Symbolic Topology Cipher (STC)
A 256-bit block cipher whose internal structure mirrors the SYNTHOS cognitive pipeline.
Design Overview
STC operates in three phases per round, each inspired by a SYNTHOS layer:
Lattice Permutation
GPL cell routingPlaintext bytes are scattered across a 16-byte block using a key-derived permutation (Fisher–Yates shuffle seeded by SHA-256 of the key). This provides positional confusion.
Regex-Topology S-box
SCM semantic bindingEach byte is substituted through a 256-entry S-box derived by hashing named-capture groups from the key material. The S-box is a full permutation — bijective and invertible.
Möbius Fold
Möbius recursive constructThe block is split in half. The right half is transformed via modular addition with the left half, XORed with the round key. This creates cross-block diffusion.
Parameters
| Parameter | Value |
|---|---|
| Block size | 128 bit (16 bytes) |
| Key size | 256 bit (32 bytes) |
| Rounds | 12 |
| S-box | 256-entry permutation (key-derived) |
| Lattice permutation | 16-entry permutation (key-derived) |
| Round keys | 12 × 16 bytes (SHA-256 of key + round index) |
| Padding | PKCS#7 |
| Authentication | HMAC-SHA256 over envelope (optional, on by default) |
| Key derivation | PBKDF2-HMAC-SHA256, 600,000 iterations |
Modes of Operation
STC-ECB
Each block encrypted independently. Simple but reveals patterns in plaintext. Not recommended for most uses.
STC-CBCdefault
Each block XORed with previous ciphertext before encryption. Default mode. Requires IV (generated randomly).
STC-CTR
Nonce + counter encrypted to produce keystream. Parallelisable and seekable. Good for streaming.
Wire Format
┌──────────┬─────────┬──────┬───────┬────────────┬──────────┬────────────────┬──────────────┐ │ MAGIC │ VERSION │ MODE │ FLAGS │ IV/NONCE │ CT_LEN │ CIPHERTEXT │ HMAC-SHA256 │ │ 4 bytes │ 1 byte │ 1 B │ 1 B │ 16 bytes │ 4 B (BE) │ variable │ 32 B (opt) │ │ "STC1" │ 0x01 │ 0-2 │ bit 0 │ │ │ │ │ │ │ │ │ =auth │ │ │ │ │ └──────────┴─────────┴──────┴───────┴────────────┴──────────┴────────────────┴──────────────┘
Encryption Round (Detail)
for r in 0..11:
state = state XOR round_key[r] # 1. AddRoundKey
state = sbox[state[i]] for each byte # 2. SubBytes
state = permute(state, lattice_order) # 3. Lattice scatter
L, R = state[:8], state[8:] # 4. Möbius fold
R' = ((L[i] + R[i]) % 256) XOR rk[i]
state = L || R'Decryption reverses each step in reverse round order: un-fold → un-permute → inv-sbox → remove round key.
Usage Examples
Python API
from synthos.crypto.stc import SymbolicTopologyCipher, STCKey, STCMode
# Generate a random key
key = STCKey.generate()
# Or derive from passphrase
key = STCKey.from_passphrase("my secret phrase")
# Encrypt
cipher = SymbolicTopologyCipher(key, STCMode.CBC)
ct = cipher.encrypt(b"hello SYNTHOS")
# Decrypt
pt = cipher.decrypt(ct)
assert pt == b"hello SYNTHOS"
# Verbose mode for diagnostics
cipher = SymbolicTopologyCipher(key, verbose=True)
ct = cipher.encrypt(b"trace me")
for line in cipher.trace:
print(line)CLI
# Encrypt (auto-generates key) $ synthos encrypt "hello SYNTHOS" Generated key: a1b2c3d4... 535443310101... # Decrypt $ synthos decrypt 535443310101... -k a1b2c3d4... hello SYNTHOS # Encrypt a file $ cat secret.txt | synthos encrypt -o secret.stc $ synthos decrypt -f secret.stc -k <key> # Verbose mode shows per-round traces $ synthos -vv encrypt "trace me"
Security Properties
- Avalanche. Changing one bit of plaintext or key changes ~50% of ciphertext bits (12 rounds of Möbius folding amplify diffusion).
- Key-dependent structure. S-box, lattice permutation, and round keys are all derived from the master key — no fixed tables.
- Authentication. HMAC-SHA256 over the entire envelope detects tampering.
- IV/Nonce. Random 128-bit IV ensures identical plaintexts produce different ciphertexts.
- KDF. PBKDF2 with 600,000 iterations hardens passphrase-derived keys against brute force.