Releases: slimissa/cagoule
Release list
CAGOULE v2.5.4 — Mersenne Acceleration + Security Hardening
CAGOULE v2.5.4 — The Complete v2.5.x Release
This release covers all work from v2.5.0 through v2.5.4 — the Mersenne Acceleration cycle with full security hardening.
v2.5.0 — Mersenne Acceleration (Performance)
| Feature | Impact |
|---|---|
| Mersenne-64 prime pool (8 primes, HKDF-selected) | 13 instructions vs 22 Barrett |
mulmod_mersenne64x4 AVX2 |
~41% faster modular multiplication |
| Option A dual accumulator | Dependency chain depth 16→8 |
| Z-Domain Shifting (C-layer) | +32% Python end-to-end |
encrypt_bulk() / decrypt_bulk() |
Single Argon2id derivation for N messages |
Performance (vs v2.4.0):
- Python encrypt-1MB: 5.2 → 6.9 MB/s (+33%)
- Python decrypt-10MB: 8.5 → 14.4 MB/s (+69%)
- C encrypt: 8.0 → 10.8 MB/s
- Parallel 16 workers: 29.2 MB/s
v2.5.4 — Security Hardening
| Priority | Feature | Version |
|---|---|---|
| P0 | Z-Domain inline — zero malloc in encrypt hot path | |
| P1 | dudect constant-time empirical validation | |
| P2 | libFuzzer harness — 500K iterations, 0 crashes | |
| P3 | SECURITY.md — complete threat model | |
| P4 | CI multi-arch (x86_64 + ARM64 QEMU) |
Testing
| Suite | Result |
|---|---|
| C tests (10 binaries) | 4,088,031 assertions, 0 failed |
| Python tests | 578 passed, 0 failed, 20 skipped |
| Valgrind (7 binaries) | 0 memory errors, 0 leaks |
| libFuzzer | 500,000 iterations, 0 crashes |
| dudect constant-time | C algebraic layer empirically validated |
Platform Support
| Intel x86-64 | AMD Ryzen/EPYC | ARM64 | Apple Silicon |
|---|---|---|---|
| ✅ AVX2 | ✅ AVX2 | ✅ Scalar (CI) | ✅ Scalar (CI) |
Documentation
- ARCHITECTURE.md — Complete data-flow diagram and design decisions
- SECURITY.md — Threat model, constant-time validation, vulnerability reporting
All v2.5.x Versions
| Version | What |
|---|---|
| v2.5.0 | Mersenne acceleration, Option A, Z-Domain Shifting |
| v2.5.1 | AVX2 detection fix, Z-Domain + Mersenne pool tests |
| v2.5.2 | +44K assertions — complete test coverage |
| v2.5.3 | Doc fixes, Mersenne benchmark suite |
| v2.5.4 (P0+P1) | P0: No-malloc Z-Domain + P1: dudect validation |
| v2.5.4 (P2) | P2: libFuzzer harness (500K clean runs) |
| v2.5.4 (P3) | P3: SECURITY.md threat model |
| v2.5.4 (P4) | P4: CI multi-arch + updated README |
Looking Ahead: v3.0.0 Roadmap
The next major release targets a 10× single-core throughput improvement by eliminating the Python wrapper bottleneck and introducing CTR mode:
| Priority | Feature | Impact |
|---|---|---|
| P0 | CGL1 wrapper in C (parsing, PKCS7, ctypes dispatch) | ~60% Python overhead eliminated — target >15 MB/s Python API |
| P1 | CTR mode — multi-block SIMD without inter-block dependency | ×4–8 on the C layer (4 blocks in parallel) |
| P2 | 4-block simultaneous SIMD pipeline in CTR | >25 MB/s C-layer, >15 MB/s Python API |
| P3 | ARM NEON backend (Apple Silicon, AWS Graviton) | Native performance on ARM64 without QEMU |
| P4 | IACR ePrint publication + formal algebraic specification | External validation, academic credibility |
| P5 | cagoule-pass v2.0.0 — QShell vault integration | End-user product in the QuantOS ecosystem |
The v2.5.x cycle proved the algebraic layer works and is secure. v3.0.0 makes it fast.
CAGOULE — Cryptographie Algébrique Géométrique par Ondes et Logique Entrelacée
Slim Issa — Kairouan, Tunisia — QuantOS platform — MIT License
Cagoule v2.4.0
CAGOULE v2.4.0 — Pipeline & Bulk Release
Released: May 20, 2026
CAGOULE v2.4.0 focuses on pipeline parallelism in the C algebraic layer and batch encryption in the Python API. After fully vectorising all algebraic components (v2.2.0–v2.3.0), the remaining bottlenecks were instruction-level parallelism in the CBC cipher and Argon2id overhead in multi-message workloads.
What's New
P1a — Encrypt Unroll4 + Prefetch
Loop unrolling ×4 with L2/L3 cache prefetch on the encrypt path. CBC's sequential dependency prevents true pipelining, but unrolling reduces loop overhead and prefetch hides memory latency. ~+25% C-layer encrypt throughput.
P1b — Decrypt Pipeline4
True 4-way parallel decryption exploiting CBC's natural independence: RK-sub, SBox⁻¹, and MatInv for block N depend only on cipher[N], enabling simultaneous execution across 4 blocks via CPU out-of-order execution. ~×2 C-layer decrypt throughput.
P2 — encrypt_bulk / decrypt_bulk
Encrypt N messages with a single Argon2id key derivation. Parameters are derived once and reused across all messages, dropping the GIL-holding serial fraction from ~46% to ~10%. ProcessPool scaling delivers near-linear speedup through 8 workers.
P4 — Thread-Local Buffer Pool
Reusable ctypes buffers (padded_buf, out_buf, rk_arr, input_buf) allocated once per thread and grown on demand. Eliminates per-call allocation overhead. +71% single-core throughput in parallel workloads.
GIL Release on Heavy C Calls
cagoule_cbc_encrypt, cagoule_cbc_decrypt, cagoule_matrix_mul, cagoule_sbox_block_forward, and their inverses now release the Python GIL during execution via ctypes.release_gil = True.
Bug Fixes
- Decrypt residual loop (
n_blocks % 4 != 0): fixedsaved_r[]CBC ciphertext tracking — all 9 residual edge cases now pass _binding.pystruct size: removed oversized_pad/AVX2 fields fromCagouleMatrixC— was 8 bytes too large, causing memory corruptionmake installstale.so: addedrm -fbeforecpto prevent silent overwrite failures
📊 Performance
C Layer (65,536 blocks ≡ 1 MB)
| Metric | v2.3.0 | v2.4.0 |
|---|---|---|
| C encrypt | 9.7 MB/s | 8.0 MB/s |
| C decrypt | — | 8.1 MB/s |
| Ratio dec/enc | — | 0.99× |
| S-box AVX2 | 120 MB/s | 70.1 MB/s |
Python API
| Test | v2.4.0 |
|---|---|
| encrypt-1KB | 5.8 MB/s |
| encrypt-1MB | 5.2 MB/s |
| encrypt-10MB | 5.1 MB/s |
| decrypt-1MB | 4.6 MB/s |
| decrypt-10MB | 8.5 MB/s |
Parallel Scaling (encrypt_bulk + ProcessPoolExecutor)
| Workers | Throughput | Speedup | Efficiency |
|---|---|---|---|
| 1 | 4.8 MB/s | 1.00× | — |
| 2 | 10.0 MB/s | 2.08× | 104% |
| 4 | 18.5 MB/s | 3.88× | 97% |
| 8 | 29.6 MB/s | 6.19× | 77% |
| 20 | 39.9 MB/s | 8.34× | 42% |
Streaming (64 KB chunks)
| Size | CAGOULE | AES-256-GCM | ChaCha20 |
|---|---|---|---|
| 50 MB | 5.6 MB/s | 456 MB/s | 402 MB/s |
| 100 MB | 5.7 MB/s | 459 MB/s | 401 MB/s |
| 500 MB | 5.7 MB/s | 458 MB/s | 402 MB/s |
Test Suite
| Suite | Result |
|---|---|
| C tests (9 binaries) | 43,686 assertions, 0 failures |
| Python tests | 578 passed, 0 failed, 18 skipped |
| Valgrind (7 binaries) | 0 memory leaks |
Installation
git clone https://github.com/slimissa/cagoule.git
cd cagoule/cagoule/c
make clean && make && make install
pip install -e ".[dev]"from cagoule import encrypt, decrypt, encrypt_bulk, decrypt_bulk
# Single message
ct = encrypt(b"secret", b"password")
pt = decrypt(ct, b"password")
# Bulk encryption (v2.4.0)
messages = [b"alpha", b"beta", b"gamma"]
cts = encrypt_bulk(messages, b"password")
pts = decrypt_bulk(cts, b"password")🔮 Preview: v2.5.0 — Mersenne Acceleration
The performance diagnostic from v2.4.0 identified the Barrett modular multiplication (mulmod64x4) as the dominant bottleneck, consuming 80% of algebraic layer time with a depth-16 dependency chain that limits CPU out-of-order execution.
v2.5.0 will introduce four complementary optimizations:
| Feature | Description |
|---|---|
| Mersenne-64 Prime Pool | 8 primes of form p = 2⁶⁴ – k (k < 2¹⁰), selected via HKDF. Replaces pseudo-random prime with a structure-exploitable one without security reduction. |
mulmod_mersenne64x4 |
AVX2 modular reduction with no DIV instruction, no branching (constant-time). Reduces mulmod cost from ~22 to ~13 instructions. |
| Dual Accumulator | Two independent accumulators per row group in cagoule_matrix_avx2.c. Now feasible without register spill thanks to the register budget freed by Mersenne reduction. |
| Z-Domain Shifting | Key whitening via modular addmod/submod before the matrix and after the S-box. Defense-in-depth against pre-computation attacks on a fixed field. |
Changelog
v2.4.0 — 2026-05-17
C Backend
- New: Pipeline4 decrypt (
_cbc_decrypt_pipeline4_avx2) - New: Encrypt unroll4 + prefetch (
_cbc_encrypt_pipeline4_avx2) - Fixed: Decrypt residual loop —
saved_r[]tracking - New:
test_cipher_pipeline4.c(88 assertions)
Python Layer
- New:
encrypt_bulk()/decrypt_bulk() - New: Thread-local buffer pool (
_buffer_pool.py) - New: GIL release on heavy C calls
- Fixed:
_binding.pystruct size - Fixed:
make installstale.sooverwrite - Fixed: 3 compiler warnings
v2.3.0 — 2026-05-08
S-box AVX2 vectorisation; Mersenne-like reduction; cycle-walking AVX2.
v2.2.0 — 2026-05-06
AVX2 Vandermonde matrix multiply (+67% algebraic layer).
v2.1.0 — 2026-05-01
C port of omega.c; security fix for wrong-password detection.
Author: Slim Issa — Kairouan, Tunisia
Repository: github.com/slimissa/cagoule