CAGOULE v2.5.4 — The Complete v2.5.x Release
This release covers all work from v2.5.0 through v2.5.4 — the Mersenne Acceleration cycle with full security hardening.
v2.5.0 — Mersenne Acceleration (Performance)
| Feature |
Impact |
| Mersenne-64 prime pool (8 primes, HKDF-selected) |
13 instructions vs 22 Barrett |
mulmod_mersenne64x4 AVX2 |
~41% faster modular multiplication |
| Option A dual accumulator |
Dependency chain depth 16→8 |
| Z-Domain Shifting (C-layer) |
+32% Python end-to-end |
encrypt_bulk() / decrypt_bulk() |
Single Argon2id derivation for N messages |
Performance (vs v2.4.0):
- Python encrypt-1MB: 5.2 → 6.9 MB/s (+33%)
- Python decrypt-10MB: 8.5 → 14.4 MB/s (+69%)
- C encrypt: 8.0 → 10.8 MB/s
- Parallel 16 workers: 29.2 MB/s
v2.5.4 — Security Hardening
| Priority |
Feature |
Version |
| P0 |
Z-Domain inline — zero malloc in encrypt hot path |
|
| P1 |
dudect constant-time empirical validation |
|
| P2 |
libFuzzer harness — 500K iterations, 0 crashes |
|
| P3 |
SECURITY.md — complete threat model |
|
| P4 |
CI multi-arch (x86_64 + ARM64 QEMU) |
|
Testing
| Suite |
Result |
| C tests (10 binaries) |
4,088,031 assertions, 0 failed |
| Python tests |
578 passed, 0 failed, 20 skipped |
| Valgrind (7 binaries) |
0 memory errors, 0 leaks |
| libFuzzer |
500,000 iterations, 0 crashes |
| dudect constant-time |
C algebraic layer empirically validated |
Platform Support
| Intel x86-64 |
AMD Ryzen/EPYC |
ARM64 |
Apple Silicon |
| ✅ AVX2 |
✅ AVX2 |
✅ Scalar (CI) |
✅ Scalar (CI) |
Documentation
- ARCHITECTURE.md — Complete data-flow diagram and design decisions
- SECURITY.md — Threat model, constant-time validation, vulnerability reporting
All v2.5.x Versions
| Version |
What |
| v2.5.0 |
Mersenne acceleration, Option A, Z-Domain Shifting |
| v2.5.1 |
AVX2 detection fix, Z-Domain + Mersenne pool tests |
| v2.5.2 |
+44K assertions — complete test coverage |
| v2.5.3 |
Doc fixes, Mersenne benchmark suite |
| v2.5.4 (P0+P1) |
P0: No-malloc Z-Domain + P1: dudect validation |
| v2.5.4 (P2) |
P2: libFuzzer harness (500K clean runs) |
| v2.5.4 (P3) |
P3: SECURITY.md threat model |
| v2.5.4 (P4) |
P4: CI multi-arch + updated README |
Looking Ahead: v3.0.0 Roadmap
The next major release targets a 10× single-core throughput improvement by eliminating the Python wrapper bottleneck and introducing CTR mode:
| Priority |
Feature |
Impact |
| P0 |
CGL1 wrapper in C (parsing, PKCS7, ctypes dispatch) |
~60% Python overhead eliminated — target >15 MB/s Python API |
| P1 |
CTR mode — multi-block SIMD without inter-block dependency |
×4–8 on the C layer (4 blocks in parallel) |
| P2 |
4-block simultaneous SIMD pipeline in CTR |
>25 MB/s C-layer, >15 MB/s Python API |
| P3 |
ARM NEON backend (Apple Silicon, AWS Graviton) |
Native performance on ARM64 without QEMU |
| P4 |
IACR ePrint publication + formal algebraic specification |
External validation, academic credibility |
| P5 |
cagoule-pass v2.0.0 — QShell vault integration |
End-user product in the QuantOS ecosystem |
The v2.5.x cycle proved the algebraic layer works and is secure. v3.0.0 makes it fast.
CAGOULE — Cryptographie Algébrique Géométrique par Ondes et Logique Entrelacée
Slim Issa — Kairouan, Tunisia — QuantOS platform — MIT License