Logical Entropy Cypher v1.0: Encryption Engine Based on Logical Entropy

Logical Entropy Cypher

Encryption Engine Based on Logical Entropy

This document presents a practical, educational approach to wrapping standard ciphers (such as AES-256-GCM) with a layer of «logical entropy» that adds structural variability, configurable diffusion and authentication of the internal logic. It is designed to integrate without breaking compatibility or existing infrastructure.

Concept of Logical Entropy and Its Relation to Cryptography

  • Idea central Logical entropy provides additional entropy by dynamically segmenting the plaintext, applying an unpredictable permutation, and performing a reversible mixing step (XOR or Feistel) before the AEAD stage.
  • Relationship to modern cryptography The logical layer operates on top of a proven cryptographic engine (AES-GCM), adding structural complexity without weakening the underlying security.
  • Purpose Compatibility and reinforcement rather than replacement. It enables an orderly migration path to post-quantum schemes while preserving the same architectural model.

Architecture and Encryption Flow

Inputs and Key Derivations

  • Inputs
    • Seed 512 bits as the master secret.
    • Logical nonce 96 bits for deterministic derivations and AEAD.
    • Message arbitrary bytes.
  • Derivations using HKDF and domain separation
    • Kseg segmentation domain key.
    • Kperm permutation domain key.
    • Kmix mixing/keystream domain key.
    • Kaead AEAD key for AES-256-GCM.

Steps of the Logical Entropy Layer

  1. Segmentation
    • Deterministic cuts derived from Kseg and the logical nonce produce k segments with no empty pieces.
  2. Permutation
    • Fisher-Yates shuffle using an HMAC-CTR PRNG (Kperm + nonce) yields a reproducible but unpredictable order.
  3. Mixing (lite mode)
    • XOR per segment with a keystream derived from Kmix and the nonce. The operation is reversible.
  4. AEAD
    • AES-256-GCM encrypts the concatenated C’.
    • Associated Data includes version, k, hash of cuts, hash of permutation and permuted segment lengths to protect the internal logic.

Comparative Table and Practical Value

Aspect AES-256-GCM Logic Entropy Lite
Source of entropy Key and nonce Key, nonce, cuts and permutation
Diffusion High and fixed Configurable (XOR or Feistel)
Authentication scope Data and optional AD Data and internal logic authenticated
Compatibility Standard Wrapping, interoperable
Post-quantum posture ~128 bits effective Similar plus structural complexity
Migration to PQC AEAD Requires replacement Logical layer reusable with new AEAD

Value statement The logical entropy layer forces an attacker to reconstruct and authenticate the internal structure before meaningful manipulation is possible. It increases the practical effort required to exploit real systems while preserving interoperability with standard AEAD primitives.

Installation and Usage

Requirements

  • PHP 8+ with OpenSSL enabled.
  • Standard extensions: hash, openssl.

Installation

  • Quick option: copy the logic_entropy_lite.php file into your project.
  • Distribution: publish as a Composer package if you plan to share or maintain it.

Basic usage

  • Encrypt (lite) example

<?php
require 'logic_entropy_lite.php';

$seed512 = random_bytes(64); // 512 bits
$nonce_logic = random_bytes(12); // 96 bits
$msg = "Hola mundo";

$enc = logic_entropy_lite_encrypt($seed512, $nonce_logic, $msg);

echo "Original: {$msg}\n";
echo "Ciphertext (hex): {$enc['ciphertext_hex']}\n";
echo "Tag (hex): {$enc['tag_hex']}\n";

Decrypt (full) example

 

<?php
$rec = logic_entropy_lite_decrypt_full($seed512, $enc);

echo "Reversal (decrypted): {$rec}\n";

 

The «lite» version adds a layer of structural complexity on top of a proven AEAD (AES-256-GCM). Its practical robustness comes primarily from two independent layers:

  • the symmetric security of the underlying AEAD engine (confidentiality and integrity), and
  • the authentication of the logic (cuts, permutations, lengths) included in the AD.

This means that as long as AES-GCM remains secure and the correct usage rules (no repeated nonces, sufficiently long keys) are followed, basic confidentiality and integrity remain intact. The logical layer increases the practical difficulty for a real attacker by forcing them to reconstruct an additional authenticated internal structure.

Advantages over encryption methods it uses (AES, ChaCha)

  • Additional workload for the attacker: it is not enough to attack the AEAD block; the authenticated segmentation and permutation must be reconstructed.
  • Extended authentication: the internal logic is covered by AD, so any structural manipulation would break the AEAD verification.
  • Configurable diffusion: allows you to adjust the degree of mixing (XOR vs Feistel) to increase diffusion if required.
  • Operational compatibility: It integrates without replacing proven cryptographic engines, thus inheriting their basic guarantees.

Known limitations and weaknesses

  • Security reduced to that of AEAD: if AES-GCM fails in practice (due to incorrect use, vulnerable implementation, or specific future attacks), the lightweight layer does not fix it; it only increases the practical cost of the attack.
  • Dependence on secrecy and nonces: the determination of PRNG and HKDF requires unique secrecy/nonce; reuse of nonce or seeds compromises security.
  • Lite model simplifies mixing: XOR-only mode is easily reversible (by design) and offers limited diffusion against advanced crypto analysis; it is not intended to replace strong internal rounds.
  • Metadata surface: Although AD authenticates the logic, the inclusion and serialization of metadata must be flawless; errors in formatting or handling of AD can create subtle flaws.
  • Not verified by formal analysis: the educational version has not undergone cryptographic auditing or formal testing; construction risks (order of operations, AD packaging) remain.

Production recommendations

  • Never reuse a nonce with the same AEAD key.
  • Version HKDF domains and AD format to support future extensions.
  • Optional telemetry: measure diffusion (Hamming distance) to compare modes.
  • Parallelization: distribute segments to workers in XOR-only mode; use intra-round parallelism for Feistel in the full model.

Conclusion

  • What it delivers A logical entropy layer that strengthens security by treating the message structure as entropy and protecting it via AEAD.
  • Why it matters It allows evolution of cryptographic deployments without a disruptive reset of infrastructure and remains aligned with post-quantum readiness by retaining a symmetric core and being portable to future AEAD primitives.
  • Real world applicability Suitable for firmware updates on chips, web services, and multi-language deployments. The code is simple, auditable and portable

 See the code

Publicado el 06 Nov, 2025

Compartir en FacebookCompartir en XCompartir en LinkedinCompartir en PinterestCompartir en Whatsapp