DEV Community: Noir

I Built a Cryptographic Cipher From Scratch. 5.22 GiB/s. 251 Tests. Zero Borrowed Code.

Noir — Tue, 24 Mar 2026 05:08:18 +0000

The One-Sentence Version

In every cipher ever published, symbol A has a fixed value. Encryption hides what A means. In KK, symbol A has no fixed value. Its value is a function of the universe at the instant it was born.

KK(S) = S XOR E : state XOR universal entropy at the precise instant of creation

Encode the same byte twice, one nanosecond apart, and you get two cryptographically unrelated outputs. Not different ciphertext from the same algorithm. A structurally different cipher at each moment.

Why I Built This

I wanted to answer a question nobody was asking: What if the cipher itself changed shape every time you used it?

Every mainstream cipher (AES, ChaCha20, Keccak) treats its algebraic structure as fixed. The key selects a path through that structure, but the structure itself is a constant. KK flips this. The permutation's rotation schedule is derived from real-world entropy (CPU counters, thread jitter, OS randomness), so the algebraic structure of the cipher is different on every single invocation.

The result is a 1600-bit sponge construction with:

32 rounds, each with 15 quintet operations = 480 quintet-rounds total
Two novel operations no published cipher uses (MFR and Data-Dependent Rotation)
5-word quintet mixing (no published cipher uses 5-word rounds)
Entropy-derived rotation schedules per invocation
Computed differential trail bound of 2^-26,712 and linear trail bound of 2^-2,544

And every cryptographic primitive ships from this single permutation. No external dependencies.

What Ships in the Box

Everything below is built from the KK permutation alone:

Primitive	What It Does
KK-Hash	256-bit collision-resistant hash
KK-KDF	Key derivation with per-derivation rotation schedule
KK-MAC	Message authentication, constant-time verify
KK-AEAD	Authenticated encryption with associated data
Rope Ratchet	4-strand forward-secret session protocol
KK-EKA	3-message key agreement, zero external primitives
KK-RNG	Forward-secret DRBG, ratchets on every call
Temporal Commitment	Binds ciphertext to the exact entropic instant
Streaming	Chunk-based large message support
AVX-512 Batch	8 sponge states in lockstep across 512-bit registers
GPU	wgpu + CUDA acceleration, byte-identical to CPU
no_std	Bare core for embedded / WASM

Zero external cryptographic dependencies. Not "we wrap AES for the heavy lifting." Zero.

Show Me the Code

use kk_crypto::{encode, decode};

let key = b"our-shared-secret";

// Encode: symbol values become functions of this cosmic instant
let packet = encode(key, b"Hello KK!").unwrap();

// Decode: same secret, same moment reference, same message
let plaintext = decode(key, &packet).unwrap();
assert_eq!(plaintext, b"Hello KK!");

AEAD:

use kk_crypto::{encode_aead, decode_aead};

let key = b"our-shared-secret";
let aad = b"metadata-not-encrypted-but-authenticated";

let packet = encode_aead(key, aad, b"secret payload").unwrap();
let plaintext = decode_aead(key, aad, &packet).unwrap();

Forward-secret sessions with the Rope Ratchet:

use kk_crypto::{encode_session, decode_session, RopeRatchet};

let key = b"session-key";
let mut alice = RopeRatchet::new(key);
let mut bob   = RopeRatchet::new(key);

let (packet, step) = encode_session(&mut alice, b"message 1").unwrap();
let plaintext = decode_session(&mut bob, &step, &packet).unwrap();
// Old keys are gone. Backward computation is impossible.

Performance

All numbers on a single AMD Ryzen 9 9950X3D. Criterion framework, 100 samples per benchmark.

Batch AEAD

Workload	Throughput
1,000 x 64 KB	5.22 GiB/s
1,000 x 16 KB	2.40 GiB/s
1,000 x 4 KB	1.53 GiB/s

Core Primitives

Primitive	Speed
KK permutation (32 rounds)	1.14 us
KK-Hash	186 MiB/s
KK-MAC	127 MiB/s
KK-KDF	145 MiB/s
KK-RNG (forward-secret per call)	186 MiB/s
KK-EKA handshake	44.6 us (22,400/sec)

Scaling

Config	Throughput
Single core (AVX-512)	497 MiB/s
16 threads	4.09 GiB/s
32 threads (SMT)	5.22 GiB/s
GPU (CUDA, RTX 5080)	2.08 GiB/s

For context: single-core throughput matches SHA-3/Keccak while doing significantly more work per byte (entropy capture, temporal binding, per-chunk key derivation).

The Novel Operations

MFR (Multiply-Fold-Rotate)

Widening 64-bit multiply, fold XOR, fixed rotation. Non-linear, bijective, full-word mixing. Every bit of input affects every bit of output within a single application.

DDR (Data-Dependent Rotation)

The rotation distance is derived from all 64 bits of the input word. This is implemented as constant-time branchless code, so no timing side-channels. The critical property: no published linear or differential analysis framework efficiently handles data-dependent rotations. The best an attacker can do is assume uniform rotation distribution, which gives a provable per-quintet linear probability ceiling of LP <= 2^-12.

Together, these operations interact to create what I call complementary duality: the MSB differential weakness of MFR and the LSB linear weakness sit at opposite ends of the word. No single bit position is exploitable in both attack dimensions simultaneously.

Formal Analysis Highlights

I didn't just build it and hope. The repository includes formal differential and linear analysis:

Full Difference Distribution Table (DDT) computed for a reduced sponge
Full Linear Approximation Table (LAT) computed
Bit-0 independence proof: Bit 0 never reaches the DDR rotation distance, proving its differential trail bound is exact (not a statistical artifact)
4-round full diffusion confirmed when DDR floor is included
Differential bound 33,390x beyond 2^-800 target
Linear bound 3.18x beyond 2^-800 target

All analysis code ships in /examples/ so you can reproduce every number.

The Honest Parts

Let me be upfront about what KK is and isn't:

KK has not been peer-reviewed. It's submitted to IACR ePrint (2026/108500), but no third-party cryptographer has audited it yet. Don't use it for production security until that happens.

The base codec has no replay protection. You need sequence numbers or timestamps at the protocol layer. (The Rope Ratchet sessions do provide forward secrecy.)

This is novel cryptography. The entire cryptographic community's default position on novel ciphers is skepticism, and rightly so. I welcome that scrutiny.

The Numbers That Matter

Metric	Value
Tests passing	251 (zero failures)
Fuzz targets	8
Lines of Rust	~8,000
External crypto deps	0
Differential trail bound	2^-26,712
Linear trail bound	2^-2,544
Batch AEAD throughput	5.22 GiB/s
Forward-secret handshakes	22,400/sec

Try It

[dependencies]
kk-crypto = "0.1"

cargo test            # 251 tests
cargo bench           # 56 criterion benchmarks
cargo clippy          # zero warnings

no_std for embedded/WASM:

[dependencies]
kk-crypto = { version = "0.1", default-features = false }

Can you stop packet loss completely, dunno, maybe..?

Noir — Wed, 18 Mar 2026 14:32:33 +0000

If you've ever had a TCP connection between two distant regions, say London to Sydney, you already know what happens. A tiny bit of packet loss and your p95 latency goes off a cliff. TCP retransmits are brutal over long routes.
The standard answer is "just deal with it" or "pay for a premium network." Neither felt right so I built something else.
entrouter-line is a cross-region relay that sits between your nodes and absorbs packet loss using Reed-Solomon Forward Error Correction. The idea is simple, instead of waiting for TCP to detect loss and retransmit, FEC sends enough redundancy that the receiving end can reconstruct missing packets without asking for them again.
The numbers on London to Sydney over cheap Vultr VPS:

0% loss  →  relay p95: 280ms  |  direct TCP p95: 271ms  (TCP wins by 9ms, fair)
1% loss  →  relay p95: 280ms  |  direct TCP p95: 758ms  (relay wins by 478ms)
3% loss  →  relay p95: 280ms  |  direct TCP p95: 817ms  (relay wins by 537ms)
5% loss  →  relay p95: 280ms  |  direct TCP p95: 1089ms (relay wins by 809ms)

Relay latency is dead flat whether there's 0% or 5% loss. TCP p95 just keeps climbing.
At baseline the relay adds ~9ms for encryption + FEC + UDP tunnelling. The moment any loss appears that cost pays for itself immediately.
A few other things it does:

Routing via real-time latency mesh with Dijkstra shortest-path, not BGP. It actually measures which path is fastest right now and uses that.
QUIC 0-RTT edge termination so new connections are instant.
All inter-node traffic encrypted with ChaCha20-Poly1305. No PKI needed, just a shared key per peer.
Zero relay overhead, measured loss exactly matches simulated network loss. The relay itself adds nothing.

It handles up to 10% link loss with perfect recovery and degrades gracefully up to around 22%. Above 25% loss on a 273ms RTT route even QUIC starts falling apart, that's a physical constraint, not a code one. Real backbone loss between major cities is typically under 2% so in practice this covers everything short of a damaged undersea cable.
Written in Rust. Single binary. Docker image available.

cargo install entrouter-line

GitHub: https://github.com/Entrouter/entrouter-line

Curious if anyone else has dealt with cross-region tail latency issues and what they ended up doing about it.

Noir - Out

I got tired of escaping quotes in SSH commands, so I made a small CLI tool that sidesteps the problem entirely.

Noir — Wed, 18 Mar 2026 14:10:41 +0000

I built a CLI tool and Rust crate that solves a problem I kept running into shell escaping breaking commands when piping them through SSH, Docker exec, kubectl exec, or cron.

The idea is simple. Instead of fighting with nested quotes and backslashes, you pipe your command through entrouter, which base64-encodes it locally, sends it to the target, decodes it there, and executes it. The command never touches an intermediate shell, so quotes, JSON, special characters all arrive intact.

echo 'curl -s -X POST -H "Content-Type: application/json" -d {"key":"value"} http://localhost:3000/api' | entrouter ssh root@your-vps

No escaping. First try. Every time.

What it does:

entrouter ssh - run commands on remote machines without escaping

entrouter docker - run commands inside containers without escaping

entrouter kube - run commands inside Kubernetes pods without escaping

entrouter cron [schedule] - encode commands into cron-safe lines (no % breakage)

entrouter exec - decode and execute locally (safe command storage)

entrouter encode/decode/verify - base64 + SHA-256 fingerprinting for data integrity

entrouter raw-encode/raw-decode - plain base64 for piping

Beyond the CLI, the library side gives you four integrity tools:

Envelope - wrap data in base64 with a SHA-256 fingerprint. Four flavors: standard, URL-safe, compressed, and TTL (self-expiring).

Chain - cryptographic audit trail where each link references the previous fingerprint. Tamper with one link and everything after it breaks.

UniversalStruct - per-field integrity verification. Tells you exactly which field was tampered with, not just "something broke."

Guardian - checkpoint data at every layer of your pipeline. Tells you exactly which layer corrupted it.

28 tests covering SQL injection strings, null bytes, unicode edge cases, emoji, XSS payloads, Redis protocol characters, path traversal, format strings, and zero-width characters.

A few things that might matter to you:

Single static binary, no runtime. No Python, no Node, no dependencies. cargo install and done.
Multi-host support. `

shell echo 'systemctl restart nginx' | entrouter ssh root@web1,root@web2,root@web3
`, runs sequentially, shows output per host.
Connection multiplexing built in. First SSH takes normal time, subsequent calls to the same host reuse the connection and complete near-instantly. Handy if you're scripting a bunch of commands against the same box.
Integrity verification. Every encoded payload gets a SHA-256 fingerprint, so you can verify nothing got mangled in transit if you're paranoid like me. It's ~3MB. That's it. That's the whole tool.

I know heredoc and base64 piping exist, I've done that dance too. This just wraps it into something I don't have to think about anymore. If you manage boxes and regularly SSH commands with gnarly quoting, give it a look.

`cargo install entrouter-universal`

GitHub: https://github.com/Entrouter/entrouter-universal

crates.io: https://crates.io/crates/entrouter-universal

Docs: https://docs.rs/entrouter-universal

Would love to hear feedback or ideas for other transports worth supporting.

Just looking to see if this could be helpful for anyone.

Thanks