Skip to content

CAGOULE v2.5.4 — Mersenne Acceleration + Security Hardening

Latest

Choose a tag to compare

@slimissa slimissa released this 27 May 03:35

CAGOULE v2.5.4 — The Complete v2.5.x Release

This release covers all work from v2.5.0 through v2.5.4 — the Mersenne Acceleration cycle with full security hardening.


v2.5.0 — Mersenne Acceleration (Performance)

Feature Impact
Mersenne-64 prime pool (8 primes, HKDF-selected) 13 instructions vs 22 Barrett
mulmod_mersenne64x4 AVX2 ~41% faster modular multiplication
Option A dual accumulator Dependency chain depth 16→8
Z-Domain Shifting (C-layer) +32% Python end-to-end
encrypt_bulk() / decrypt_bulk() Single Argon2id derivation for N messages

Performance (vs v2.4.0):

  • Python encrypt-1MB: 5.2 → 6.9 MB/s (+33%)
  • Python decrypt-10MB: 8.5 → 14.4 MB/s (+69%)
  • C encrypt: 8.0 → 10.8 MB/s
  • Parallel 16 workers: 29.2 MB/s

v2.5.4 — Security Hardening

Priority Feature Version
P0 Z-Domain inline — zero malloc in encrypt hot path
P1 dudect constant-time empirical validation
P2 libFuzzer harness — 500K iterations, 0 crashes
P3 SECURITY.md — complete threat model
P4 CI multi-arch (x86_64 + ARM64 QEMU)

Testing

Suite Result
C tests (10 binaries) 4,088,031 assertions, 0 failed
Python tests 578 passed, 0 failed, 20 skipped
Valgrind (7 binaries) 0 memory errors, 0 leaks
libFuzzer 500,000 iterations, 0 crashes
dudect constant-time C algebraic layer empirically validated

Platform Support

Intel x86-64 AMD Ryzen/EPYC ARM64 Apple Silicon
✅ AVX2 ✅ AVX2 ✅ Scalar (CI) ✅ Scalar (CI)

Documentation

  • ARCHITECTURE.md — Complete data-flow diagram and design decisions
  • SECURITY.md — Threat model, constant-time validation, vulnerability reporting

All v2.5.x Versions

Version What
v2.5.0 Mersenne acceleration, Option A, Z-Domain Shifting
v2.5.1 AVX2 detection fix, Z-Domain + Mersenne pool tests
v2.5.2 +44K assertions — complete test coverage
v2.5.3 Doc fixes, Mersenne benchmark suite
v2.5.4 (P0+P1) P0: No-malloc Z-Domain + P1: dudect validation
v2.5.4 (P2) P2: libFuzzer harness (500K clean runs)
v2.5.4 (P3) P3: SECURITY.md threat model
v2.5.4 (P4) P4: CI multi-arch + updated README


Looking Ahead: v3.0.0 Roadmap

The next major release targets a 10× single-core throughput improvement by eliminating the Python wrapper bottleneck and introducing CTR mode:

Priority Feature Impact
P0 CGL1 wrapper in C (parsing, PKCS7, ctypes dispatch) ~60% Python overhead eliminated — target >15 MB/s Python API
P1 CTR mode — multi-block SIMD without inter-block dependency ×4–8 on the C layer (4 blocks in parallel)
P2 4-block simultaneous SIMD pipeline in CTR >25 MB/s C-layer, >15 MB/s Python API
P3 ARM NEON backend (Apple Silicon, AWS Graviton) Native performance on ARM64 without QEMU
P4 IACR ePrint publication + formal algebraic specification External validation, academic credibility
P5 cagoule-pass v2.0.0 — QShell vault integration End-user product in the QuantOS ecosystem

The v2.5.x cycle proved the algebraic layer works and is secure. v3.0.0 makes it fast.

CAGOULE — Cryptographie Algébrique Géométrique par Ondes et Logique Entrelacée
Slim Issa — Kairouan, Tunisia — QuantOS platform — MIT License