SYSTEM AND METHOD FOR ENCRYPTION AND DECRYPTION USING LOGIC SYNTHESIS

Abstract

Method decrypting and/or encrypting an input message: providing at least five of sixteen first order logic functions; and decrypting and/or encrypting the input message based on the at least five first order logic functions.

Claims

1. Method decrypting and/or encrypting an input message: providing five, six, or more of sixteen first order logic functions; decrypting and/or encrypting the input message based on the at least six first order logic functions.

2. Method according to claim 1, wherein at least two of said first order function are chosen from LCM, RCM, XOR, XNOR, NQ, NR.

3. Method according to claim 1, wherein a residual truth value is associated to each of the at least six first order logic functions, or as equivalents to one of the first order logic functions so as to form a bijective function combination pair.

4. Method according to claim 1, wherein a generative logic ruleset is defined, wherein the generative logic ruleset comprises a logic set (Lk) comprising the at least five first order functions and a semiotic set (Ak) comprising a number of symbols in a certain order, wherein the decryption and/or encryption of the input message (m) is based on generative logic ruleset.

5. Method according to claim 4, wherein the generative logic ruleset, the logic set (Lk) and/or the semiotic set (Ak) depends on the cipher key (k).

6. Method according to claim 1, wherein a pseudo-random symbol sequence (K) is determined based on the cipher key (k).

7. Method according to claim 6, wherein an initialisation word (IWk) is derived from the cipher key (k) and the pseudo-random symbol sequence (K) is derived from the initialisation word (IWk) by an expansion function which increases the length of the pseudo-random symbol sequence (K) compared to the initialisation word (IWk), wherein symbolic factoring is used as an expansion function, wherein symbolic factoring uses the logic set (Lk) and the semiotic set (Ak) to derive the pseudorandom symbol sequence (K) from the initialisation word (IWk), wherein an input symbol sequence is based on the initialisation word (IWk), wherein symbolic factoring combines a first input symbol and a second input symbol of the input symbol sequence by a first order logic function selected for the combination of the two symbols to derive at least one output symbol, wherein an output symbol sequence is based on the at least one output symbol, wherein the pseudo-random symbol sequence (K) is based on the output symbol sequence.

8. Method according to claim 1, wherein decrypting and/or encrypting the input message comprises at least one processing step including processing an intermediate input message to obtain an intermediate output message, wherein the intermediate input message is based on the input message, wherein an output message of the decryption or encryption is based on the intermediate output message.

9. Method according to claim 8, wherein the at least one processing step comprises a structuring step, wherein either the structuring step comprises for encrypting the input message the following steps: provide an initialisation symbol sequence (minit); combine, preferably concatenate the initialisation symbol sequence (minit) with an intermediate input message of the structuring step to obtain a combined symbol sequence; transform the symbols of the combined symbol sequence based on the semiotic set (Ak) and/or the logic context and based on the pseudo-random symbol sequence (K) into a transformed symbol sequence, wherein an intermediate output message of the structuring step depends on the transformed symbol sequence or the structuring step comprises for decrypting the input message the following steps: provide an initialisation symbol sequence (minit); determine a part of a retransformed symbol sequence based on the initialisation symbol sequence; retransform the symbols of the intermediate input message into the retransformed symbol sequence based on the semiotic set (Ak) and/or the logic context and based on the pseudo-random symbol sequence (K), wherein an intermediate output message of the structuring step depends on the retransformed symbol sequence.

10. Method according to claim 8, wherein the at least one processing step comprises a transposition step, wherein either the transposition step comprises for encrypting the input message the step of transposing symbols or bits of an intermediate input message of the transposition step based on the pseudo-random symbol sequence (K) to obtain a transposed sequence, wherein an intermediate output message of the transposition step depends on the transposed sequence; or the transposition step comprises for decrypting the input message the step of re-transposing symbols or bits of an intermediate input message of the transposition step based on the pseudo-random symbol sequence (K) to obtain an intermediate output message of the transposition step.

11. Method according to claim 10, wherein a succession function for counting is defined with at least two different successors for an element and with a successor rule for deciding under which condition which successor is applied, wherein the symbols or bits are transposed or re-transposed based on the succession function.

12. Method according to claim 8, wherein the at least one processing step comprises a logic function step, wherein either the logic function step comprises for encrypting the input message the following steps: providing a logic function series (EDk); transforming a logic function message based on the logic function series (EDk) into a transformed logic function message, wherein an intermediate output message of the logic function step for encryption depends on the transformed logic function message, wherein the logic function message depends on an intermediate input message of the logic function step for encryption; or the logic function step comprises for decrypting the input message the following steps: providing a logic function series (EDk); re-transforming a transformed logic function message based on the logic function series (EDk) into a logic function message, wherein an intermediate output message of the logic function step for decryption depends on the logic function message, wherein the transformed logic function message depends on an intermediate input message of the logic function step for decryption.

13. Method according to claim 8, wherein the at least one processing step comprises either for encryption the following steps: the structuring step, wherein an intermediate input message of the structuring step depends on the input message; the first transposition step, wherein an intermediate input message of the first transposition step depends on the intermediate output message of the structuring step; the logic function step, wherein an intermediate input message of the logic function step depends on the intermediate output message of the first transposition step; the second transposition step, wherein an intermediate input message of the second transposition step depends on the intermediate output message of the logic function step and on a hash resulting from one of the previous intermediate input messages or one of the previous intermediate output messages and/or on an further decryption initialization value output from the logic function step; for decryption the following steps: the second transposition step, wherein an intermediate input message of the second transposition step depends on the input message, wherein an intermediate output message of the second transposition step and a decryption initialisation value and/or a hash is given out from the second transposition step; the logic function step, wherein an intermediate input message of the logic function step depends on the intermediate output message of the second transposition step and the decryption initialisation value; the first transposition step, wherein an intermediate input message of the first transposition step depends on the intermediate output message of the logic function step; the structuring step, wherein an intermediate input message of the structuring step depends on the intermediate output message of the first transposition step, wherein the output message depends on the intermediate output message of the structuring step.

14. Apparatus configured to perform the steps of the method of claim 1.

15. Computer program configured to perform the steps of the method of claim 1 when executed on a processor.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

[0076] The invention will be better understood with the aid of the description of an embodiment given by way of example and illustrated by the figures, in which:

[0077] FIG. 1 shows a schema of an embodiment of the cipher for encryption

[0078] FIG. 2 shows a complete first order predicate logic truth table

[0079] FIG. 3 shows a general schema for symbolic factoring

[0080] FIG. 4 shows a non-ordinal succession function affinity matrix and graph

[0081] FIG. 5 shows how a non-ordinal affinity matrix is constituted

[0082] FIG. 6 shows an example of a transposition using the non-ordinal function

[0083] FIG. 7 shows an example of base semiotic set of binary symbols set 4 bits long

[0084] FIG. 8 shows a standard first order logic connector set

[0085] FIG. 9 shows an example segmentation of a cipher key

[0086] FIG. 10 shows a secret semiotic set of binary symbols

[0087] FIG. 11 shows a secret logic connector set

[0088] FIG. 12 shows an example complete residual set truth table

[0089] FIG. 13 shows a logic context set

[0090] FIG. 14 shows a semantic root matrix

[0091] FIG. 15 shows the diagram of the symbolic factoring algorithm

[0092] FIG. 16 shows a non-ordinal selection algorithm diagram

[0093] FIG. 17 shows an example of encryption using generative logic

[0094] FIG. 18 shows an example of decryption using generative logic

DETAILED DESCRIPTION OF AN EMBODIMENT OF THE INVENTION

[0095] First, one exemplary embodiment of the method of the invention will be presented. Second, some general concepts and terms of the invention will be described and/or defined. Third, the individual steps of the embodiment of the invention will be described in more detail.

One Exemplary Embodiment of the Method of the Invention

[0096] The method of the invention describes the encryption and/or decryption of a message m exchanged between at least two subjects. A first subject encrypts the message and sends the encrypted message to a second subject which decrypts the encrypted message to obtain the original message m. The first subject is preferably an apparatus configured for encrypting the message m as described in the following and giving out the encrypted message m, preferably sending the encrypted message m to the second subject. The second subject is preferably an apparatus configured for receiving the encrypted message and/or decrypting the encrypted message to obtain the original message m as described in the following. The sending of the message m from the first to the second subject can be by any way including a network like LAN, WLAN, internet, mobile phone network, LORA or including also the physical transport of the encrypted message e.g. via a data storage. The first and second subject are preferably both configured to act as first or second subject, i.e. being configured to encrypt a message m and to decrypt an encrypted message. The apparatus of the first and/or second subject comprises each preferably a communication section and a processing section. The communication section being configured for receiving an encrypted message and/or for giving out the encrypted message. The processing section is configured for processing the described steps of encryption of the message m and/or for the decryption of the encrypted message m. The processing section can be a general-purpose processor like a CPU, a processor for encryption/decryption, a chip for executing just this encryption and/or decryption or any other processing means. The processing section could also comprise a plurality of sub-processing section as used in multi-core processors (each core being a sub-processing section) or in cloud-computing (each processor being a sub-processing section). It shall be distinguished in the following the cipher scheme and the cipher case. The cipher scheme defines the cipher parameters and methods independent from any inputs. This would correspond normally to the software installed on an apparatus to define the apparatus as first and/or second subject. The cipher case is defined by the cipher scheme plus the first level inputs. The cipher case defines the realisation of the cipher scheme between a group of at least two subjects defined by the first level inputs. The method will be described just for two subjects. It is clear that the first subject could communicate with the present cipher (encryption/decryption scheme) to multiple second subjects instead of just one second subject.

[0097] Given [0098] a set “A.sub.B” of symbols, ordered and indexed by “u”, each encoded as a short binary sequence of length “b” (preferably b≥4), and stored in memory. [0099] a set “L.sub.B” of memory addresses for the 16 1.sup.st order logic functions, each stored in memory represented as a sequence of microcode instructions for the invention's system's processor, ordered and indexed by “v”, arranged in standard order of the values in binary base numerals of the representation of each function's it's truth table. [0100] A keyed message authentication function for the message m, using a key k.sub.a resulting in an Message Authentication Tag(“MAC”) h such as HMAC (m, k.sub.a)=h, represented as a binary sequence, or any other function using at least the m and k.sub.a as parameters, preferably represented as a sequence of microcode instructions for the invention's system's processor.

[0101] Inputs [0102] a message “m” (element 100 in FIG. 1) as a binary sequence of length preferably l(m)≥768 bits. [0103] a cipher key “k” (element 101 in FIG. 1) as a binary sequence of length l(k)≥256 bits, preferably 1(k)≥512). [0104] An authentication key “k.sub.a”, for use in a keyed authentication function (i.e. HMAC)

[0105] Preparation of Generative Logic Ruleset (3)

[0106] k is segmented into several parameters and data structures, stored in random access memory (graphically represented by object 103 9n FIG. 1): [0107] a secret semiotic set “A.sub.k” of binary sequence of length “b”, of 2.sup.b el. as unique randomly arranged values between 1 and 2.sup.b, corresponding to index u of A.sub.B; [0108] a secret logic set “L.sub.k” of 16 elements as unique randomly arranged values between 1 and 16, each corresponding to a unique element index v of L.sub.B; [0109] a secret residual set “R.sub.k” of 16 elements sequences of supplementary truth value each corresponding to a unique element index v of L.sub.B, used to compute “residual” bits for each function of L.sub.k, encoded as sequences of 4 bits in length; [0110] a secret generative context “C.sub.k” as a sequence of random values between 1 and 16, each corresponding to an element index c of L.sub.k; [0111] a symbolic expansion factor “ƒ.sub.e”, as a numeric value; [0112] a symbolic implicit inference factor “ƒ.sub.i”, as a numeric value; [0113] a semantic generation root “G.sub.k”, as an array of numeric values different than l(C.sub.k); [0114] an initialisation word “IW.sub.k”, as a random sequence of bits.

[0115] The elements above are accompanied by a selection function. Some are accompanied as well by an inverse bijective resolution function (i.e. given a function of L.sub.k, or R.sub.k, a given answer, and given only one of the initial elements used in said function, it returns the other used element's index): A.sub.k(a) and A.sub.k.sup.−1(a), L.sub.B(v), L.sub.k(w) and L.sub.k.sup.−1(w), C.sub.k(c), G.sub.k(o,p), R.sub.k(p1,p2) and R.sub.k.sup.−1(r,s, ƒ)—the last two respectively returning the symbol pair which, given a function ƒ, a result s, and a residual r, when ƒ was applied to said symbols, resulted in truth s and residual r.

[0116] Setup for the Cipher

[0117] Segment m in short sequences of length b; then map each one to its symbol index in A.sub.B using B(m;A.sub.B)=m.sub.B, indexed by n.sub.b and with a selection function M.sub.B[n.sub.b]; then, (1)

[0118] Derive a pseudo-random symbol sequence “K” from IW.sub.k, (102 in FIG. 1) segmented into symbols of length b as I.sub.B, using symbolic factoring within the context of L.sub.k, C.sub.k, G.sub.k, ƒ.sub.e and ƒ.sub.i using !.sub.k.sup.σ(I.sub.B)=K applied recursively in n.sub.k iterations over I.sub.B∀[(l(m.sub.B)/ƒ.sub.s)+n.sub.i]≥n.sub.k≥(6×l.sub.ƒ), as well as any intermediary sequence thus generated. The K sequence is indexed by n.sub.k with a selection function K[n.sub.k]; any given symbol in a given K sequence may only ever be used once in the cipher operations below; then,

[0119] Segment an “m.sub.init.sup.” initialization symbol sequence from K such as m.sub.init=(m.sub.k,1, m.sub.k,2, . . . , m.sub.k,n.sub.i)∀[(m.sub.k,n∈A.sub.B)∧(1≥n.sub.i≥l(m.sub.init))], (104 in FIG. 1) with preferably l(m.sub.init)<2.sup.b. Then, applying to successive pairs of elements of m.sub.init, and resulting intermediary sequences functions from L.sub.B selected by L.sub.B(L|k(C|k(n.sub.i))) until only two symbol m.sub.i,1 and m.sub.i,2 remain; then,

[0120] Compute a generative logic function sequence “ED.sub.K” (105 in FIG. 1) by mapping each element of K to the corresponding index represented by said symbol of K within L.sub.k and the truth values within R.sub.k, ED.sub.K=Σ.sub.n.sub.e.sub.=1.sup.n.sup.i.sup.l.sup.ƒ(L.sub.k.sup.−1(K[n.sub.e]); R.sub.k(L.sub.k.sup.−1(K[n.sub.e]))); ED.sub.K indexed with n.sub.e, and a selection function E(n.sub.e).

[0121] Encryption [0122] Transform m.sub.B into a structuring sequence “M.sub.ƒ”, (106 in FIG. 1) which for m.sub.B's symbols produces a sequence M.sub.ƒ with which m.sub.B can be reconstructed relative to a secret alphabet A.sub.k and a context K. and m.sub.init and m.sub.B are first concatenated, and then, using the function T with parameters A.sub.k, m.sub.B+m.sub.init[n−1], m.sub.B+m.sub.init[n], K[n], which returns the edit distance between symbols a.sub.1, a.sub.2, and a given symbol given by K, in A.sub.k. The resulting recursive sequence Σ.sub.n.sub.ƒ.sub.=1.sup.n.sup.ƒ.sup.−l.sup.ƒT is computed with l.sub.ƒ=l(m.sub.init)+l(m.sub.B); only the last l(m.sub.B) elements in the sequence are recorded in M.sub.ƒ. M.sub.ƒ is indexed by n.sub.ƒ, and accompanied by a selection function M.sub.ƒ[n.sub.ƒ]; then, [0123] Transpose the elements of M.sub.ƒ into a sequence “M.sub.T”, (107 in FIG. 1) using a symbol selection function mapped over M.sub.ƒ by a totally ordered set T, generated from k, and contextually evolving over K. The symbols of M.sub.ƒ are sequentially permuted around a set of poles “p” whose relative position over M.sub.ƒ is generated by K, using the attractor function P(M.sub.ƒ[n.sub.ƒ],M.sub.ƒ[p.sub.j+P(K[n.sub.ƒ −1])+C(K[n.sub.ƒ])]). M.sub.T is indexed by n.sub.t and accompanied by a selection function M.sub.t[n.sub.t]. [0124] Infer a symbol sequence M.sub.g using the generated logic sequence ED (108 in FIG. 1) by sequentially applying the logic function pair sequence ED.sub.K recursively to M.sub.T using an application function R(K, M.sub.t, E, n.sub.t) such as R((r.sub.n.sub.t−1 xor K[n]), M.sub.t, E[n.sub.t])=(M.sub.g[n.sub.t]; r.sub.n.sub.t), with r.sub.0=m.sub.i,1, so that a resulting sequence M.sub.g, indexed by n.sub.g and accompanied by a selection function M.sub.g[n.sub.h], which is computed recursively by M.sub.g=Σ.sub.n.sub.t.sub.=1.sup.n.sup.t.sup.=l.sup.ƒ[R(K, M.sub.t, E, n.sub.t)∨r(K, M.sub.t, E, n.sub.t−1)], discarding all r.sub.nt symbols but recording the last r.sub.n in memory. Symbols of M.sub.g and r.sub.n may be substituted by equivalents in A.sub.k; then, [0125] Calculate the authentication tag h for M.sub.G (109 in FIG. 1) using the given function HMAC (m, k.sub.a)=h substituting m for M.sub.G concatenated with m.sub.init, so that h=HMAC((M.sub.G∨m.sub.init), k.sub.a). k.sub.a may alternatively be given in embodiments another value, such as a segment of K of sufficient length; then, [0126] Transpose the concatenation of the h authentication tag and r.sub.n into M.sub.G, (110 in FIG. 1) using the same transposition as for M.sub.T above, except in this case transposing bits of the concatenation (h∨r.sub.n)=h.sub.r within M.sub.G, using the modified transposition function P(h.sub.r[n.sub.g], [P(K[n.sub.g−1])+C(K[n.sub.g])]), thus forming the final ciphertext sequence c, (200 in FIG. 1) which can be then recorded as bytes ready for storage or transmission.

[0127] Decryption [0128] Perform all the steps above from ‘preparation’ to ‘setup of a cipher’; then verify the authentication tag h with k.sub.a, M.sub.g and m.sub.init, by reconstituting the transposition sequence using the corresponding segment of K used to transpose from h and r.sub.n to c originally, then by permutating bits in inverse order to recover these two concatenated sequences along with M.sub.g, then verify h; if it succeeds, segment M.sub.g in symbols of length b; if it fails, stop decrypting; otherwise, [0129] Deduct M.sub.t from M.sub.G using the generated logic sequence ED by recovering each intermediary (r.sub.n.sub.g.sub.−1 xor K.sub.n.sub.g) symbol from the former sequence by recursively applying the R.sub.k.sup.−1 (r.sub.n.sub.g, M.sub.g [n.sub.g], E[n.sub.g]) (M.sub.t[l.sub.ƒ −n.sub.g]; (r.sub.n.sub.g.sub.−1 xor K[n.sub.g])) inverse bijective resolution logic function pair to each (r, s) pair of M.sub.g, starting from the recovered r.sub.n and the last symbol s of M.sub.G to the first symbol s.sub.n of M.sub.G, for 1≤n.sub.t≤l(M.sub.G). Then, in turn, recover the preceding r for the next s symbol by applying the inverse resolution function S.sub.L,1.sup.−1(K[n.sub.g], (r.sub.n.sub.g.sub.−1 xor K[n.sub.ƒ]),XOR); then, [0130] Transpose M.sub.G back to M.sub.ƒ back by reconstituting the transposition sequence using the corresponding segment of K used to transpose to M.sub.G originally, then perform the permutations in inverse order to recover M.sub.ƒ; then [0131] Reconstruct m.sub.B from the restructuration sequence “M.sub.ƒ” according to a context A.sub.k, by generating using K the sequence of symbols M.sub.d=Σ.sub.n.sub.d.sub.=1.sup.n.sup.d.sup.=l(S|d) A.sub.k(A.sub.k.sup.−1(K[n.sub.d])+n.sub.d−1), with accompanying selection function M.sub.d[n.sub.d]; then reconstituting m.sub.B starting with from the last symbol in M.sub.ƒ, recovering m.sub.B with T.sup.−1(A.sub.k; M.sub.d[n.sub.d]−M.sub.ƒ[n.sub.d−1]; M.sub.ƒ[n.sub.d]) m.sub.B [n.sub.d]; then combine symbols of m.sub.B in pairs to recover the message m.

[0132] The invention allows for a much-increased level of security compared to existing cipher, allowing for the diffusion of an authenticated encryption tag without the danger of exposing any information of the underlying message and providing quantum-computer driven cryptanalysis resistance using Shor's or Glover's algorithms.

[0133] General Principles

[0134] Logic and Indeterminacy of Statements

[0135] The mathematical building blocks used in modern cryptography are mostly based on mathematical problems which are difficult to solve—i.e. there ought to be no known algorithms usable to find the answer to said problem with a computing machine within a practical time span. A practical rule of thumb if that any known resolution algorithm's time approaches the number of time necessary to enumerate all possible cipher keys, to attack it with “brute force”, then it is judged to be a good cipher.

[0136] Ciphers have historically been built using difficult numeric or polynomial problems, which usually lent themselves well to transformation into simple reliable linear mechanical, electromechanical or electronic circuits. Logic has generally been applied used in applying only the most basic Boolean logic algebra functions of binary addition (i.e. ADD) and exclusive disjunction (i.e. XOR) to sequences of bits, which it maps directly to basic electronic logic gates. Algorithms using that reduced logic can be implemented in relatively simple chips, and compact die sizes.

[0137] Logic is an interpretative tool of reason. Until recently, with computing power being scarce, in addition to expensive transmission bandwidth and chip engineer time, no logic more advanced has been used in cryptology. Any computing tool using logic could implementing logic reasoning concepts: inference, induction, deduction, amongst many others. Such logic concepts cannot however be trivially implemented with logic gates in simple circuits with no memory or use of recursion, but require a complete Turing machine. Advanced uses of logic have thus been eschewed by cryptology researchers.

[0138] Moreover, logic is a tool for understanding. With the work of Gödel, a century ago, new dimensions of thought had to be included to the logician's toolbox, amongst which the decidability, indeterminacy and computability of statements. His incompleteness theorem states a consistent formal logical or axiomatic system cannot be complete, and that the consistency of axioms cannot be proved within their own system. Many new logic frameworks have been constructed afterwards, with amongst other goals to study logic systems, and how to solve statements within such systems. Such concepts are of chief importance in computer science, and should be even more so in cryptology, which could be said to be the science of selective misunderstanding.

[0139] First Order Logic

[0140] First order logic, also known as first order predicate logic or first-order predicate calculus, has as sixteen different canonically inference rules in its “propositional calculus subset. Such rules, also called “logic operators”, or “logic connectives” are formalised in Boolean algebra. Boolean algebra is well adapted to application as binary logic in electronic hardware, whereas a value of True for a predicate is represented as a “1” and the False value of a predicate is represented as “0”.

[0141] Amongst such operators, implemented as Boolean functions, are for example are TRUE (affirmation), FALSE (contradiction), NEITHER OR (non-disjunction), etc. All such operators can be decomposed combinations of the most basic AND, OR, and NOT functions, expressible as the simplest digital logic gates in electronic hardware.

[0142] The result of the application of such operators to two given predicates p1 and p2 can be found using a so-called “truth table”, which can be technically implemented as a lookup table, accessed with an application function s(p1(n), p2 (n), L (w))=T (w, n) accessing said lookup table. FIG. 2 shows the canonical truth table for first order predicate logic.

[0143] For example, for a given p1 predicate which is True, and a given p2 predicate which is false, to which a non-implication is applied, n=2,u=5, using the lookup function s(p1(2), p2(2), L(5))=T(5,2) to access the lookup table at the(w,n) coordinates of the truth table, giving a value of T, which equals True.

[0144] For a given logic function L(w), a given proposition p1(n), and a Truth value T (w, n), one can find the correct truth value of p2 with inverse resolution function of the form s.sub.L,2.sup.−1(p1(n), T (n), L (w))=Q (n), in which one looks up the table the same way as above. Similarly, for a given logic function L(w), proposition p2(n), and Truth value T(w, n), one can find the p1 truth value with an inverse resolution function of the form s.sub.L,1.sup.−1(p2(n), T(n), L(w))=p1(n), by looking up the correct value.

[0145] For each such function, embodiments store a list of possible result depending on the two sets of input bits in the system's processing unit registers or in memory locations as lookup tables, outputting the results in a third either processing unit register or memory location, which are either “0” bits corresponding to the “false” values, or “1” bits corresponding to “true” values, or, in some embodiments, as a numeric value unique corresponding to the binary value of each result for each such function.

[0146] In embodiments, such functions are represented in memory either as sequences of microcode instructions for the invention's system's processor, or as sequences and combinations of the most basic logic functions or the minimum set of logic gates (AND, OR, NOT), operating over two central processing unit registers, providing the result in a third register.

[0147] Generating a Logic System

[0148] Cryptanalysis techniques are by definition deductive processes. With this invention, we aim to generate a logic system using the cipher key characterizable as a tautology. This logic system is then applying it to the message using the methods of the invention to create a construction which is not logically decidable in polynomial time using traditional cryptanalysis techniques.

[0149] Without the cipher key the ciphertext, as a tautology constructed using both the message and logic system, is incomplete and fully undecidable. Even when inferring logic systems, without having the key, and performing known plaintext attacks, the attacker must to generate all possible of logic systems which can explain a given ciphertext or portion thereof. This requires memory which grows more than exponentially with both the possible number of permutations and substitutions. The coherence of each system must be checked against the known plaintext, consequently making even differential and known plaintext attacks very difficult in polynomial time.

[0150] As generated by the methods of this invention, such systems can only be completed and become by definition complete, coherent, consistent and congruent when using the cipher key with the methods of this invention to complete the system implicitly defined by the ciphertext. Moreover, if the basis for the construction of the logic system is not numeric, there are no systems of equations, linear or affine maps constructible, precluding the use of Shor's algorithm. If the “hidden” variable in the case of Grover's algorithm has the same length as the message, and has no classical numeric basis, then neither is that latter algorithm applicable. The only remaining method available to is thus a brute force enumeration of all possible keys.

[0151] To achieve these goals, using the methods of this invention, we create a sequence of a length greater than the message derived from the cipher key. The technique is the technique of symbolic factoring, also invented by the authors of this invention to derive a stream from the cipher key (see further below). The result is to create a pseudo-random sequence of symbols. Each symbol is then used only once in the cipher and used as parameter either on a first order logic operator, a transposition function or a structuring substitution function, as applied each symbol of a message or smaller.

[0152] In effect, a single sentence in a logic language and system generated by key, i.e. tautology, is created, and has the same size or greater than the length of the message. That sentence is used to both encrypt and decrypt said message, as defined by the methods of this invention.

[0153] As the methods of this system are executable in fixed deterministic number of steps, the logic systems created by the methods of this invention can be used as a standalone cipher, or, alternatively as a counter mode for any existing cipher, such as AES or ChaCha20.

[0154] Symbolic Factoring

[0155] Given two symbols from a given alphabet, not taken as numbers, but as a combination within a given coherent logic system, the goal of symbolic factoring is to compute, given a valid statement in a given logic system using said alphabet, a sequence of symbols which can, when combined with said logic statement and the two starting symbols, form a coherent, congruent and consistent logic system, with each symbol representing a given predicate within said system.

[0156] In more practical terms, for any two given symbols, this signifies the goal is to find the suite of symbols which, when used in conjunction with a sequence of logic connective, combine to the two above-mentioned symbols when following said connectives.

[0157] Symbolic factoring takes numbers (or binary sequences as bytes), not by their numeric value, to which a classical factoring algorithm is applied resulting in the smallest possible factors, but as symbol conjunctions. By that logic, in a simplistic example, one could factor the symbol combination “17” as the list of symbols within its “alphabet” of definition, the Arabic numerals, displayed in standard increasing or decreasing order of their numeric value, which would be the conjunction logic, in which case the factors would be {2,3,4,5,6}, or for the symbolic factor 84 the result would be {7,6,5}.

[0158] This factoring algorithm is not numeric either, i.e. as the inverse of multiplication, instead purely semiotic as an “inverse” of symbol combinations rules, which are based on first order logic. Consequently, to factor a symbol pair s′ and s″, taken both as symbols represented by binary sequences of the same length, the goal has to find the sequences of symbols, each of which, in turn, according to given sequence of logic connectives, given a s.sub.L,2.sup.−1(n), T(n), L(w))=p2(n), and applied a given number of times equal to the number of logic connectives—hereafter called the “expansion factor”. One can also choose to perform a fixed additional symbolic factorisation between each selected factor, but not record such factors, the amount of which is called the “implicit factor”.

[0159] The logic sequence is called the logic context of the symbolic factoring. FIG. 3 illustrates a sequence of a symbolic factoring of two symbols with an expansion factor of 4 and an implicit factor of 0, with a logic connective sequence of (NAND, CIP, XOR, AND), using the function s.sub.L,2.sup.−1( ). Starting from s′ as p1( ), s″ as T( ), symbolic factor ƒ.sub.4 instead of p2( ), one applies the s.sub.L,2.sup.−1( ) recursively substituting ƒ.sub.4 to T( ), ƒ.sub.3 to p2( ), and so on and so forth until ƒ.sub.1 is finally computed for the full factor sequence with expansion factor 4. One can check the correctness of the symbolic factoring by directly applying the chain of logical operators/connectors in the opposite order until s″ is finally computed.

[0160] Expanded Key Derivation by Symbolic Factoring

[0161] As for practical purposes, the length of any cipher key ought to be kept short, between 256 and 512 bits, so it can be agreed upon over communication mediums with limited frame size. We have to derive a stream of symbols from the cipher key. The invention described herein does however not use traditional key derivation methods such as Bcrypt, Scrypt, HKDF, or even ChaCha20, if used in such a fashion. ChaCha20 can generate a number of streams equal to 2 at the 64th power, with each stream cycling with the counter, 2 at the 32nd times 512 equalling 256 Gigabytes, as used in TLS, depending on implementations.

[0162] The methods of the invention use as the method for deriving an expanded sequence, hereafter called “K”, from a short relatively short key the method of “symbolic factoring”, as outlined above, and previously developed by the authors of this invention. Its use is completely novel in cryptography. The authors believe is has very good characteristics for use in modern cryptography, amongst which a much longer cycle before repetition than for example ChaCha20.

[0163] Depending on the embodiments of this invention, the number of streams is the power of two equal to the number of bits of the key, and the cycle is larger by several orders of magnitude. Key derivation function based on hashes “lose” information; most other functions create what in effect are polynomials structures which have an intrinsic structure—an implicit information in and of itself. Symbolic factoring generates a sequence of symbols as a non-contextual language, built for all practical purposes as an aperiodic semantic combination set of rules. As the factoring rules are not numeric, they are directly indeterminate for any given symbol sequence as per both Gödel and Kolmogorov, in relation to the generalized word problem for abstract algebras.

[0164] To preserve the security of the cipher, each symbol of this derived sequence is used only once for each encrypted message. Once all symbols are within an expanded sequence are used, and if the message encryption process is not finished, said sequence ought to be symbolically factored in its entirety again to generate a new sequence, preferably not using symbols within a distance in the sequence smaller than the expansion factor.

[0165] Generative Logic Application

[0166] Within the methods of this invention, logic systems are constructed by symbolically factoring a sequence of symbols contained in the cipher key into an expanded sequence K, then by mapping said symbols to actual logic connectives using a secret “logic alphabet”, whereas each unique symbol of the alphabet points to a given unique logic connective. The result is a sequence w.sub.1, w.sub.2, . . . , w.sub.n, with each w.sub.n pointing to a given logic connective L(w), which depending on the embodiments, is part of the invention's cipher key, or a logic function/connective sequence also contained within the cipher key, or interpreted using rules contained in the cipher key, according to either given expansion and implicit factors, or expansion and implicit factors contained in the key. Each symbol of this expanded, “derived sequence”, is then used only once within each execution of cipher for a given message, as outlined above.

[0167] The generative logic system sequence is then applied in sequence to each symbol of message with the already last computed symbol of sequence already transformed with logic connective sequence. This is achieved, with the application function to groups of truth values, as binary encodings of symbols according to a given secret alphabet, for a given symbol sequence indexed by i, for p1=T.sub.i−1, and p2.sub.i the symbol of the current symbol being encoded, and u selected by a pseudo-random number sequence, preferably the result of symbolic factoring: !.sup.δ(T.sub.i−1(n),p2.sub.i(n), L.sub.i(w))=T.sub.i(w,n). The result of the ciphertext is the sequence {T.sub.1, T.sub.2, . . . , T.sub.i=l.sub.ƒ}, with l.sub.ƒ being the length of the sequence to be transformed by generative logic.

[0168] In this invention, to be able to be decoded in reverse, i.e. decrypted, an additional information is necessary and thus computed, as the symbol (i.e. predicate) resulting from the application of logic connectives loses information. As such, it is not possible to deduct from the last T.sub.i=l.sub.ƒ symbol alone in the sequence encoded by the generative logic the exact combination of original predicates. As such, a given “residual” truth value r.sub.i, whose truth table is given in FIG. 10, for a given secret logic alphabet as given in FIGS. 6 and 10. Consequently, for a given message symbol m.sub.i, and both an expanded application function r(r.sub.i−1(n),m.sub.i(n), L.sub.i(w))=(s|i(w,n); r.sub.i), resulting in a symbols sequence s.sub.1,s.sub.2, . . . , s.sub.n,r.sub.0, as exemplified in figure, as well as an inverse resolution function R.sub.k.sup.−1(r.sub.i−1,s.sub.i, L(w.sub.i)), which for a given symbol s.sub.i, function L(w.sub.i), and residual r.sub.i, provides the original m.sub.i and r.sub.i−1, which applied through the application function r( ), would give said r.sub.i and s.sub.i.

[0169] Decryption is thus achieved by applying R.sub.k.sup.−1( ) recursively starting with the last recorded r and s, until needed.

[0170] Non-Ordinal Symbol Transposition

[0171] Transposition with the methods of the invention is done by means of a transposition function, which deterministically selects symbols in a message and rearranges said symbols from positions poles according to a non-repeating sequence of symbols, here the expanded sequence K. Classic numbering system are built over totally ordered set which arranged number, such ordinal numbers sets (for example integers { . . . −1, 0, 1, 2, 3}, real numbers { . . . −0.4, 0.0, 3.14}), algebraic groups, rings or lattices build thereupon, etc. Number systems are, amongst other things elements, built with a so-called successor function, which with integer positive numbers for example gives the evolution from 0 to 1, 1 to 2, etc.

[0172] The methods of the invention generate based on cipher key and the expanded sequence K a unique totally ordered set T. The set is ordered as a topology which at a minimum specifies that there must be at least two, or more, successors elements for elements in the set, as shown in FIG. 4, showing the affinity matrix and succession graph for the successor function. The successor function is also accompanied with a counting rule indicating that from a given element, the same successor, out of the minimum of two, cannot be “counted” twice in a row, and the operation of “counting” gets a new definition.

[0173] As an example, this signifies in the example of FIG. 4, that starting from 1, and counting 5 from it, one goes first to two through the first successor of 1, which is 2, then 5, then 7, then 2 again. However, following the rule that a given successor for an element may not be used twice in a row, we choose the second successor, which in this case is 6. Then, if one wants then to count 4 starting from 6, one goes from 6 to 4, 4 to 3, 3 to 2, and this time to 5 again. So, in the totally ordered set given in the example of FIG. 4, which is in effect also a non-commutative group, counting 9 from 1 gives 5.

[0174] Counting thus needs an initial state for the successors in a given ordered set T, a starting element, and a “distance” to count over the topology of the set's ordering.

[0175] Constituting a successor function T can be done in using the binary representation of the symbols of K, with one (or more) bits representing the initial ordering state of the successors from a given elements, represented here in FIG. 4 with on bit with + for the first and − for the second. Several other bits are used depending on the number of symbols to represent the symbols being counted upon. In the example of FIG. 5 corresponding to the example of FIG. 4, one can see with 4 bits from a given example segment of a K sequence how the affinity matrix above is constituted. The totally ordered set of n elements are constituted by reading (n−1) bit symbols from K at a minimum of (n|2) times, ignoring any self-reference (i.e. a number succeeding to itself), as can be seen in the example of FIG. 5.

[0176] Symbols to be transposed are switched with symbols which are selected in traditional numeric ordinal order along the plaintext. The position is calculated by adding to the ordinal numeric index position of the preceding symbol transposed a value which is a binary value chosen by a selection function. The selection function counts over the totally ordered set “T” using the successor function. The symbol at end of the count then gives an index position within a given alphabet. The index value is the value added to the position. and choses within a secret alphabet. Within a round of transposition, any symbol of the plaintext may only be selected once.

[0177] The transposition of symbols is done relative to index positions within the plaintext which are themselves generative, herein called “attraction poles”. The position of the poles is calculated by taking a fixed number of symbols from K, at a minimum performing a multiplication of their binary value. Several poles may be chosen, each position for each pole is being computed relatively to the ordinal numeric index position of the preceding pole.

[0178] Enough poles are generated up until all symbols of the original message are transposed once. The preferable maximum number of poles in embodiments ought to be

[00001]$P_{\max }\cong f_a\left(K,p_{n-1}\right)\forall \left(1\le n\le \left(\mathrm{quot}\left(\frac{l_m}{96}\right)\times 4\right)\right).$

Each time a pole is needed, three new symbols of K, smaller are chosen as factors of a number to which the numeric value of the binary representation of the symbol is added, which gives the position of the fourth pole.

[0179] Given K {8, 3, 4, . . . }, starting from 8, counting 3 over T: 8 to 4, 4 to 3, 3 to 2. For a given pole p.sub.i at index position 5, the symbol to be transposed is located at index 7. Given a message {1,a,5,c,f,4,9,8,3 . . . }, this signifies switching the symbol 1 at index 1 and 9 at index 7 (see FIGS. 4 and 6).

[0180] The conjunction of a non-repetitive ordinality, which is non numeric and the function of the selection posed on the same base, doubled by poles also generatively chosen using K gives a very efficient diffusion parameter.

[0181] Combination of Above-Mentioned Principles and Techniques into a Cipher

[0182] The methods of this invention thus generates logic systems to restructure the messages from sequences of symbols-as-signifiers to symbols-as-transformations, and then transform the resulting symbols sequences into another symbol sequence this time devoid of signification, by applying recursively a pseudo-random sequence of logic functions forming a contextual language thus also generated by the logic system and the underlying message being encrypted.

[0183] The latter operation however has created additional information in the form of two residual symbol at the ciphertext's extremities, in addition to the authentication tag. These are indices to regenerate both the logic system and the contextual logic language, and must be subsumed into the ciphertext, which is why shorter another set of permutation is performed.

[0184] As the permutation functions are themselves recursive and driven by the symbolically derived sequence, and because start of the recursion is hidden within the number of permutations of symbols, driven by the same, the attacker must first enumerate all possible permutations of the symbols of the ciphertext, and then only be able to attack directly the cipher. Without the key, any attacker only has an abstract representation of an arbitrary logic system, with no extraneous information allowing said attacker to decode the system.

[0185] Due to the methods of this invention such enumerations are longer than brute-force cryptanalysis. As per Gödel's incompleteness theorem, the attacker has a no system, only a tautology which cannot “explain” itself without the key, which is thus fully undecidable.

Description of the System of the Invention

[0186] As part of the system and method of the embodiments of the invention, there is a central processing unit chip (which in embodiments can be a general purpose microprocessor, or a general purpose microcontroller, or a field programmable gate array, or any other kind of electronic, optic, or quantum electronic instruction execution unit), a random access memory electronic chip, or any equivalent direct memory access chip (such as cache memory, static random access memory, “flash” memory, and any other kind of electronic, electrostatic, magnetic, or optical direct access memory system), as well as a cipher algorithm recorded either in the random access algorithm in the form of a list of instructions in a format receivable by the central processing unit, or in a computer machine language which can be either compiled or translated to such a list of instructions which can be directly interpreted by the central processing unit.

[0187] In embodiments, such an algorithm may be any symmetric algorithm such as but not limited to block ciphers, stream ciphers, chained block ciphers, chained block ciphers with authentication tags, chained block ciphers with authentication and integrity check tags. In embodiments, the invention is then implemented as either a source code library of named or unnamed software functions, a library of named or unnamed software functions compiled into object code which can be interpreted by the central processing unit, or a software program simulating a central processing unit with a reduced instruction set but sufficient to implement the invention, or as a physical circuit embedded on an external chip directly physically connected to at least the computing system's central processing unit. The system may or may not have an external physical memory storage system.

[0188] Pre-Requisites for the Methods

[0189] The system must have recorded in random access or permanent memory of the invention's central processing unit:

[0190] A message or plaintext “m” to be encrypted, stored as a finite sequence of bits, whereas m∈{0,1}*. The length of the message ought preferably for practical purposes be larger than l(m)=l.sub.m≥768 bits, however, in case the authentication tag is omitted, it must be at a minimum of l.sub.m>128 bits.

[0191] A key “k” for the symmetric cipher, stored as a finite sequence of bits, whereas k∈{0,1}*. The length of the key sequence ought for practical purposes be larger than l.sub.k≥128 bits to provide for sufficient levels of entropy, in this embodiment, l.sub.k≥256 bits.

[0192] A base semiotic set “A.sub.B” such as A.sub.B={a.sub.b,1, a.sub.b,2, . . . , a.sub.b,2.sub.b, whereas a.sub.b,n∈{0,1}*, each a sequence of binary symbols of length b, indexed by u starting with 1, and ordered according the order of the numeric values of each symbol interpreted as a binary numeral. The minimal length b for each symbol ought preferably for practical purposes to be b>6, although it must be at a minimum of b≥4, as exemplified in this embodiment and in FIG. 7.

[0193] A reference logic index containing all 16 first order logic functions, expressed at a minimum as a composition of the basic logic functions AND, OR, NOT. In embodiments, such functions are represented in memory either as sequences of microcode instructions for the invention's system's processor, or as sequences and combinations of the most basic logic functions or the minimum set of logic gates (AND, OR, NOT), operating over two central processing unit registers, providing the result in a third register.

[0194] A base logic set “L.sub.B” of 16 memory pointers addresses to functions of the reference logic index, ordered and indexed by “v” starting with 1, arranged in standard order of the values in binary base numerals of the representation of each such function's it's truth table. L.sub.B is accompanied by a selection function L.sub.B(v), returning instructions of the first order logic function located at the memory address pointed by the pointer indexed by v, as exemplified in this embodiment and in FIG. 8.

[0195] A keyed authentication function for the message m resulting in the authentication tag HMAC(m,k.sub.a)=h, represented as a binary sequence, or any other function using at least the m and k.sub.a as parameters, but in all cases represented as a sequence of microcode instructions for the invention's system's processor. For practical purposes, keyed authentication function ought to be either a standard recent function such as SHA3-256, or a symbolic conjunction of the message using the logic context of the key (see further below).

[0196] An authentication key “k.sub.a”, for use in a keyed authentication function (i.e. HMAC), stored as a finite sequence of bits, whereas k.sub.a∈{0,1}*. The length of the key sequence ought for practical purposes be larger than l.sub.k.sub.a≥256 bits to provide for sufficient levels of security against quantum attacks (corresponding to collision resistance of 128 bits of entropy).

[0197] Transformation of the Inputs and Preparation of the Generative Logic Ruleset

[0198] The key k is not in the general form of a binary sequence representing one or two random large numbers used in various algebraic calculations, as is done in traditional ciphers designs or newer quantum resistance ciphers. In the methods of this invention, the key k is in effect a composite data structure containing sequentially several different types of information.

[0199] The k binary sequence can thus be segmented into the parameters necessary for the setup of the ciphers. Each parameter is in itself a data structure, which is after segmentation stored in random access memory or permanent memory of the invention's system.

[0200] A secret semiotic set “A.sub.k”. A.sub.k is encoded as a binary sequence of length b×2.sup.b=A.sub.k, and itself segmented in 2.sup.b binary symbols, each representing a unique binary value between 1 and 2.sup.b randomly arranged. For b=4, the length of l(A.sub.k)=64, in which case bits no 1 to no 64 are copied to the system's random-access memory or in its permanent memory as the set A.sub.k. In all cases, A.sub.k is itself indexed by “d”. Each value of A.sub.k corresponds to an index u of A.sub.B. A.sub.k is accompanied by a selection function A.sub.k(a)=u, as well as an inverse resolution function A.sub.k.sup.−1(s)=a, which for a given symbol s∈A.sub.B returns said symbol's index a within A.sub.k, so that A.sub.B(u)=A.sub.B.sup.−1(s).

[0201] A secret logic set “L.sub.k” L.sub.k is encoded as a binary sequence of a length of 64 bits, and itself segmented as 16 elements of 4 bits long, each element representing unique value between 1 and 16, in an order randomly arranged within L.sub.k.

[0202] L.sub.k is itself indexed by w, each corresponding to a unique element index v of. L.sub.k is accompanied by a selection function L.sub.k(w)=v, as well as an inverse resolution function L.sub.k.sup.−1(ƒ)=w, which for a given function within L.sub.B returns the index value within L.sub.k for said function.

[0203] A set of secret residual indexes “R.sub.k” R.sub.k encoded as a binary sequence of a length of 128 bits, and itself segmented as 16 elements of 4 bits long. The elements of R are indices of functions in L.sub.k used to compute “residual” truth values for corresponding “k” index in L.sub.k.

[0204] Each symbol in R.sub.k thus refers to a bijective function pair for any given truth value and associated residual truth value for the first order logic functions of L.sub.B, in addition to the truth values computed by each function, thus allowing us to define an inverse isomorphic function over k for each one, making decryption possible for any symbol sequence encrypted with generative logic.

[0205] R.sub.k is itself indexed by r, each corresponding to a value indexed by w. by an accompanying selection function such as L.sub.k(l)⊃R.sub.k(r)∀r=l, as well as an inverse resolution function R.sub.k.sup.−1(r,s, ƒ)=(p.sub.1,p.sub.2), which in mathematical terms, given a first order logic function, a resulting truth value and a residual truth value, deduces the two original predicate logic proposals used to compute said resulting truth value and residual truth value for a given function L.sub.k(l) returns the index value within L.sub.k for said function.

[0206] The logic connectors NQ, XOR, XNOR, RCM residual truth value encodings corresponding to the traditional t truth values may be randomly selected from the set {1100,0011}. The logic connectors NIP, NAND, AND, IP residual truth value encodings corresponding to the traditional t truth values first two may be randomly selected from the set {00,01,10,11}, while the next two pay be selected randomly from the set {01,10}. The logic connectors NOR, CNI, CIP, OR residual truth value encodings corresponding to the traditional t truth values first two may be randomly selected from the set {01,10}, while the next two pay be selected randomly from the set {00,01,10,11}. The logic connectors FAL, NP, LCM, TRU residual truth value encodings corresponding to the traditional t truth values may be randomly selected from the set {1010,1001,0110,0101}. FIG. 12 shows an example of such an R.sub.k set with the correspondences within L.sub.k. These residual values sets for each first order logic function can alternatively be expressed as the result of a first order logic functions from L.sub.B whose truth table is equivalent.

[0207] A secret logic context “C.sub.k”. C.sub.k is encoded as a binary sequence for which l(C.sub.k)≥48 bits for b>4, and larger for larger values of b. The generative context contains a list of selectors for logic function selectors within L.sub.k used for to generate logic models, as well as perform symbolic factoring and logic synthesis.

[0208] C.sub.k is indexed by c, and is accompanied by a selection function C.sub.k(c)=w, each element thus selection a logic function pointer within L.sub.k. Each element in C.sub.k is a sequence of random non-unique values between 1 and 16, coded over 4 bits; C.sub.k ought preferably to have more than twelve elements, whereas the minimum is three within for the methods of this invention.

[0209] A semantic generation root “G.sub.k”. G.sub.k is encoded as a binary sequence of a length of minimum 2.sup.b elements, which, depending on the current context within a symbolic sequence, to select the semantic composition rule over C.sub.k, which within the embodiments of the invention is done using index c as a cursor over C.sub.k, and providing each implicit inference between two symbols (see ƒ.sub.l further below). In its simplest form, G.sub.k is a matrix, which, as applied as applied in FIG. 19, has each column o corresponding to a given symbol within L.sub.k, while each successive row p provides an advancement over c within C.sub.k.

[0210] G.sub.k, as a matrix, has 2.sup.b columns and ƒ.sub.i rows, and is indexed respectively by o and p. G.sub.k is also accompanied by a selection function G.sub.k(o,p)=c.fwdarw.C.sub.k(c.sub.n−1+G.sub.k(o, p))=c.sub.n, thus providing an offset to apply to a given context for the selection of the next inference/logic function to apply or infer, for example, in performing a symbolic factoring. The column o is selected, for a context defined by a preceding symbol s in a sequence of symbols by A.sub.k.sup.−1(s)=o.

[0211] A symbolic selection factor “ƒ.sub.e”. ƒ.sub.e gives the number of symbolic factors which have to be conjugated to produce a given symbolic composition, for example if to produce two symbols given two by two, in sequence. It is used for example as a parameter for symbolic factoring. Other interpretations and usages are possible, depending on the composition rules, implicit or explicit, for example to produce triplets of symbols.

[0212] The minimum value for ƒ.sub.e is of two bits for ƒ.sub.e≥3, while for the practical purposes of this invention it ought to have a value 3≥ƒ.sub.e≥16 coded over 4 bits.

[0213] A symbolic implicit inference factor “ƒ.sub.i”. ƒ.sub.i gives the number of signifiers or symbols which can be implicitly and recursively inferred, between two or more symbol depending on the interpretation rules (see ƒ.sub.e), in using the language generated by the semantic context and generation roots within a coherent sequence of symbols generated by a conjugation of said symbols logic functions within said language and generating context.

[0214] The minimum value for ƒ.sub.e is of 1 bit, while for the practical purposes of this invention it ought to have a value of ƒ.sub.e>6, so that 1≥ƒ.sub.i≥16 coded over 4 bits.

[0215] An initialisation word “IW.sub.k”. IW.sub.k is an initialisation as a random sequence of bits, segmented as a sequence of symbols (thus an initialisation word, not a numeric initialisation vector) IW.sub.k has a minimal length of 76 bits of length, for the practical purposes of this invention a preferable length for sufficient entropy is 132 bits (see diagram 14).

[0216] Setup for the Generative Logic Synthesis Cipher

[0217] Segment m in short bit sequences of length b; then map each one to its symbol index in A.sub.B using the function B(m; A.sub.B)=m.sub.B, applying A.sub.B.sub.−1 to each segmented bit sequence. m.sub.B is indexed by n.sub.b and is accompanied by a selection function m.sub.B[n.sub.b]; then,

[0218] Derive a pseudo-random symbol sequence “K”. K is derived from I.sub.B by symbolic factoring. As the latter might not provide a sufficiently long stream sequence to encrypt longer m messages, as such, a pseudo-random sequence of required length is, shall, for the methods of this invention, be derived from I.sub.B.

[0219] Within the methods of this invention, derivation is performed by symbolic factoring of pairs of symbols within I.sub.B, whereas the conjunction logic corresponds to searching by inference a symbol sequence which, conjugated by applying logic functions a according to a given secret logic context and semantic root, result in the symbol sequence I.sub.B. In other words, which sequence of symbols and logic actions results in the two given symbols. Each symbol pair is thus the result of a coherent conjugation, within the linguistic context and logic sequence defined by L.sub.k, and ƒ.sub.i, of a given set of ƒ.sub.s symbols. Implicit sequences of ƒ.sub.l symbols and logic actions are also calculated between two encoded symbols (i.e. implicit predicates, as the basic elements of the language are first order logic functions).

[0220] !.sub.k.sup.σ(I.sub.B [n.sub.k]; I.sub.B[n.sub.k+1])=K is an algorithm which is applied in n.sub.k ∀[(l(m.sub.B)/ƒ.sub.s)+n.sub.i]≥n.sub.k≥l.sub.ƒ iterations, starting with symbol sequence I.sub.B, and then recursively to all resulting intermediary sequences until the requisite sequence length is achieved. The algorithm recursively searches, starting from the second symbol I.sub.B[n.sub.k+1], the preceding symbol in the sequence, using a logic function selected depending on said symbol by an inverse resolution to the function a( ) as defined right above, similar in principle to R.sub.k.sup.−1( ), defined earlier.

[0221] The a.sub.L,2.sup.−1(L.sub.k.sup.−1[K.sub.n+1], I.sub.B[n.sub.k],I.sub.B[n.sub.k+1]) function deduces from each successive bit of the two given symbols, and from the truth table of selected function pointed over L.sub.k on L.sub.B the successive bits of p2. The function is applied recursively. This latter function is applied recursively in ƒ.sub.i×(ƒ.sub.e+1) iterations (i.e. colloquially, “applied x times over the result over the result of the preceding application) with only each “ƒ.sub.i”.sup.-th symbol encoded in the factor sequence, the rest being implicit.

[0222] The K sequence is indexed by n.sub.k with a selection function K[n.sub.k]; then,

[0223] Conjugate an “m.sub.init” initialization symbol sequence such as m.sub.init=(m.sub.k,1, m.sub.k,2, . . . , m.sub.k,n.sub.i)∀[(m.sub.k,n∈A.sub.B)∧(1≥n.sub.i≥l(m.sub.init))], with preferably l(m.sub.init)<2.sup.b by applying the application function init(L.sub.k[C.sub.k[n.sub.i]], I.sub.B [2×c], I.sub.B [(2×c)+1]) using logic operators from L.sub.B selected by L.sub.B (L|k(C|k(n.sub.i))) to successive pairs of elements of IW.sub.k segmented in symbols of length b as I.sub.B, which will result in a sequence with half the number of elements. Record the resulting sequence as m.sub.init, continue recursively applying init( ) preferably in embodiments, only 16 symbols and record the sequence as m.sub.init. Continue then applying init( ) to the intermediary symbol sequences until only two symbols m.sub.i,1 and m.sub.i,2 remain, which are also t be recorded;

[0224] Compute a generative logic function sequence “ED.sub.K”. The sequence of logic actions to be applied to the ciphertext is constituted by mapping each element of n.sub.k, interpreted as a pointer to the corresponding index represented by said symbol of K as its numeric value w indexing L.sub.k, and then associated the truth values within the corresponding residual index within R.sub.k with K[n.sub.e]=w=r. Each element of ED.sub.K thus takes the form of a pair (ƒ.sub.L∈.sub.B; ƒ.sub.R∈.sub.B) with each ƒ.sub.L and ƒ.sub.R pointing to a given function within L.sub.B through L.sub.k.

[0225] The resulting suite ED.sub.K, indexed with n.sub.e, and a selection function E(n.sub.e) is thus computed with the so that the resulting suite ED.sub.K=Σ.sub.n.sub.e.sub.=1.sup.n.sup.e.sup.=l.sup.ƒ(L.sub.k.sup.−1(K[n.sub.e]); R.sub.k(L.sub.k.sup.−1(K[n.sub.e]); R.sub.k(L.sub.k.sup.−1(K[n.sub.e])));

[0226] Encryption by Generative Logic

[0227] Transform m.sub.B into a restructuration sequence “M.sub.ƒ” m.sub.B is not used directly in the encryption, rather, what is being encrypted is a sequence which allows, given a secret alphabet A.sub.k, and a computed expanded sequence K, to reconstruct m.sub.B.

[0228] Mathematically, we do not encrypt direct signifiers, but rather a sequence of morphisms as a sequence of relative functional and operative references. The structuration is recursive, each new coded symbol pointing to a functional operand which depends on the preceding operands as well as to the current element of m.sub.B whose reconstruction needs to be encoded.

[0229] The structuration can either be done in relation to a fixed artificial language, for example the set of first order logic functions, if there is a sufficient number of coding bits b>5. The evolution can also be encoded with regard to a simpler evolution over a set of binary symbols, as exemplified in the embodiment described hereunder using the algorithm T.sub.A(m.sub.B, A.sub.k, K) to construct the symbol sequence M.sub.ƒ, here as signifiers are encoded as being part of a context L.sub.k, M.sub.ƒ being indexed by n.sub.m, and accompanied by a selection function M.sub.ƒ[n.sub.m];

[0230] Whereas a function T(A.sub.k; a.sub.1; a.sub.2) returns the edit distance within a given L.sub.k of between two symbols a.sub.1 and a.sub.2, the particular form of that function used in embodiments is T(A.sub.k,m.sub.B+m.sub.init[n−1], m.sub.B+m.sub.init[n], K[n]). As a consequence, m.sub.init and m.sub.B are concatenated before as M.sub.B[n.sub.b]. The resulting recursive sequence Σ.sub.n.sub.ƒ.sub.=1.sup.n.sup.ƒ.sup.=l.sup.ƒT(A.sub.k, A.sub.k, M.sub.B[n.sub.ƒ ]) is computed with l.sub.ƒ=l(m.sub.init)+l(m.sub.B); only the last l(m.sub.B) elements in the sequence are recorded in M.sub.ƒ. M.sub.ƒ is indexed by n.sub.ƒ, and accompanied by a selection function M.sub.ƒ[n.sub.ƒ]; then,

[0231] A more involved version providing for higher levels of undecidability while maintaining good encryption performance can be encoded with a list of first order logic functions within L.sub.k to be recursively applied to pairs of symbols from m.sub.B[n.sub.k−2] and M.sub.ƒ to get m.sub.B[n.sub.k], also starting with the symbol m.sub.i.

[0232] Transpose the elements of M.sub.ƒ into a sequence “M.sub.T” The transposition is done using a symbol selection function mapped over M.sub.ƒ by a totally ordered set T, generated from k, and contextually evolving over K. The algorithm is shown in FIG. 15.

[0233] The symbols positional index in M.sub.ƒ are sequentially permuted (i.e. the symbols are “swapped” with each other starting with a set of attractor poles “P.sub.j” whose relative position over M.sub.ƒ is generated by K, using the attractor function P(p(M.sub.ƒ[n.sub.ƒ −1]), M.sub.ƒ[n.sub.ƒ], K[n.sub.ƒ]). M.sub.T is indexed by n.sub.t and accompanied by a selection function M.sub.t[n.sub.t].

[0234] Infer a symbol sequence M.sub.g using the generated logic sequence ED. The message itself is not encrypted, rather what is being encrypted is the restructuration sequence, which applies the logic function sequence ED.sub.K recursively to M.sub.T. The resulting symbol sequence M.sub.g however only retaining the symbol encodings starting with the symbols of M.sub.T, as what precedes is implicitly encoded from m.sub.init.

[0235] S.sub.e, indexed by n.sub.s and accompanied by a selection function S[n.sub.s], is computed using an application function r(K, M.sub.t, E, n.sub.t) such as r ((r.sub.n.sub.t.sub.−1 XOR K[n]), M.sub.t, ED[n.sub.t])=(s.sub.n; r.sub.n). r(K, M.sub.t, E,n.sub.t), selects a first order logic function within ED.sub.K, the residual value of the preceding symbol ED.sub.K being encoded, as well as the current symbol within M.sub.T[n.sub.s], and returns as a result an encoding symbol s.sub.n.sub.s, and a residual value r.sub.n.sub.s to be used to compute s(n.sub.s+1).

[0236] The resulting sequence M.sub.g=r(K, M.sub.t, E, n.sub.t), indexed by n.sub.s and accompanied by a selection function S[n.sub.s], is thus computed recursively by M.sub.g=Σ.sub.n.sub.t.sub.=1.sup.n.sup.t.sup.=l.sup.ƒ[R(K, M.sub.t, E, n.sub.t)∨R(k, M.sub.t, E, N.sub.t−1)], discarding all r.sub.n.sub.t symbols but recording the last r.sub.l.sub.ƒ in memory. Symbols of M.sub.g and r.sub.n may be substituted by equivalents in A.sub.k;

[0237] FIG. 17 shows an example of the recursive transformation from the logic function message M.sub.T[n] (third row of FIG. 17) to the transformed logic function message M.sub.g[n] (fifth row here indicated as S[n]), where n indicates the symbols of the corresponding messages and the respective recursion steps (columns of FIG. 17). The first row shows the pseudo-random symbol K of the respective recursion step. The third row shows first order logic function of the logic function sequence of the current recursion step. The fifth row shows a residual symbol of the respective recursion step. The second row shows the XOR combination of the residual symbol of the preceding recursion step and the pseudo-random symbol of the respective recursion step. The symbol of the transformed logic function message of the current recursion step (e.g. n=2) is obtained by applying the first order logic function of the current recursion step (NAND) to the two input symbols of the current recursion step (second and third row of column n=2) and reading out the truth values. The first order logic function NAND is applied bitwise to the two symbols. The first bit of the first input symbol (0011) is 0 and the first bit of the second input symbol (1100) is 1 for the current recursion step. Using now the first order logic function NAND as shown in FIG. 12 results that the combination of 0 as first proposition and 1 as second proposition is given in the 3rd line of NAND, so that the 3rd line of the truth value tn gives the resulting first bit value 1 of the transformed logic function message symbol of the current recursion step. Analogously, the 3rd line of the residual truth value Rk gives the resulting first bit value 1 of the residual symbol of the current recursion step. Since the second bit of the first and second input symbol are equal to the first bit, the second bit of the transformed logic function message symbol of the current recursion step is also 1 and the second bit of the residual symbol of the current recursion step is also 1. The third bit of the first input symbol (0011) is 1 and the third bit of the second input symbol (1100) is 0 for the current recursion step. Using now the first order logic function NAND as shown in FIG. 12 results that the combination of 1 as first proposition and 0 as second proposition is given in the 2nd line of NAND, so that the 2nd line of the truth value tn gives the resulting third bit value 1 of the transformed logic function message symbol of the current recursion step. Analogously, the 2nd line of the residual truth value Rk gives the resulting third bit value 0 of the residual symbol of the current recursion step. Since the fourth bit of the first and second input symbol are equal to the third bit, the fourth bit of the transformed logic function message symbol of the current recursion step is also 1 and the second bit of the residual symbol of the current recursion step is also 0. So, the first output symbol yields 1111 (transformed logic function message symbol of the current recursion step) and the second output symbol (1100) (residual symbol of the current recursion step). The second output symbol (1100) is combined via XOR with the pseudo-random symbol K (1010) of the next recursion step (n=3) resulting in the first input symbol of the next recursion step (1011). Then, the described recursion process is repeated. This example transforms the logic function message symbol-wise. It is however also possible to do this bit-wise.

[0238] Compute the authentication tag h for m.sub.B using the given function h(m.sub.B, I.sub.B) or any other given value of k.sub.a instead of I.sub.B, or any given function keyed message authentication function which can be substituted in its stead, using the given recorded instruction sequence and parameters required by such a function, as long as said sequence resulting tag length is greater than 40 bits and shorter than 120 bits for b>4; then,

[0239] Transpose the concatenation of the h authentication tag and r.sub.n into M.sub.g, using the same transposition as for M.sub.T above, except in this case transposing bits of the concatenation (h∨r.sub.n) within M.sub.g, thus forming the final ciphertext sequence c, which can be then recorded as bytes ready for storage or transmission.

[0240] Decryption by Generative Logic Synthesis

[0241] Perform all the steps above up to 4.4; then verify the authentication tag h with k.sub.a, M.sub.g and m.sub.init, by reconstituting the transposition sequence using the corresponding segment of K used to transpose from h and r.sub.n to c originally, then by permutating bits in inverse order to recover these two concatenated sequences along with M.sub.g, then verify h; if it succeeds, segment M.sub.g in symbols of length b; if it fails, stop decrypting; otherwise,

[0242] Deduct M.sub.t from M.sub.G using the generated logic sequence ED by recovering each intermediary (r.sub.n.sub.g.sub.−1 xor K.sub.n.sub.g) symbol from the former sequence by recursively applying the R.sub.k.sup.−1 (r.sub.m.sub.g, n.sub.g, E[n.sub.g]) (M.sub.t[l.sub.ƒ −n.sub.g]; (r.sub.n.sub.g.sub.−1 xor K[.sub.g])) inverse bijective resolution function pair to each (r, s) pair of M.sub.g, starting from the r.sub.n and the first symbol s of M.sub.G to the last symbol s.sub.n of M.sub.G, for 1≤n.sub.t≤l(M.sub.G). then, recover the next r for the next s symbol by applying the inverse resolution function s.sub.L,1.sup.−1(K[n.sub.g], (r.sub.n.sub.g.sub.−1 xor K[n.sub.g]), XOR).

[0243] FIG. 18 shows the example of the recursive transformation from FIG. 17 but for decryption. For decryption, the transformed logic function message symbols S (fifth row) and the last residual symbol (sixth-row and last column) are received as inputs. The recursive process starts now from the end (e.g. n=5). Now, the first order function (in the fourth direction) of the current recursion step (here XNOR) is used. The transformed logic function message symbol of the current recursion step (1011) is used as first input representing the truth values and the residual symbol of the current recursion step (1101) is used as the second input representing the residual truth value (0010). The first order logic function XNOR is applied bitwise to the two input symbols. The first bit of the first input symbol (1101) is 1 and the first bit of the second input symbol (0010) is 1 for the current recursion step. Using now the first order logic function XNOR as shown in FIG. 12 results that the combination of 0 as truth value and 1 as residual truth value is given in the 3rd line of XNOR, so that the 3rd line of the first proposition p1 gives the resulting first bit value 0 of the first output symbol of the current recursion step. Analogously, the 3rd line of the second proposition gives the resulting first bit value 1 of the second output symbol of the current recursion step. The same procedure is applied to the other bits of the two input symbols to obtain the remaining bits of the two output symbols. The second output symbol of the current recursion step corresponds to the logic function message symbol of the current recursion step. The first output symbol is combined with the pseudo-random symbol of the current recursion step via an inverse XOR to obtain the second input symbol of the next recursion step (n=4). Then, the described recursion process is repeated. This example transforms the logic function message symbol-wise. It is however also possible to do this bit-wise.

[0244] Transpose M.sub.G back to M.sub.ƒ back by reconstituting the transposition sequence using the corresponding segment of K used to transpose to M.sub.G originally, then perform the permutations in inverse order to recover M.sub.ƒ; then

[0245] Reconstruct m.sub.B from the restructuration sequence “M.sub.ƒ” according to a context A.sub.k, by generating using K the sequence of symbols M.sub.d=Σ.sub.n.sub.d.sub.=1.sup.n.sup.d.sup.=l(S|d)A.sub.k(A.sub.k.sup.−1(K[n.sub.d])+n.sub.d−1), with accompanying selection function M.sub.d[n.sub.d]; then reconstituting m.sub.B starting with from the last symbol in M.sub.ƒ, recovering m.sub.B with T.sup.−1(A.sub.k; M.sub.d[n.sub.d]−M.sub.ƒ[n.sub.d−1]; M.sub.ƒ[n.sub.d]) m.sub.B[n.sub.d]; then combine symbols of m.sub.B in pairs to recover the message m.

[0246] The described example was for a symmetric cipher, i.e. the same symmetric key is used for encryption and decryption. However, also an asymmetric cipher can be created with the present invention.