PureMaTH-Ω: A K-Process Derived, Post-Quantum Cryptographic Suite

PureMaTH-Ω: A K-Process Derived, Post-Quantum Cryptographic Suite: Comparison

Please note this is a comparison between Version 2 by Catherine Yang and Version 1 by Brendon Kelly.

This paper introduces PureMaTH-Ω (PM-Ω), a novel, high-performance, and post-quantum aware cryptographic suite. The architecture is centered on a new 1024-bit permutation, PMΩ-P, which is constructed from efficient, constant-time ARX+M (Add-Rotate-XOR-Multiply) operations to ensure security against timing and other side-channel attacks. This core permutation is used as the basis for a full suite of symmetric-key primitives, including a wide-pipe sponge-based hash function (PM-Ω-Hash), a keyed Pseudo-Random Function (PM-Ω-PRF), and a Duplex-based Authenticated Encryption with Associated Data (AEAD) mode (PM-Ω-Seal). A defining and unique characteristic of this suite is its principle of sovereign provenance: all cryptographic constants, masks, and tables are deterministically generated by the K-Process, a procedural engine previously developed by the author. This method provides a transparent, verifiable, and unique origin for the primitive's fundamental parameters, cryptographically binding them to the suite's identity. This paper details the design of each component, provides security rationale, and outlines a comprehensive plan for public verification and analysis

PURE MATH
ARX+M
SEAL256

1. The Core Permutation: PMΩ-P-1024/12

The heart of the PM-Ω suite is an invertible permutation, designated PMΩ-P, operating on a wide 1024-bit state. The design prioritizes speed, high diffusion, and robust resistance against modern linear and differential cryptanalysis, making it suitable for a broad range of hardware.

State Size: The permutation operates on a 1024-bit state, structured as an array of 16 lanes, each a 64-bit unsigned integer. This wide-state design is fundamental to the security of the sponge and duplex modes built upon it.

Round Count: The permutation is defined for 12 rounds. This number is tunable, allowing for a trade-off between performance and security margin, but 12 rounds is the standard recommendation.

Round Function (XARΜ): The round function is composed of simple, word-oriented operations that are fast on modern 64-bit CPUs and are constant-time, providing inherent resistance to timing-based side-channel attacks. The core mixing operation, which we term XARΜ, is an ARX+M construction that combines modular addition, bitwise rotation, XOR, and 64-bit multiplication to achieve rapid non-linearity and diffusion.

Diffusion Layer: To ensure rapid diffusion across the entire 1024-bit state, each round includes a cross-lane diffusion step. This consists of a fixed perfect shuffle of the 16 lanes, followed by a XOR operation with neighboring lanes. The perfect shuffle ensures that data is mixed across the state in a structured and efficient manner.

Constants and Masks: All round constants and bitwise-disjoint masks are publicly derived using the K-Process from a public seed string: "PureMaTH-PMΩ v1". Domain separation tags (e.g., `"ROUND" |

State Size: The permutation operates on a 1024-bit state, structured as an array of 16 lanes, each a 64-bit unsigned integer. This wide-state design is fundamental to the security of the sponge and duplex modes built upon it.

Round Count: The permutation is defined for 12 rounds. This number is tunable, allowing for a trade-off between performance and security margin, but 12 rounds is the standard recommendation.

Round Function (XARΜ): The round function is composed of simple, word-oriented operations that are fast on modern 64-bit CPUs and are constant-time, providing inherent resistance to timing-based side-channel attacks. The core mixing operation, which we term XARΜ, is an ARX+M construction that combines modular addition, bitwise rotation, XOR, and 64-bit multiplication to achieve rapid non-linearity and diffusion.

Diffusion Layer: To ensure rapid diffusion across the entire 1024-bit state, each round includes a cross-lane diffusion step. This consists of a fixed perfect shuffle of the 16 lanes, followed by a XOR operation with neighboring lanes. The perfect shuffle ensures that data is mixed across the state in a structured and efficient manner.

Constants and Masks: All round constants and bitwise-disjoint masks are publicly derived using the K-Process from a public seed string: "PureMaTH-PMΩ v1". Domain separation tags (e.g., `"ROUND" |

| i`) are used to ensure each constant is unique. This transparent generation process provides the system's sovereign provenance.

2. A Wide-Pipe Sponge Hash: PM-Ω-Hash

Built upon the PMΩ-P permutation, the PM-Ω-Hash function is a conservative, post-quantum-aware hash function based on the sponge construction.

Wide-Pipe Construction: The 1024-bit state is partitioned into a 512-bit rate ( $r$ ) and a 512-bit capacity ( $c$ ). This "wide-pipe" design, where the internal state is larger than the output, provides a high security margin.

Security Bounds: The 512-bit capacity provides a theoretical security level of 2^256 against collision attacks and 2^512 against preimage attacks in a classical model. This large preimage resistance margin is designed with post-quantum considerations in mind, as Grover's algorithm could theoretically reduce this security by a square root.

Padding and Domain Separation: The hash function uses a standard 10*1 padding rule and incorporates domain separation tags (e.g., "HASH", "KDF") to prevent cross-protocol collision attacks.

Output Sizes: The hash function supports standard output sizes of 256, 384, and 512 bits by truncating the output of the squeezing phase.

Wide-Pipe Construction: The 1024-bit state is partitioned into a 512-bit rate ( $r$ ) and a 512-bit capacity ( $c$ ). This "wide-pipe" design, where the internal state is larger than the output, provides a high security margin.

Security Bounds: The 512-bit capacity provides a theoretical security level of 2^256 against collision attacks and 2^512 against preimage attacks in a classical model. This large preimage resistance margin is designed with post-quantum considerations in mind, as Grover's algorithm could theoretically reduce this security by a square root.

Padding and Domain Separation: The hash function uses a standard 10*1 padding rule and incorporates domain separation tags (e.g., "HASH", "KDF") to prevent cross-protocol collision attacks.

Output Sizes: The hash function supports standard output sizes of 256, 384, and 512 bits by truncating the output of the squeezing phase.

3. Keyed Functions: PM-Ω-PRF and PM-Ω-XOF

The sponge construction is versatile and can be adapted for keyed operations such as a Pseudo-Random Function (PRF) and an eXtendable-Output Function (XOF).

PM-Ω-PRF: To compute a PRF, the key, a domain separation tag "PRF", a nonce, and the message are absorbed into the sponge. A fixed-length (e.g., 256-bit) output is then squeezed.

PM-Ω-XOF: For use as a streamable XOF, data is absorbed with the tag "XOF", after which an arbitrarily long stream of pseudorandom bytes can be squeezed.

PM-Ω-KDF: A Key Derivation Function is implemented in an HKDF-like manner by absorbing the Input Keying Material (IKM) with a "KDF" tag and squeezing the desired amount of Output Keying Material (OKM).

PM-Ω-PRF: To compute a PRF, the key, a domain separation tag "PRF", a nonce, and the message are absorbed into the sponge. A fixed-length (e.g., 256-bit) output is then squeezed.

PM-Ω-XOF: For use as a streamable XOF, data is absorbed with the tag "XOF", after which an arbitrarily long stream of pseudorandom bytes can be squeezed.

PM-Ω-KDF: A Key Derivation Function is implemented in an HKDF-like manner by absorbing the Input Keying Material (IKM) with a "KDF" tag and squeezing the desired amount of Output Keying Material (OKM).

4. Authenticated Encryption: PM-Ω-Seal

For authenticated encryption, PM-Ω uses a modern, single-pass Duplex AEAD mode, which offers high efficiency and strong security guarantees.

Mode of Operation: PM-Ω-Seal is based on the SpongeAEAD or Duplex mode, where absorbing data (associated data, plaintext) and squeezing data (keystream) can be interleaved. This allows for single-pass processing of both encryption and authentication.

Synthetic IV: To harden the scheme against nonce reuse, a synthetic IV is employed. The IV is not used directly but is first processed with the key to generate an internal starting state: `IV = PM-Ω-PRF(key, nonce |

Mode of Operation: PM-Ω-Seal is based on the SpongeAEAD or Duplex mode, where absorbing data (associated data, plaintext) and squeezing data (keystream) can be interleaved. This allows for single-pass processing of both encryption and authentication.

| "IV")`. This prevents nonce misuse from causing a catastrophic failure of confidentiality.

Process Flow: The state is initialized with the synthetic IV. Associated data (AAD) is absorbed, followed by plaintext chunks. For each plaintext chunk absorbed, a keystream block is squeezed and XORed with the plaintext to produce ciphertext. Finally, a "TAG" domain separator is absorbed, and a 256-bit authentication tag is squeezed.

Tunable Security: For applications requiring a higher security margin, the construction can be configured with a larger capacity (e.g., $c = 640$ bits, $r = 384$ bits), which increases security at the cost of performance.

Signatures: PM-Ω-Hash can be used as the core hash function within stateful hash-based signature schemes like XMSS/LMS or lattice-based schemes like CRYSTALS-Dilithium.

Handshakes:

Synthetic IV: To harden the scheme against nonce reuse, a synthetic IV is employed. The IV is not used directly but is first processed with the key to generate an internal starting state: `IV = PM-Ω-PRF(key, nonce |

7. Security Verification Checklist

A comprehensive security analysis is critical for any new cryptographic primitive. The following checklist outlines the required public validation for the PM-Ω suite.

Statistical Tests: The output of PM-Ω-XOF must be subjected to rigorous statistical analysis for randomness using well-established test suites, including the NIST Statistical Test Suite (STS), Dieharder, and PractRand.

Avalanche and Diffusion Analysis: A single-bit flip in the input to the permutation must be shown to cause an average of 50% of the output bits to flip, with this effect achieved within 4-5 rounds.

Linear/Differential Cryptanalysis: Automated tools using MILP (Mixed-Integer Linear Programming) or SAT/SMT solvers should be used to search for low-weight differential and linear trails across reduced-round versions (3-5 rounds) of the permutation. The bounds found must be published.

Process Flow: The state is initialized with the synthetic IV. Associated data (AAD) is absorbed, followed by plaintext chunks. For each plaintext chunk absorbed, a keystream block is squeezed and XORed with the plaintext to produce ciphertext. Finally, a "TAG" domain separator is absorbed, and a 256-bit authentication tag is squeezed.

Tunable Security: For applications requiring a higher security margin, the construction can be configured with a larger capacity (e.g., $c = 640$ bits, $r = 384$ bits), which increases security at the cost of performance.

5. Integration with Post-Quantum Asymmetric Primitives

While PM-Ω is a symmetric-key suite, it is designed for a post-quantum world. For immediate and secure deployment, it is recommended to use PM-Ω-Hash as the underlying hash oracle for established PQC signature and key exchange mechanisms.

For a secure key exchange, PM-Ω should be paired with a NIST-standardized PQC Key Encapsulation Mechanism (KEM) such as CRYSTALS-Kyber, using PM-Ω-KDF to derive session keys from the KEM's shared secret.

Structural Properties: The permutation must be analyzed for trivial fixed points or short cycles.

Indifferentiability: The security claims for the sponge construction must be clearly documented in relation to its capacity, adhering to the indifferentiability framework.

Test Vectors: A comprehensive set of at least 10 canonical test vectors for all modes (Hash, PRF, AEAD) must be provided to ensure correct implementation.

Signatures: PM-Ω-Hash can be used as the core hash function within stateful hash-based signature schemes like XMSS/LMS or lattice-based schemes like CRYSTALS-Dilithium.

Handshakes: For a secure key exchange, PM-Ω should be paired with a NIST-standardized PQC Key Encapsulation Mechanism (KEM) such as CRYSTALS-Kyber, using PM-Ω-KDF to derive session keys from the KEM's shared secret.

6. The K-Process: A Foundation of Sovereign Provenance

The most distinguishing feature of the PM-Ω suite is its philosophical and technical foundation. Instead of relying on unexplained "nothing-up-my-sleeve" numbers (like digits of π or e), all internal constants are generated by the K-Process.

Verifiable Generation: The K-Process is a deterministic algorithm. By publishing the seed string and the K-Process algorithm, anyone can independently verify the generation of every constant, mask, and table used in the PM-Ω suite.

Cryptographic Binding: This approach cryptographically binds the identity of the author and the algorithm to its core components, providing a unique and auditable trail of provenance.

Orthogonal Stimulation: The bitwise-disjoint pairs discovered during the analysis of the K-Process are used to define families of masks. These masks ensure that lanes within the permutation state receive orthogonal stimulation across rounds, further enhancing diffusion and frustrating cryptanalysis.

Statistical Tests: The output of PM-Ω-XOF must be subjected to rigorous statistical analysis for randomness using well-established test suites, including the NIST Statistical Test Suite (STS), Dieharder, and PractRand.

Avalanche and Diffusion Analysis: A single-bit flip in the input to the permutation must be shown to cause an average of 50% of the output bits to flip, with this effect achieved within 4-5 rounds.

Linear/Differential Cryptanalysis:

8. Naming and Parameters

The official naming convention for the suite and its components is as follows:

Permutation: PMΩ-P-1024/12 (State/Rounds)

Hash Function: PMΩ-Hash-512 (r=512, c=512), with variants PMΩ-Hash-384 and PMΩ-Hash-256.

PRF/XOF: PMΩ-PRF-256, PMΩ-XOF.

AEAD Scheme: PMΩ-Seal-256 (256-bit tag).

Constant Generation Seed: "PureMaTH-PMΩ v1 :: Brendon Joseph Kelly :: 2025-09-09"

Automated tools using MILP (Mixed-Integer Linear Programming) or SAT/SMT solvers should be used to search for low-weight differential and linear trails across reduced-round versions (3-5 rounds) of the permutation. The bounds found must be published.

Structural Properties: The permutation must be analyzed for trivial fixed points or short cycles.

Indifferentiability: The security claims for the sponge construction must be clearly documented in relation to its capacity, adhering to the indifferentiability framework.

Test Vectors: A comprehensive set of at least 10 canonical test vectors for all modes (Hash, PRF, AEAD) must be provided to ensure correct implementation.

9. Conclusion

The PureMaTH-Ω suite represents a novel and holistic approach to cryptographic design. It combines the performance and security of modern ARX+M permutations and sponge-based modes with a unique, verifiable, and sovereign method for constant generation via the K-Process. This creates a complete, ready-to-deploy symmetric-key system designed for the challenges of the present and the post-quantum future. We present this design to the community for public scrutiny and analysis, confident in its robust and transparent foundation.