perf(schema): sign GeoJSON geometry as @JSON literal to fix pathological VC canonicalization

Volodymyr Shvets · Volodymyr Shvets · commit 680c862f329d · 2026-06-18T17:11:22.000+03:00
Signing a VC that embeds a GeoJSON geometry is dominated by JSON-LD canonicalization. The generated schema context never activates the geojson `@list` scoped context for the geometry field, so `coordinates` falls through to the default `@vocab` and every coordinate is expanded per-value into RDF, which is super-linear (~O(n^2)). A large MultiPolygon takes tens of seconds and tens-to-hundreds of MB to sign; concurrent signings stack the cost. Fix: when a schema context contains `#GeoJSON`, map the root `coordinates`/`bbox` terms to `@type: @json` so the geometry is signed as a single opaque JCS literal instead of exploded into RDF lists (root-level term -> applies at every nesting depth). Cuts canonicalization from ~22s to ~1.5s on a large real schema. Gated by `geoJsonCoordinatesAsJson`, passed by schema-publish-helper as `entity !== EVC`: EVC schemas keep the old context because BBS+ selective- disclosure derive flattens nested arrays inside an @JSON literal, corrupting the revealed geometry. `@type: @json` changes only JSON-LD canonicalization, not the stored JSON document, so consumers reading the geometry as JSON are unaffected. The change applies to newly published schema contexts; existing credentials keep verifying against their own published context.
diff --git a/common/src/helpers/schemas-to-context.ts b/common/src/helpers/schemas-to-context.ts
@@ -15,6 +15,11 @@ export function schemasToContext(
         type?: string | undefined;
         // tslint:disable-next-line:completed-docs
         rootTerms?: any;
+        // Map GeoJSON `coordinates`/`bbox` to a single `@type: @json` literal instead of
+        // expanding them per-coordinate into RDF (huge JSON-LD canonicalization cost on sign).
+        // MUST be false for EVC schemas: BBS+ selective-disclosure derive flattens @json values.
+        // tslint:disable-next-line:completed-docs
+        geoJsonCoordinatesAsJson?: boolean;
     }
 ): {
     // tslint:disable-next-line:completed-docs
@@ -32,5 +37,16 @@ export function schemasToContext(
             replacedContext['@context'][contextEntry[0]] = contextEntry[1];
         }
     }
+    if (contextSettings?.geoJsonCoordinatesAsJson && additionalContexts && additionalContexts.has('#GeoJSON')) {
+        // GeoJSON `coordinates`/`bbox` are deeply-nested numeric arrays. Expanding them into
+        // RDF (per-coordinate) makes JSON-LD canonicalization super-linear — a large MultiPolygon
+        // takes tens of seconds and tens-to-hundreds of MB to sign. Map them to a single @json
+        // literal (root-level, so it applies at every nesting depth) so the geometry is signed as
+        // an opaque JCS value instead of exploded into RDF lists. Requires JSON-LD 1.1 (set above).
+        // Gated by the caller: EVC schemas must NOT use this — BBS+ selective-disclosure derive
+        // flattens nested arrays inside an @json literal, corrupting the revealed geometry.
+        replacedContext['@context'].coordinates = { '@id': 'https://purl.org/geojson/vocab#coordinates', '@type': '@json' };
+        replacedContext['@context'].bbox = { '@id': 'https://purl.org/geojson/vocab#bbox', '@type': '@json' };
+    }
     return replacedContext;
 }
diff --git a/guardian-service/src/helpers/import-helpers/schema/schema-publish-helper.ts b/guardian-service/src/helpers/import-helpers/schema/schema-publish-helper.ts
@@ -6,6 +6,7 @@ import {
     ISchemaDocument,
     ModuleStatus,
     Schema,
+    SchemaEntity,
     SchemaHelper,
     SchemaStatus,
     SentinelHubContext
@@ -52,7 +53,11 @@ export function generateSchemaContext(item: SchemaCollection) {
     checkSchemaProps(item, itemDocument);
     const defsArray = itemDocument.$defs ? Object.values(itemDocument.$defs) : [];
     const additionalContexts = getAdditionalContexts(itemDocument);
-    return schemasToContext([...defsArray, itemDocument], additionalContexts);
+    return schemasToContext([...defsArray, itemDocument], additionalContexts, {
+        // Sign GeoJSON geometry as an opaque @json literal (fast canonicalization) — but NOT for
+        // EVC schemas, where BBS+ selective-disclosure derive would flatten the revealed geometry.
+        geoJsonCoordinatesAsJson: item.entity !== SchemaEntity.EVC,
+    });
 }
 
 export function generatePackage(options: {
@@ -96,7 +101,10 @@ export function generatePackage(options: {
         Array.from(defsArray.values()),
         additionalContexts,
         {
-            vocab: 'https://w3id.org/traceability/#undefinedTerm'
+            vocab: 'https://w3id.org/traceability/#undefinedTerm',
+            // Only optimize GeoJSON-as-@json when NO packaged schema is EVC (selective disclosure),
+            // since the package shares one context and @json breaks BBS+ derive of geometry.
+            geoJsonCoordinatesAsJson: schemas.every((s) => s.entity !== SchemaEntity.EVC)
         }
     );
 
