{"id":16199808,"url":"https://github.com/or13/decanonicalization","last_synced_at":"2025-06-28T01:36:01.941Z","repository":{"id":65615225,"uuid":"595739478","full_name":"OR13/decanonicalization","owner":"OR13","description":"From the moment we enter this life we are in the flow of it. We measure it and we mark it, but we cannot defy it.","archived":false,"fork":false,"pushed_at":"2023-02-07T17:37:32.000Z","size":34,"stargazers_count":6,"open_issues_count":3,"forks_count":2,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-04-02T23:41:32.361Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://or13.github.io/decanonicalization","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/OR13.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-01-31T18:00:23.000Z","updated_at":"2024-03-28T20:46:08.000Z","dependencies_parsed_at":"2023-02-16T23:15:17.691Z","dependency_job_id":null,"html_url":"https://github.com/OR13/decanonicalization","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/OR13/decanonicalization","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OR13%2Fdecanonicalization","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OR13%2Fdecanonicalization/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OR13%2Fdecanonicalization/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OR13%2Fdecanonicalization/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/OR13","download_url":"https://codeload.github.com/OR13/decanonicalization/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OR13%2Fdecanonicalization/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":262361660,"owners_count":23299084,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-10T09:28:20.004Z","updated_at":"2025-06-28T01:36:01.869Z","avatar_url":"https://github.com/OR13.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\n#### 🔏 JSON Web Signatures are better at protecting content type `application/credentials+ld+json`.\n\n[![CI](https://github.com/OR13/decanonicalization/actions/workflows/ci.yml/badge.svg)](https://github.com/OR13/decanonicalization/actions/workflows/ci.yml)\n\nThis reposistory demonstrates that [data integrity proof](https://www.w3.org/TR/vc-data-integrity/) `sign` and `verify` operation times are bound to the size of the input data interpreted as RDF.\n\nThis is because data integrity proofs require some form of canonicalizaton, most commonly [URDNA2015](https://www.w3.org/TR/rdf-canon/).\n\nA clever attacker can ask a verifier expensive questions.\n\nThe verifier will be forced to cannonicalize before checking the signature.\n\nThis can cost the verifier a lot of compute time, for a proof that might not even verify.\n\nSee this twitter thread: [just... sign... the... bytes...](https://twitter.com/OR13b/status/1618415157235052545)\n\n\n## Updates\n\nThe methodology used here has been challenged, see:\n\n- https://github.com/w3c/vc-jwt/pull/44#issuecomment-1420981871\n- https://lists.w3.org/Archives/Public/public-vc-wg/2023Jan/0036.html\n- https://github.com/dlongley/decanonicalization/commit/4e3266620cf38e4c794b128f5fe204336430f606#r99192077\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2For13%2Fdecanonicalization","html_url":"https://awesome.ecosyste.ms/projects/github.com%2For13%2Fdecanonicalization","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2For13%2Fdecanonicalization/lists"}