Canonical JSON is a deterministic serialization format that eliminates the syntactic flexibility of standard JSON to produce a single, unambiguous byte representation for any given data structure. By enforcing strict rules—such as sorted object keys, no insignificant whitespace, and a specific Unicode normalization form—it ensures that two systems independently serializing the same logical payload will generate the exact same sequence of bytes, enabling reliable content-addressable storage.
Glossary
Canonical JSON

What is Canonical JSON?
Canonical JSON defines a strict set of rules for serializing JSON data to guarantee that a single logical object always produces an identical, byte-for-byte sequence, a critical prerequisite for consistent cryptographic hashing and digital signing.
This format is foundational for tamper-proof model registries and software supply chain security, where a model's integrity is verified by comparing its cryptographic hash. Without canonicalization, semantically identical JSON documents could produce different hashes due to key ordering or whitespace variations, breaking **attestation** chains and **non-repudiation** guarantees in frameworks like **in-toto** and **Sigstore**.
Key Features of Canonical JSON
Canonical JSON (JCS) defines a strict set of rules for serializing JSON data to ensure that logically identical payloads always produce an identical sequence of bytes—a critical prerequisite for consistent cryptographic hashing and digital signatures.
Deterministic Key Ordering
Object keys are serialized in lexicographic order based on their UTF-16 code unit values. This eliminates the non-determinism inherent in standard JSON, where key order is arbitrary.
- Keys are sorted by comparing Unicode code points
- Nested objects are recursively sorted
- Ensures
{"b":2,"a":1}and{"a":1,"b":2}produce identical byte sequences
Whitespace Elimination
All insignificant whitespace is stripped from the output. No spaces, tabs, newlines, or carriage returns appear outside of string literals.
- No indentation or pretty-printing
- No trailing whitespace after commas or colons
- Produces the most compact valid JSON representation
Unicode Normalization
String values are normalized using Unicode Normalization Form C (NFC) before serialization. This ensures that characters composed of combining marks are represented consistently.
- Prevents hash mismatches from equivalent Unicode representations
- Applies to both keys and string values
- Critical for internationalized data integrity
Number Serialization Rules
Numbers are serialized with no leading zeros, no trailing decimal points, and using E notation for exponents. The integer 1.0 becomes 1, and 1E+2 becomes 100.
- No exponential notation unless required for magnitude
- No
+sign on positive exponents - Ensures
1.0,1e0, and1all canonicalize to1
String Escape Consistency
Characters are escaped using the minimum required escape sequence. Control characters use uppercase hex in \u notation, and the solidus / is never escaped.
\b,\f,\n,\r,\tfor standard control characters\u00XXfor other control characters (uppercase hex)- Double-quote and backslash always escaped
Cryptographic Hashing Foundation
Canonical JSON is the canonicalization scheme used by RFC 8785 (JCS). It enables reliable digital signatures and content hashing where byte-level determinism is mandatory.
- Used in Verifiable Credentials and DID Documents
- Enables content-addressable storage for JSON payloads
- Foundation for tamper-evident data structures
Canonical JSON vs. Standard JSON vs. JCS
A technical comparison of deterministic JSON serialization approaches for cryptographic hashing and data integrity verification.
| Feature | Standard JSON (RFC 8259) | Canonical JSON (JCS) | OLPC Canonical JSON |
|---|---|---|---|
Deterministic output | |||
Key ordering | Arbitrary | Lexicographic by UTF-16 code unit | Lexicographic by UTF-8 byte value |
Whitespace normalization | |||
Unicode escape handling | Optional | Lowercase hex, shortest form required | Lowercase hex, shortest form required |
Number serialization | Implementation-dependent | No exponential notation, no leading zeros, no trailing zeros | JSON number grammar, no exponential notation |
UTF-8 encoding required | |||
Trailing comma prohibition | |||
Duplicate key handling | Undefined | Prohibited | Prohibited |
Specification status | IETF Standard | RFC 8785 | Informal specification |
Frequently Asked Questions
Clear answers to the most common questions about deterministic JSON serialization for cryptographic integrity.
Canonical JSON is a deterministic serialization format that ensures a given logical JSON object always produces the exact same sequence of bytes, regardless of the encoder or programming language used. It works by enforcing a strict set of rules on the serialization process: object keys must be sorted lexicographically, whitespace outside string literals is eliminated, number formatting is normalized, and Unicode escape sequences are standardized. This byte-level determinism is a prerequisite for cryptographic hashing and digital signatures, where even a single bit of difference in serialization would produce a completely different hash value. The most widely adopted specification is the JSON Canonicalization Scheme (JCS), defined in RFC 8785, which provides a precise algorithm for transforming any valid JSON value into its canonical form.
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Related Terms
Canonical JSON is a foundational primitive for cryptographic integrity. These related concepts form the ecosystem of verifiable, tamper-proof software and model supply chains.
Cryptographic Hashing
The mathematical process that converts arbitrary data into a fixed-size digest. Canonical JSON is a prerequisite for deterministic hashing because even semantically identical JSON can produce different byte sequences. Common algorithms include SHA-256 and BLAKE3. A single whitespace change in non-canonical JSON yields a completely different hash, breaking integrity verification.
Content-Addressable Storage
A storage paradigm where data is retrieved by its cryptographic hash rather than a mutable location. Systems like IPFS and OCI registries use this model. Canonical JSON ensures that the same logical manifest always resolves to the same content address. If serialization is non-deterministic, the address changes and the lookup fails.
Digital Signatures
A cryptographic mechanism that binds an identity to a document. The signer hashes the canonical form and encrypts the digest with a private key. Verifiers recompute the hash from the same canonical bytes. Without deterministic serialization, a verifier may compute a different hash than the signer, causing valid signatures to fail verification.
Merkle Trees
A tree data structure where each leaf node is a hash of a data block and each non-leaf node is a hash of its children. Used in blockchains and transparency logs like Rekor. Canonical JSON is critical for leaf data: if two participants serialize the same transaction differently, they compute different Merkle roots and cannot reach consensus.
Attestation
A cryptographically signed statement asserting a verifiable fact about an artifact. In in-toto and SLSA frameworks, attestations are serialized as JSON. Canonicalization ensures that the predicate (the claim being made) is byte-identical across signers, verifiers, and transparency logs, preventing signature verification failures due to formatting differences.

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us