up to $2^{14}$, whereas bijou64’s specific byte-tagging and offset scheme limits 2-byte representations to numbers below 500.
• The Bounded Integer Limit: Unlike LEB128, which can theoretically encode integers of arbitrary length, bijou64 targets a bounded u64 range, making it highly optimized for standard computer architectures but less suited for arbitrary-precision numeric formats.