Why is JSON not used in the Bitcoin P2P protocol?

0

The Bitcoin P2P protocol uses its own serialisation format for the transferred data. Is this serialisation considered as more secure against DoS attacks than JSON?

xdimy

Posted 2020-12-22T15:53:23.123

Reputation: 1

Answers

0

I do not know if there are any comparisons of the security difference between Bitcoin's P2P messages and JSON, but the binary format is certainly more compact than JSON.

I think it would be reasonable to assume that there are security implications, but security likely was not the major concern when the P2P format was initially defined. Rather ease of implementation and message size were the likely concerns.

A binary format is simply smaller and more compact than JSON strings. Strings take up a lot of space, especially strings for data that represent bytes. Furthermore, it takes more logic and time to convert binary data to a string, then convert it back from a string once received. Any string encoding for binary data is not going to be as efficient as the binary itself. For data that the user is never going to see, and with a protocol that isn't text based, using JSON is not reasonable.

Lastly, while security concerns likely were not behind this decision, there certainly are security implications for choosing a binary format over JSON. Variable length string parsing has traditionally been a source of security problems in many different software. As JSON is string based, there is the potential for anyone implementing something that uses JSON to make a mistake that introduces a serious vulnerability in their string parsing. So a binary format would be better in that regard.

Andrew Chow

Posted 2020-12-22T15:53:23.123

Reputation: 50 267

Thank you for your answer, this all looks reasonable. I also thought json is not usually validated by a schema so it is easy for an attacker to add extra fields to a message and try to overload servers memory and cpu. In case of the used p2p format each message field is parsed and impossible to add flooding data, so it is more reliable to dos – xdimy – 2020-12-25T09:55:08.567