]> Unheaded

US stevie@bellis.tech

Internet Independent Submission The Sophia Dictionary Format defines the serialization, storage, and distribution mechanism for semantic metadata that accompanies the Unheaded Protocol. Sophia dictionaries are exponent-decoding tables that translate compact byte values (0x00-0xFF) into meaningful human-readable categories (service identifiers, QoS classes, flow actions, etc.) and their associated metadata. This memo specifies the CBOR serialization format for dictionary entries, the BPF map representation for in-kernel storage, the atomic update protocol for cluster-wide distribution via the Wotan memory bus, and the minimum required dictionary entries for any conformant Unheaded deployment. Draft-03 introduces sub-dictionary type systems for hierarchical knowledge representation and QPACK compression headers for efficient dictionary entry encoding over the wire. Sophia dictionaries support atomic replacement: updates propagate to all nodes in under 10 milliseconds without packet loss or service interruption.

Introduction

Problem Statement The Unheaded Protocol defines a 20-byte register file (the Monad) that travels with every packet. Each byte in the Monad is exponent-encoded: the actual value is reconstructed as base^exponent * multiplier. But where do the base, multiplier, and the semantic meaning of each byte position come from? The answer is Sophia: a distributed, versioned dictionary system that maps byte values to meanings. Sophia is the semantic layer. Without it, the Monad fields carry no application semantics. With it, a 0x03 byte value resolves to "architect" or "realtime" or "forward" or "open" depending on the field position and active dictionary version. This memo specifies: How Sophia dictionaries are represented on the wire (CBOR format per RFC 8949) How they are stored in BPF maps for nanosecond-latency lookups How they are distributed to all nodes atomically via Wotan The minimum dictionary entries that all implementations MUST support Version negotiation and backward-compatibility rules Sub-dictionary type systems for hierarchical knowledge representation (NEW in draft-03) QPACK compression headers for efficient dictionary encoding (NEW in draft-03)

Cross-References This document is part of the Unheaded Protocol specification family: Protocol Foundation : Defines the Monad wire format (20 bytes, FROZEN at v0x01), per-hop processing, IANA registries, and the IANA registration procedures for new metric types. Wotan Memory Protocol : Defines the memory and I/O bus including error code taxonomy, helper return codes, and error recovery procedures.

Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 RFC2119 RFC8174 when, and only when, they appear in all capitals, as shown here.

Terminology

Root Dictionary:

The top-level BPF map (type BPF_MAP_TYPE_HASH) keyed by root entry ID (0x00-0xFF) that points to sub-dictionaries.

Sub-Dictionary:

A BPF map (type BPF_MAP_TYPE_ARRAY_OF_MAPS) indexed by sub-entry ID (0x00-0xFF) that contains semantic metadata.

Nested Sub-Dictionary:

A sub-dictionary that itself contains references to further sub- dictionaries, enabling hierarchical (tree-structured) knowledge representation. (NEW in draft-03)

Sophia Lookup:

A two-level (or deeper for nested sub-dictionaries) hash table traversal: root_map[key0] -> sub_dict_id, then sub_dict[key0][key1] -> value.

Dictionary Version:

An unsigned 8-bit counter (0-255) that increments with each dictionary update. Used for consistency validation across nodes.

Atomic Update:

The act of replacing an entire BPF map and updating the array-of-maps reference in a single atomic kernel operation.

Wotan Topic:

A publish-subscribe channel through which dictionary updates are broadcast. Format: sophia.dictionary.v{N} where N is the version number.

BPF (Berkeley Packet Filter):

Per RFC 9669, the in-kernel virtual machine and map storage system. This memo uses "BPF" not "eBPF" per RFC 9669 conventions.

QPACK:

Header compression format defined in RFC 9204, adapted in this specification for Sophia dictionary entry compression. (NEW in draft-03)

Anamnesis:

The event sourcing subsystem that emits and logs system events (such as instruction traces, anomalies, and profiling metrics) for observability and debugging purposes.

Dictionary Model

Tree Structure Sophia dictionaries are trees, not flat tables. The root level maps entry categories to sub-dictionaries. Each sub-dictionary maps specific values within that category to metadata. Example:

"service_identity" -> sub-dict #1 Sub-dict #1[0x01] -> {name: "captain", ...} Sub-dict #1[0x02] -> {name: "timeguru", ...} Sub-dict #1[0x03] -> {name: "architect", ...} Root entry 0x02 -> "flow_action" -> sub-dict #2 Sub-dict #2[0x01] -> {name: "forward", ...} Sub-dict #2[0x02] -> {name: "trace", ...} Sub-dict #2[0x03] -> {name: "sample", ...} The SAME byte 0x03 means: [0x01, 0x03] = service "architect" [0x02, 0x03] = action "sample" [0x03, 0x03] = qos "realtime" ]]>

This compositional structure provides 256^K total expressible meanings with K key positions, using only 2*K bytes on the wire (K bytes per lookup).

Sub-Dictionary Type System (NEW in draft-03)

Overview Sub-dictionaries in draft-02 were flat: each sub-dictionary entry contained leaf metadata (name, endpoint, key material, etc.). Draft-03 introduces typed sub-dictionaries that MAY themselves contain references to nested sub-dictionaries, enabling hierarchical knowledge graphs.

Sub-Dictionary Types Each sub-dictionary entry includes a type field that determines its structure:

Nested Sub-Dictionary Structure A BRANCH or COMPOSITE entry includes a nested_dict_id field:

Lookup Chain for Nested Dictionaries A nested Sophia lookup performs:

Cost: Each additional nesting level adds one BPF hash lookup (~100ns). Total: ~300ns + 100ns per nesting level.

Maximum Nesting Depth Implementations MUST enforce a maximum nesting depth of 8 levels. If a lookup exceeds 8 levels of nesting, the implementation MUST: Abort the lookup Return an error (SOPHIA_EVT_MISS) Emit an EVENT_ANOMALY to Anamnesis Use the default value for the field This prevents infinite loops from circular references in the dictionary graph.

Circular Reference Detection Implementations MUST detect circular references during lookup. A circular reference occurs when a nested lookup revisits a sub-dictionary index that was previously visited in the same lookup chain. Detection is performed by maintaining a visited set (bitmask of up to 256 sub-dictionary indices) during each lookup:

Use Cases for Hierarchical Dictionaries Service Topology: Model service dependencies as a tree. Root -> service_group -> service_instance -> endpoint. Policy Hierarchies: Inherit QoS policies from parent categories. Root -> department -> team -> service -> policy. Geographic Routing: Organize routing prefixes by region. Root -> continent -> country -> datacenter -> rack. Tenant Isolation: Multi-tenant deployments where each tenant has its own sub-dictionary namespace. Root -> tenant_id -> service_identity -> endpoint.

CBOR Encoding for Nested Entries Nested sub-dictionary entries are serialized in CBOR as:

BPF Map Representation for Nested Dictionaries Nested dictionaries use the same BPF_MAP_TYPE_ARRAY_OF_MAPS indirection as top-level sub-dictionaries. The sophia_dicts array is shared between top-level and nested sub-dictionaries:

Nested sub-dictionary indices MUST be in the range [64-191]. Top-level sub-dictionary indices MUST be in the range [0-63]. This partitioning prevents accidental conflicts between top-level and nested dictionaries.

Root Dictionary The root dictionary is a single BPF hash map with 256 slots. Each key (0x00-0xFF) maps to a root entry structure. Root entries occupy the following key ranges: 0x00: Reserved (MUST NOT be used by any implementation) 0x01-0x0F: Standard categories (see Section 8) 0x10-0xFE: Available for operator assignment 0xFF: Reserved (Yaldabaoth chaos injection)

Initialization Guarantee The root dictionary MUST be fully initialized before any Monad packets are processed by Shim programs. Wotan or system initialization logic MUST: Load all root entries from persistent storage Verify that each standard root key (0x01-0x06) has a corresponding entry Initialize default values for any missing entries using base=2, multiplier=1 Signal readiness to shield/shim components only after this initialization is complete Any attempt to process a packet before Sophia is initialized is a fatal configuration error and MUST be logged.

Dictionary Size Constraints Dictionary capacity is bounded by both entry count and total byte size to prevent denial-of-service attacks via unbounded memory exhaustion.

Per-Flow Dictionary Capacity Each flow maintains its own dictionary with strict limits: Maximum 128 entries per flow Maximum 1 MB total size per flow When adding a new entry would exceed either limit: - Reject the new entry - Return error code 0x09 (Insufficient buffer space) - Do NOT evict existing entries - Emit audit event with reason "dictionary_full"

Global Dictionary Capacity System-wide dictionary capacity MUST NOT exceed 100 MB.

QPACK Compression Headers for Dictionary Entries (NEW in draft-03)

Motivation Sophia dictionary entries can be large, especially when carrying PQC key material (ML-KEM-768 public keys are 1184 bytes, ML-DSA-65 public keys are 1952 bytes). Distributing full dictionary entries over Wotan topics at cluster-wide scale incurs significant bandwidth. QPACK (RFC 9204) is a header compression format designed for HTTP/3 that provides efficient encoding of key-value pairs with static and dynamic table references. This section adapts QPACK for Sophia dictionary entry compression.

QPACK Adaptation for Sophia

Static Table The Sophia QPACK static table contains pre-defined entries for frequently-used dictionary field names and values:

Dynamic Table Each Wotan subscriber maintains a per-connection dynamic table for Sophia entries. The dynamic table is populated as dictionary updates are received and provides reference-based encoding for subsequent updates. Dynamic table capacity: 4096 bytes (configurable via SETTINGS).

Encoding Format Sophia QPACK-compressed entries use the following wire format:

Compression Flags:

Bit 7: QPACK enabled (1=compressed, 0=raw CBOR)

Bit 6: Static table reference present

Bit 5: Dynamic table reference present

Bit 4: Huffman encoding used for string values

Bits 3-0: Reserved (MUST be zero)

Entry Count:

Number of field entries in this compressed block (0-255).

Encoded Fields:

QPACK-encoded field entries per RFC 9204 Section 4.5.

Encoding Rules Fields with values matching static table entries MUST use static table references (1-byte encoding vs. full field encoding). Fields with values matching dynamic table entries SHOULD use dynamic table references. String values longer than 16 bytes SHOULD use Huffman encoding per RFC 9204. PQC key material (pqc_pubkey, signature_pubkey) SHOULD NOT be Huffman-encoded (binary data has poor Huffman compression ratios). New field values MUST be inserted into the dynamic table for future reference, unless the dynamic table is full.

Compression Ratio Expected compression ratios for common Sophia entries:

PQC key material is incompressible; compression primarily benefits metadata fields (names, types, endpoints).

Decompression Limits To prevent decompression bomb attacks: Maximum decompressed entry size: 1 MB (per Section 3.3) Maximum decompression time: 10 milliseconds Maximum dynamic table size: 4096 bytes (prevents memory exhaustion) Decompression MUST fail-safe: on error, reject entry with SOPHIA_EVT_DECOMP_FAIL and emit EVENT_ANOMALY

Backward Compatibility QPACK compression is OPTIONAL. Dictionary entries with Compression Flags bit 7 = 0 are raw CBOR and are processed identically to draft-02 entries. Implementations that do not support QPACK MUST: Check Compression Flags bit 7 If bit 7 = 1: reject entry with error SOPHIA_EVT_DECOMP_FAIL If bit 7 = 0: process as raw CBOR (draft-02 compatible) This ensures that draft-02 and draft-03 implementations can coexist during rolling upgrades.

Dictionary Distribution Sophia dictionaries are distributed to all nodes via the Wotan publish-subscribe topics. The distribution model ensures atomic, cluster-wide updates with zero packet loss.

Wotan Distribution Channel Dictionaries are published on a versioned topic:

Version Negotiation Implementations MUST support at least 2 concurrent dictionary versions. When a new version is published: Subscriber receives dictionary on sophia.dictionary.v{N+1} New maps are created (sophia_dict_1_v{N+1}, etc.) Old version maps remain active Array-of-maps references are atomically updated Old version maps are retained for grace_period (default: 60 seconds) After grace_period, old maps are deleted

Atomic Update Protocol The update sequence is:

in-memory dictionary 4. [Wotan] Create new BPF maps with suffix _v{N+1} 5. [Wotan] Load all entries into new maps (including nested sub-dicts) 6. [Wotan] Update sophia_dicts[0..255] pointers atomically (single atomic map write per sub-dict) 7. [Wotan] Update sophia_version map (key 0, value = N+1) 8. [Wotan] Retain old maps for grace_period 9. [Wotan] After grace_period, delete old maps ]]>

All Shim/Shield nodes see the update within one polling cycle (typically <10ms) of the Wotan write.

Security Considerations

Dictionary Poisoning Attack Vectors Dictionary poisoning attacks attempt to corrupt semantic metadata, enabling: - Service misidentification (0x01 maps to wrong endpoint) - Policy bypass (0x02 maps to permissive action instead of drop) - Cache invalidation (Shim programs crash on bad dictionary entry) Defense mechanisms are specified throughout this document: ML-DSA-65 Signature Verification: All entries from provisioning nodes MUST be signed with ML-DSA-65. Timestamp Validation: Reject updates with timestamps > 5 minutes in future/past. CRC32 Integrity Checks: CBOR payloads include CRC32 checksums. Source Authentication: Whitelist of provisioning node public keys.

Nested Dictionary Security

Depth Limit Enforcement The maximum nesting depth of 8 levels MUST be enforced in all lookup paths. Exceeding this limit is treated as a security violation (potential DoS via deeply nested dictionaries).

Circular Reference Prevention Circular reference detection (Section 3.2.5) MUST be performed on every nested lookup. Circular references in dictionary data could cause infinite loops in BPF programs, leading to verifier timeouts or denial of service.

Namespace Partitioning The partitioning of sophia_dicts indices (0-63 for top-level, 64-191 for nested, 192-255 reserved) MUST be enforced. An attacker who can control nested_dict_id values could reference top-level dictionaries as nested dictionaries, causing semantic confusion.

QPACK Decompression Security

Decompression Bomb Mitigation QPACK-compressed dictionary entries are subject to the same decompression limits as draft-02 compressed entries: Maximum decompressed output: 1 MB Maximum decompression time: 10 milliseconds Explicit compression flags (no implicit detection)

Dynamic Table Poisoning An attacker could send dictionary updates designed to fill the dynamic table with malicious entries, causing subsequent legitimate entries to reference attacker-controlled values. Mitigation: - Dynamic table entries MUST be validated against Sophia schema - Dynamic table MUST be flushed on dictionary version change - Dynamic table capacity is limited to 4096 bytes

Cross-Reference with Foundation and Wotan Security considerations in this memo are aligned with: Section 10 - Security Considerations: Wire format immutability threat model, parser divergence attacks, and verification procedures. Section 12 - Security Considerations: Topic injection attacks, ring buffer memory exhaustion, cross-flow memory access, and WAL tampering detection.

PQC Key Dictionary Integration (NEW in draft-03 update)

Overview Sophia provides the key management layer for the post-quantum cryptographic (PQC) authentication system defined in . Full PQC signatures and public keys are stored in Sophia BPF maps, while the Monad wire format carries only 12-byte references (see PQC Authentication Value Format).

PQC Signature Map (PQC_SIG_MAP) The PQC_SIG_MAP is a BPF hash map keyed by the 32-bit SigRef value from the PQC authentication value.

PQC Key Map (PQC_KEY_MAP) The PQC_KEY_MAP stores public keys indexed by the 16-bit KeyRef value.

PQC Dictionary Operations

Signature Lookup When a BPF program verifies a PQC authentication value:

Key Rotation Key rotation is managed through the key_epoch counter:

PQC Algorithm Support Matrix

Implementations MUST support at least ML-DSA (0x02) and SHOULD support SLH-DSA (0x01) for defense-in-depth.

UPC Opcode Dictionary for Sophia-Driven Instruction Decode (NEW in draft-03 update)

Overview The UPC compute engine uses Sophia dictionaries for instruction decode, enabling runtime-reconfigurable instruction semantics. Instead of hardcoding opcode meanings, the MBC ISA opcodes are mapped through a Sophia dictionary that provides human-readable names, execution metadata, and instruction class information.

Opcode Dictionary Structure The opcode dictionary is a Sophia sub-dictionary (root key 0x10, "code" category) that maps 8-bit opcodes to instruction metadata.

"code" -> sub-dict #16 Sub-dict #16[0x00] -> {name: "NOP", class: "control", cycles: 1} Sub-dict #16[0x01] -> {name: "ADD", class: "arithmetic", cycles: 1} Sub-dict #16[0x30] -> {name: "LD", class: "memory", cycles: 2} Sub-dict #16[0x40] -> {name: "SYSCALL", class: "system", cycles: 0} ]]>

Instruction Class Types

BPF Map Representation

Sophia-Driven Decode in BPF During instruction execution, the MBC CPU MAY look up the opcode in the Sophia opcode dictionary for: Instruction tracing: Emit human-readable instruction name in Anamnesis events instead of raw opcode values Dynamic dispatch: Runtime-reconfigurable instruction behavior via dictionary updates (experimental) Profiling: Per-instruction-class cycle counting and metrics Validation: Verify opcode is in the valid set before execution Implementations MAY cache opcode dictionary entries in a per-CPU BPF array map for fast lookup (~50 ns vs. ~150 ns for hash lookup).

IANA Considerations

Sophia Root Key Registry IANA SHOULD establish a new registry:

Sophia Sub-Dictionary Type Registry (NEW in draft-03) IANA SHOULD establish a new registry:

Sophia QPACK Static Table Registry (NEW in draft-03)

Author's Address Stevie Bellis Unheaded Email: stevie@bellis.tech

In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings. This document proposes a notational convention to express Concise Binary Object Representation (CBOR) data structures (RFC 7049). Its main goal is to provide an easy and unambiguous way to express structures for protocol messages and data formats that use CBOR or JSON. The Concise Binary Object Representation (CBOR) is a data format whose design goals include the possibility of extremely small code size, fairly small message size, and extensibility without the need for version negotiation. These design goals make it different from earlier binary serializations such as ASN.1 and MessagePack. This document obsoletes RFC 7049, providing editorial improvements, new details, and errata fixes while keeping full compatibility with the interchange format of RFC 7049. It does not create a new version of the format. This specification defines QPACK: a compression format for efficiently representing HTTP fields that is to be used in HTTP/3. This is a variation of HPACK compression that seeks to reduce head-of-line blocking. eBPF (which is no longer an acronym for anything), also commonly referred to as BPF, is a technology with origins in the Linux kernel that can run untrusted programs in a privileged context such as an operating system kernel. This document specifies the BPF instruction set architecture (ISA). NIST There is a noticeable trend towards network behaviors and semantics that are specific to a particular set of requirements applied within a limited region of the Internet. Policies, default parameters, the options supported, the style of network management, and security requirements may vary between such limited regions. This document reviews examples of such limited domains (also known as controlled environments), notes emerging solutions, and includes a related taxonomy. It then briefly discusses the standardization of protocols for limited domains. Finally, it shows the need for a precise definition of "limited domain membership" and for mechanisms to allow nodes to join a domain securely and to find other members, including boundary nodes. This document is the product of the research of the authors. It has been produced through discussions and consultation within the IETF but is not the product of IETF consensus. In situ Operations, Administration, and Maintenance (IOAM) collects operational and telemetry information in the packet while the packet traverses a path between two points in the network. This document discusses the data fields and associated data types for IOAM. IOAM-Data-Fields can be encapsulated into a variety of protocols, such as Network Service Header (NSH), Segment Routing, Generic Network Virtualization Encapsulation (Geneve), or IPv6. IOAM can be used to complement OAM mechanisms based on, e.g., ICMP or other types of probe packets.

Changes from draft-bellis-unheaded-sophia-dictionary-02 The following changes are made in draft-03: Sub-Dictionary Type System (NEW): Added Section 3.2 defining typed sub-dictionary entries (LEAF, BRANCH, COMPOSITE, ALIAS) for hierarchical knowledge representation. Includes nested lookup chains, maximum nesting depth (8 levels), circular reference detection, BPF map representation, CBOR encoding, and use cases. QPACK Compression Headers (NEW): Added Section 5 defining QPACK-based compression for dictionary entries. Includes static table (24 entries), dynamic table management, encoding format, compression ratios, decompression limits, and backward compatibility with draft-02 raw CBOR entries. Cross-References to Foundation draft-06 (UPDATED): Updated UNHEADED-FOUNDATION reference from draft-04 to draft-06. Added Section 1.1 documenting the specification family structure. Added cross-references to Wotan draft-03 throughout. Sophia Sub-Dictionary Type Registry (NEW IANA): Added IANA registry for sub-dictionary type codes (0x00-0xFF). Sophia QPACK Static Table Registry (NEW IANA): Added IANA registry for QPACK static table entries. Nested Dictionary Security (NEW): Added security considerations for depth limit enforcement, circular reference prevention, namespace partitioning, QPACK decompression bomb mitigation, and dynamic table poisoning. PQC Key Dictionary Integration (NEW): Added PQC_SIG_MAP and PQC_KEY_MAP BPF map definitions for storing full post-quantum signatures and public keys. Defines signature lookup, key rotation protocol, and algorithm support matrix covering SLH-DSA, ML-DSA, FN-DSA, ML-KEM, and HQC. UPC Opcode Dictionary (NEW): Added Sophia-driven instruction decode for the MBC ISA. Defines opcode dictionary structure (root key 0x10, "code" category), 10 instruction class types, 32-byte BPF map entry format, and Sophia-driven decode use cases (tracing, dynamic dispatch, profiling, validation). Updated Date: Changed date from 2026-03-05 to 2026-03-15. All changes in draft-03 are purely additive. No existing dictionary format, wire encoding, or processing rule from draft-02 is modified or removed. Draft-02 CBOR entries remain valid in draft-03.

Acknowledgments The Linux kernel BPF community (Alexei Starovoitov, Daniel Borkmann, Song Liu) for the infrastructure enabling per-packet computation in the kernel datapath. The authors of RFC 9669 (BPF ISA), RFC 8799 (Limited Domains), and RFC 9204 (QPACK) for the foundational protocols that make this design possible. This document was co-authored with assistance from Claude (Anthropic).