Show HN: Ariadne – A Rust implementation of aperiodic cryptography
Ariadne Suite
This repository contains the Ariadne Suite, our canonical Rust implementation of the Ariadne Protocol. The protocol is a novel cryptographic architecture we designed around the Labyrinth Construction to provide aperiodic, or non-repeating, cryptographic transformations.
The project mission is to create resilient, open-source tools for digital sovereignty.
This is independent research, released as a public good. Its continuation, development, and future security audits are funded by community support.
Contribute at donate.ciphernomad.org
⚠️ Security Warning & Disclaimer ⚠️
This is unaudited, experimental alpha software provided for research and educational purposes only.
The cryptographic designs herein are novel. While built upon standard, vetted primitives (BLAKE3, XChaCha20, X25519), the security of the overarching Ariadne Protocol has not been formally verified by third-party audit.
DO NOT USE FOR PRODUCTION OR REAL-WORLD APPLICATIONS.
Use is entirely at your own risk. This software is provided "as is", without warranty of any kind.
Core Concepts of the Ariadne Protocol
The protocol is built on two core ideas we developed: the Labyrinth and the Thread.
- The Labyrinth: A large, deterministically generated binary tree of cryptographic
Rounds. This can be a shared public parameter, not a secret. - The Thread: The secret, aperiodic path taken through the Labyrinth's nodes during an operation.
The Emergent Path Mechanism
The core innovation of the protocol is how the Thread is formed. It is not stored or transmitted. Instead, the path is rediscovered dynamically for each block of data. A Cryptographic Virtual Machine (CVM) determines the next turn (left or right) in the Labyrinth by computing a keyed hash of its own secret state and the public ciphertext chunk.
An attacker, who sees the public ciphertext but lacks the secret key and state, cannot compute this hash. The path remains secret, woven into the data stream at zero overhead.
Aperiodic by Design
The Ariadne Protocol is a fundamental departure from conventional, periodic ciphers that apply the exact same sequence of operations to every block of data.
In our design, the CVM's internal state is updated after every block, acting as a cryptographic ratchet. This new state is then used to derive the keys and path for the next block. Because the state transition is a secure pseudo-random function, the CVM's state never repeats.
This guarantees that the sequence of cryptographic transformations is aperiodic: no two blocks, even within the same message, are ever processed in the exact same way. Each step is a unique function of the entire history of the operation up to that point.
Inherent Tamper Resistance
This stateful, aperiodic design provides inherent tamper evidence. If an attacker reorders, truncates, or modifies any part of the ciphertext stream, the thread is snapped. The CVM's internal state will irrevocably diverge from the legitimate path, and all subsequent data will be processed into non-meaningful, pseudorandom noise.
Design Limitations & Trade-offs
- Finite Path Length: The Labyrinth has a finite depth. This imposes a maximum size on any single message, which is a product of
Labyrinth Depth×Block Size. - No Random Access: Decryption requires sequential processing from the first block, as all preceding blocks are needed to determine the correct path and state for any given block.
The Ariadne Suite Ecosystem
This workspace contains the core components of the suite, organized for clarity and composability.
ariadne-core: Core data structures and the shared language of the suite.ariadne-generator: The deterministic Labyrinth factory.ariadne-primitives: Low-level cryptographic engines (CFB, MAC, KDF, Ratchet).ariadne-etm: A robust, stateless AEAD. This is the recommended starting point for stateless use cases.ariadne-transport-static: A forward-secret transport protocol using a shared, static Labyrinth.ariadne-transport-ephemeral: A forward-secret transport protocol generating a unique Labyrinth per session.
Getting Started
The recommended way to use the suite is by depending on the high-level crates. For stability, pin dependencies to a specific release tag.
Quick Start: Encrypt-then-MAC (EtM)
This example uses the recommended ariadne-etm stateless AEAD.
1. Add to Cargo.toml:
[dependencies]
ariadne-etm = { git = "https://github.com/ciphernomad-org/ariadne.git", tag = "v0.1.0" }
ariadne-generator = { git = "https://github.com/ciphernomad-org/ariadne.git", tag = "v0.1.0" }
2. Use in your code:
use ariadne_etm::{open, seal};
use ariadne_generator::LabyrinthGenerator;
fn main() {
let master_key = b"a_very_strong_master_key_for_etm";
let labyrinth = LabyrinthGenerator::new(master_key).generate(10);
let plaintext = b"This is a confidential message that must also be authentic.";
let associated_data = b"msg_id:12345,re:tx_confirm";
let payload = seal(master_key, &labyrinth, plaintext, associated_data).unwrap();
let decrypted = open(master_key, &labyrinth, &payload, associated_data).unwrap();
assert_eq!(plaintext, decrypted.as_slice());
println!("Success: Roundtrip complete.");
}
For more detailed examples, see the examples directory in each crate.
Build & Run
# Clone the repository
git clone https://github.com/ciphernomad-org/ariadne.git
cd ariadne
# Run the full test suite
cargo test --release --workspace
# Run the EtM AEAD example
cargo run --release --example etm_roundtrip -p ariadne-etm
Philosophy & Contributing
The Ariadne Protocol is our exploration of stateful, aperiodic cryptography where every operation is cryptographically linked to its history.
Community involvement is evaluated on technical merit. For bug reports or feature proposals, open a new issue. For architectural discussions or design proposals, open a discussion thread.
Copyright (c) 2025 CipherNomad [email protected] SPDX-License-Identifier: CC0-1.0
What's Your Reaction?
Like
0
Dislike
0
Love
0
Funny
0
Angry
0
Sad
0
Wow
0
