This tool locks a short message so only someone with the same secret key can read it — like a padlock where the key is a set of numbers you choose. The lock is built from advanced math (the geodesic length spectrum of a Fuchsian group; the key is the entries of g Möbius generators), but you don't need to know any of that to use it. Just pick your numbers, type a message, and press a button. Everything runs on your own device — nothing is sent anywhere. This is a research demo, not a vetted security product. Source · U.S. Patent Pending 64/067,703.
New to this? Start with the green practice box just below — it's the easy version. Then come down to the full tool. · Already know how? Open the standalone tool ↗
This uses the same algorithm as the full tool below, with two generators fixed and standard mode only. Enter a key, type a message, encrypt it, then decrypt to see it come back. The trace formula check runs live as you type.
Each matrix must be hyperbolic: the trace (top-left + bottom-right diagonal) must satisfy |trace| > 2 — meaning the sum is greater than 2 or less than −2. This is the geodesic condition. The cipher checks it live for each matrix as you type.
Scrambled code appears here.
Your message appears here.
The full tool below lets you choose 2–6 generators, High mode for stronger encryption, and an optional AES-GCM outer wrap.
Go to the full tool ↓ Open standalone ↗Put in your key, type your message, and press Encrypt. You'll get scrambled code to copy and send.
Your scrambled code will appear here. Send it to your friend along with the key and settings.
Use the same key and settings the sender used, paste their scrambled code, and press Decrypt.
The secret message will appear here.MSIA is one small worked example from a larger study of post-quantum cryptographic primitives rooted in the Langlands program, hyperbolic geometry, and related number-theoretic structures. That study sits alongside Logarchéon’s primary research tracks in ASI seed architecture (the CEAS / Ψ-operator / GRAIL triadic framework) and Indo-Pacific lawfare — it is not the center of those programs, but draws on the same mathematical substrate.
The construction came from the matrix identity det(I − zA)⁻¹ = exp(Σ Tr(Aᵐ)zᵐ/m), which translates simultaneously between symbolic dynamics, linear algebra, and spectral geometry. Making that translation one-way is the cryptographic idea; the specific hard problem is the length-spectrum inverse problem for Kleinian groups in ℍⁿ, n≥3. See the detailed sections below the tool for the full mathematical development.
Each generator adds four real key parameters (~97 bits at High precision). Once the key space exceeds the 256-bit derived key, the SHA-512 floor dominates; under Grover that floor is 2¹²⁸ — the NIST quantum-safe bar.
| config | key space | classical | quantum (Grover) | quantum-safe? |
|---|---|---|---|---|
| Standard g=2 | 2⁶¹ | ~21 min (nation-state) | instant | no |
| High g=2 | 2¹⁹⁴ | > age of universe | ~10⁶ yr | no (2⁹⁷) |
| High g=3 | 2²⁵⁶ (SHA-capped) | > age of universe | > age of universe | yes (2¹²⁸) |
| High g≥4 | 2²⁵⁶ (SHA-capped) | > age of universe | > age of universe | yes (margin) |
All computation runs locally in your browser. Once loaded, no network is needed — disconnect Wi-Fi and encrypt/decrypt still work. Verify by turning off networking and watching a round-trip succeed.
Each number may be positive or negative and need not be a whole number (e.g. -2.5, 1.41421356). Each generator must be hyperbolic: its two diagonal numbers add to more than 2 or less than −2, checked live. Digit count does not affect speed — a double is 64 bits regardless. More digits give a larger key space at no speed cost.
This demo handles short messages (up to 64 bytes). The method generalizes to full documents and files in a native implementation; the limit is a property of this demo, not of the construction.
The sections below develop the mathematics, the construction, the hardness argument, and where MSIA sits in a broader research program.
MSIA originates in a single algebraic identity that holds for any square matrix A over any commutative ring, proved by expanding log det = tr log:
The left side is a rational function in z — the reciprocal of a characteristic polynomial. The right side is an exponential generating function of matrix traces. What makes the identity remarkable for cryptography is not the algebra but the triple simultaneous translation it performs:
The coefficients of log ζA(z) count primitive periodic orbits by length. Each (ℓi, ci) pair is an orbit of period ℓi with multiplicity ci.
The left side det(I − zA)⁻¹ is the characteristic polynomial of the companion matrix A. Factoring it reveals the orbit structure.
When A is the transfer matrix of a geodesic flow on ℍⁿ/Γ, the poles of ζA(s) are the eigenvalues of the Laplacian — the Selberg trace formula is the analytic version of this identity.
The cryptographic insight is: this identity can be made one-way if the primitive elements (the ℓi) are chosen from a mathematical structure whose inverse problem is computationally hard. Going from A to ζA is fast — matrix exponentiation. Going from ζA back to the primitive (ℓi, ci) data requires solving a problem that the entire mathematical community has worked on for decades without a general efficient algorithm.
This insight is not new as a mathematical observation — the identity has been known since Bowen, Ruelle, and Artin–Mazur in the 1960s–70s. What is new is recognizing it as a cryptographic primitive and building a concrete keyed encryption scheme on top of it. The key selects which Kleinian group Γ to use; the primitive geodesic lengths ℓi of Γ are the secret orbit data; the ciphertext is the characteristic polynomial of the companion matrix. Decryption recovers the ℓi using the key. An attacker without the key must recover ℓi from the ciphertext alone — which requires solving the length-spectrum inverse problem.
MSIA rests on four mathematical domains, each contributing an essential component of the construction.
Given a finite group G and a prime p, the modular representation theory of G over 𝔽p studies how modules decompose into indecomposable blocks. The key tool is the Brauer character, which tracks how ordinary complex characters reduce mod p. For MSIA, this machinery provides the algebraic ground in which the companion matrix A(p) lives: A lives in Matn(𝔽p), and its characteristic polynomial det(I − zA) factors into irreducibles in 𝔽p[z] corresponding to the symbolic orbit data. The factorization pattern — which irreducibles appear, with what multiplicities — encodes the secret message. Recovering the message from the polynomial requires inverting this block decomposition, which is hard precisely because modular decomposition is non-canonical and the blocks can be obfuscated by conjugation.
A subshift of finite type (SFT) is a dynamical system on a finite alphabet where transitions are governed by a 0–1 adjacency matrix A. Periodic orbits of the SFT correspond to words that can be traced through A indefinitely. The Artin–Mazur zeta function ζA(z) = 1/det(I − zA) encodes the number of periodic orbits of each length. For MSIA, the symbolic dynamical system is the geodesic flow on ℍⁿ/Γ — the hyperbolic manifold associated to the Kleinian group Γ determined by the key. The "periodic orbits" of this flow are the closed geodesics; their lengths are the primitive lengths ℓi. The Artin–Mazur zeta function becomes the Selberg zeta function in this setting, connecting symbolic dynamics to spectral geometry.
A Schottky group Γ is a free group of Möbius transformations generated by parabolic or hyperbolic elements, constructed by specifying 2g disjoint Jordan curves C1, C1′, …, Cg, Cg′ in S² and taking the generators to be the Möbius maps sending the exterior of Ci to the interior of Ci′. The resulting quotient ℍ³/Γ is a hyperbolic 3-manifold (or handlebody); its primitive closed geodesics have lengths ℓi that are determined by the generator matrices — the conjugacy class lengths of the group elements.
For the key, the user supplies the 2×2 real matrices of these generators. The condition |trace| > 2 ensures each generator is hyperbolic — it has two fixed points on the boundary S² = ∂ℍ³ and acts by a pure stretch along the geodesic connecting them. The geodesic length is ℓ = 2 · acosh(|tr(G)|/2). With g generators, the group has infinitely many closed geodesics but they are generated by the finite set of primitives, and the key selects exactly which group Γ is used. Mostow rigidity (dimension ≥ 3) guarantees that the group Γ is uniquely determined by its geometry up to isometry — an attacker cannot find a different group with the same length spectrum.
The Selberg zeta function ζΓ(s) is defined by the Euler product over primitive closed geodesics of ℍⁿ/Γ:
Its zeros lie at the eigenvalues of the Laplacian on ℍⁿ/Γ — a fact proved by the Selberg trace formula, which relates the spectrum of the Laplacian to the geodesic length spectrum. This is the continuous analog of the matrix identity above. The Riemann Hypothesis analog for the Selberg zeta is proven (Selberg 1956 for n=2, Patterson-Sullivan and others for n>2): all non-trivial zeros lie on the critical line Re(s) = (n−1)/2. This means the distribution of geodesic lengths is provably well-controlled — a stronger foundation than classical cryptography has for the distribution of rational primes, where the Riemann Hypothesis remains open.
The Prime Geodesic Theorem gives the density: #{γ primitive : ℓ(γ) ≤ L} ~ e(n−1)L / ((n−1)L) as L → ∞. This gives exact control over the number of available geodesics of each length, letting you calibrate key space precisely — analogous to knowing exactly how many RSA primes exist below a given bound.
The full encryption pipeline maps a message to a ciphertext through the mathematical objects described above. Here is the complete flow, followed by the two implementation variants and the decryption path.
Step 1: Symbolic encoding. Each byte (or chunk of bytes) of the message m is assigned a pair (ℓi, ci) where ℓi is a geodesic length derived from the key generators and i is the position in the message. The lengths are computed by the formula ℓi = 2 · acosh(|tr(G1(i+1) G2 … Gg(i+g))|/2), scaled and rounded to an integer modulo the prime P. Multiple chunks derive distinct lengths because the matrix product depends on the position index i.
Step 2: Modular zeta construction. The symbolic pairs define a modular zeta function over 𝔽p:
This is the algebraic / modular analog of the Selberg–Artin–Mazur zeta function, computed purely over the finite field 𝔽p = ℤ/Pℤ, requiring no analytic convergence.
Step 3: Companion matrix. The companion matrix A(p) ∈ Matn(𝔽p) is the matrix whose characteristic polynomial det(I − zA(p)) equals ζp(z)−1. Its block-diagonal structure encodes the orbit data; Brauer character obfuscation conceals the decomposition from an attacker who sees only the matrix.
Step 4: Ciphertext. The ciphertext is χ(z) = det(I − zA(p)) ∈ 𝔽p[z] — the characteristic polynomial of A(p) — together with an HMAC authentication tag. An attacker who intercepts χ(z) must factor it over 𝔽p[z] and match the factors to symbolic orbits without knowing the group Γ determined by the key.
There are two fundamentally different ways to implement decryption, and they correspond to two different security postures:
The full geometric construction is implemented faithfully — the geodesic lengths ℓi are derived from the key generators exactly as the scheme specifies. Because the formal hardness proofs (Lean 4 verification and external cryptanalysis) are not yet finished, the demo does not yet rely on the geometric inversion problem for its security guarantee; instead it feeds the ℓi into SHA-512 to produce the actual cipher key K, with an HMAC tag for authentication. This gives a guaranteed, well-understood security floor today, independent of how the geometric hardness ultimately resolves. Decryption recomputes the ℓi from the generators and re-derives K. Under Grover's algorithm, SHA-512's effective quantum security is 2128 at High mode with g≥3 generators — the NIST quantum-safe bar.
The characteristic polynomial χ(z) is treated as the genuine ciphertext, and decryption requires inverting the length-spectrum map — recovering the ℓi from χ(z) without the key. This is the version where the geometry itself carries the security guarantee, resting on the inverse spectral problem for Kleinian groups, an open problem in arithmetic geometry. The geometric construction is already built (Option A uses the same lengths); what Option B requires, and what is not yet established, is the formal proof that recovering those lengths is hard. The pure-algebraic recovery path — companion blocks of xℓ−1, block-diagonal assembly, diagonal disguise, and Vandermonde solve from the power-trace vector — is demonstrated live in the Algebraic constructions section below. Until the hardness proof and external cryptanalysis are complete, the everyday tool keeps the SHA-512 floor rather than relying on the geometric hardness alone.
Decryption in Option A recomputes the geodesic lengths ℓi from the generator matrices, re-derives the SHA-512 key K = SHA-512(ℓ1, …, ℓt), and verifies the HMAC tag. If the key matches, the XOR keystream is regenerated and the plaintext is recovered. Wrong key → HMAC fails cleanly. The geometric structure — the matrix products, the acosh computation, the scaling and reduction mod P — is only a key-derivation mechanism; it does not appear in the ciphertext.
Option B's decryption path (not yet implemented) would require: (1) factoring χ(z) over 𝔽p[z], (2) matching the factors to primitive orbit lengths, and (3) inverting the length spectrum to recover Γ and the key. Step (3) is the hard step — it is open in the mathematical literature for dimension ≥ 3.
The papers establish multiple independent hardness arguments for MSIA, targeting different complexity classes and attack models.
The MSIA inversion problem — given a characteristic polynomial χ(z) ∈ 𝔽p[z], recover the symbolic orbit data (ℓi, ci) that produced it — can be used to solve 3-SAT in polynomial time if an efficient inversion algorithm exists. The reduction encodes 3-SAT clauses into the symbolic orbit structure: satisfying assignments correspond to consistent orbit decompositions of χ(z), and the inversion algorithm would find one if it exists. Therefore efficient MSIA inversion implies P = NP. The same reduction shows that even approximate inversion (within polynomial error) remains NP-hard.
A stronger result: computing the power-sum traces Tr(Am) from χ(z) alone is #P-hard. This is established by reduction from the problem of counting independent sets in a graph (a #P-complete problem). The companion matrix A encodes a graph-like structure in its block decomposition; recovering the trace sequence from the characteristic polynomial requires counting independent sets in this structure. #P-hardness is strictly stronger than NP-hardness — it says that even a probabilistic polynomial-time oracle for NP cannot solve the problem efficiently.
A third hardness source: given the set of geodesic lengths {ℓ(γ)} of a Schottky group Γ (its "length spectrum"), recover the conjugacy classes of the generators of Γ. This is the Schottky conjugacy-class length problem. It is a variant of the inverse spectral problem and is not known to be in any subexponential-time algorithm. The reduction from this problem to MSIA inversion shows that breaking MSIA is at least as hard as solving the conjugacy-class length problem.
Shor's algorithm and its generalizations work by solving the Hidden Subgroup Problem (HSP) on an abelian group via quantum Fourier sampling. RSA's vulnerability: factoring reduces to HSP over ℤ. ECC's vulnerability: discrete log reduces to HSP over ℤ/nℤ. MSIA's geodesic flow has SO(n,1) symmetry — the group of orientation-preserving isometries of ℍⁿ. For n ≥ 2, SO(n,1) is a simple non-abelian Lie group. The non-abelian HSP over SO(n,1) is not known to be solvable in polynomial time even on a quantum computer. There is no known quantum Fourier transform that exploits SO(n,1) structure, and the representation theory of non-compact simple Lie groups is not amenable to the sampling techniques used in Shor's algorithm.
Mostow's rigidity theorem (1968, extended by Prasad and others): if n ≥ 3 and Γ, Γ′ are lattices in SO(n,1) with isomorphic fundamental groups, then ℍⁿ/Γ ≅ ℍⁿ/Γ′ as Riemannian manifolds. In other words, for dimension ≥ 3, the geometry uniquely determines the group up to isometry. There are no non-isometric hyperbolic manifolds with the same volume, spectrum, or length spectrum (up to a conjecture by isospectral forms in higher dimensions, where even the Vignéras / Sunada construction produces distinct Γ).
For the MSIA inverse problem, Mostow rigidity means the inverse has a unique answer. An attacker is not searching for "any Γ that fits" but for the specific Γ that was used. This is harder than a problem with multiple valid inverses — the search space is the same but valid answers are isolated points, not large subsets.
The Prime Geodesic Theorem gives the precise asymptotic count of primitive geodesics of length ≤ L:
This exponential growth means the number of "cryptographic primes" (geodesics) available at a given length scale grows faster than polynomially. It also gives a precise handle on the key space — analogous to the prime counting function π(N) giving a handle on the RSA key space. Unlike π(N), the Prime Geodesic Theorem is a consequence of the proven Selberg zeta Riemann Hypothesis — the distribution of geodesics is provably well-controlled by a formula, not just conjectured to be so.
MSIA occupies a specific position in a hierarchy of cryptographic hardness assumptions, each corresponding to a different tier of mathematical depth. The table below places MSIA in context.
| tier | system / primitive | hardness basis | complexity floor † | quantum status | |
|---|---|---|---|---|---|
| 0 | Motivic zeta functions | Recovering motive from ζ; Standard Conjectures open | unmeasurable | unknown | ● completely new |
| 0–1 | Hyperbolic Neural Cryptosystem | Bulk-to-boundary reconstruction (holography, quantum gravity) + O(n,1) continuous isometry key | 2500+ | resistant | ● completely new |
| 1 | Automorphic L-functions | Hecke eigenvalue inversion; full Langlands functoriality open | 2300+ | resistant | ● completely new |
| 1 | MSIA — Selberg ζΓ, Kleinian n≥3 ← this demo | Length spectrum inversion; Arthur–Selberg; Prime Geodesic Theorem; Mostow rigidity | 2200+ | resistant | ● completely new |
| 1–2 | Artin L-functions / inverse Galois | Recovering Galois rep ρ from L(ρ,s); inverse Galois problem | 2200+ | resistant | ● new as primitive |
| 1–2 | Dessins d'Enfants / Belyi | Absolute Galois action on dessins; anabelian geometry | 2200+ | resistant | ● completely new |
| 2 | Hasse-Weil ζ (varieties, dim ≥ 2) | Torelli problem for abelian varieties | 2150+ | subexponential | ● essentially new |
| 2–3 | CSIDH / SQIsign | Supersingular isogeny / class group action | 2128 | subexponential | deployed PQC |
| 3 | ML-KEM / ML-DSA (NIST 2024) | Module-LWE | 2160 | 2130 | current standard |
| 4 | McEliece | Syndrome decoding | 2128 | 264+ | deployed PQC |
| 5 | NTRU | NTRU lattice | 2128 | 2128 | deployed PQC |
| 7 | SLH-DSA / LMS | Hash one-way function | 2128 | 2128 (Grover only) | deployed PQC |
| 8 | RSA / ECC | Factoring / ECDLP | 2112 | polynomial (Shor) | ● broken by Shor |
green = this demo gold = Logarchéon research programme
† Complexity floor — for deployed systems (Tiers 3–8): reflects cryptanalytic consensus on the minimum classical work to break the scheme. For research-stage entries (Tiers 0–2, marked ●): reflects the depth of the underlying open mathematical problem rather than a proven attack bound — no efficient classical attack is known, and in some cases no attack of any complexity has been formulated. Values above 2256 exceed the SHA-512 key floor and indicate mathematical rather than computational barriers. "Unmeasurable" means the underlying theory (Standard Conjectures, quantum gravity) is not yet complete enough to define an attack space.
Everything from Tier 0 through Tier 2 in the table — except the Hasse-Weil entry for elliptic curves specifically (which underlies existing isogeny crypto) — is unoccupied territory in cryptography. No deployed system, no NIST candidate, and no serious prior academic proposal uses any of these as the explicit cryptographic primitive. The reason is structural: the mathematics is too deep for most cryptographers, and most mathematicians working in these areas have not been thinking about cryptographic applications. The people who understand the Arthur-Selberg trace formula are not typically the people building encryption schemes.
The entries marked "completely new" have not appeared in any cryptographic proposal before MSIA and the Hyperbolic Neural Cryptosystem. The entries marked "new as primitive" have appeared peripherally in the mathematical literature in cryptographic contexts but have not been formalized as explicit hard problems for encryption. The Selberg zeta function has appeared in mathematics and physics for 70 years. It has never appeared as a cryptographic hardness assumption before this work.
The systems at levels 0–2 share a striking structural property: they are all connected to either the Langlands program (automorphic forms, L-functions, Galois representations) or Grothendieck's program (motives, dessins, anabelian geometry, étale cohomology). These are the two grand unification programs of 20th–21st century mathematics. It is not coincidental that the hardest cryptographic problems sit exactly at this boundary.
The Langlands correspondence conjectures that all reasonable L-functions — Selberg zeta, Artin L-functions, automorphic L-functions, Hasse-Weil zeta functions of varieties — are all instances of a single object: automorphic L-functions attached to representations of adele groups. If this is true (the evidence is overwhelming, though the full correspondence remains open), then the different systems at Tiers 0–2 in the table might not give independent hardness assumptions — they might all reduce to the same underlying hard problem through Langlands functoriality.
This is analogous to how RSA, DH, and ECDLP seemed like three independent hard problems but are all vulnerable to Shor because they share the same abelian group structure. If the Langlands unification holds, MSIA — properly generalized to the full automorphic level — would not be one instance among many but the right framework for the entire class of Langlands-based cryptographic hardness.
The research program that MSIA belongs to has two complementary directions and a Track C unification. All entries in the gold-highlighted rows of the table above are either existing work or planned contributions in this program. The two tracks are not independent: they are connected at their deepest mathematical level through a structural equivalence first proved by Kapustin and Witten (2006).
Track A approaches through the algebraic/arithmetic side; Track B through the geometric/physical side. Both are computational manifestations of the same underlying mathematical duality.
A hierarchy from specific to universal. MSIA sits in the middle; the program climbs upward toward more universal hardness assumptions and also examines the more specific cases below.
| paper | content | target | horizon |
|---|---|---|---|
| A1 · now | MSIA: Length Spectrum Inversion as post-quantum primitive. Formal hardness definition, Vandermonde correctness, FO-KEM, Lean 4 proofs. | CRYPTO / EUROCRYPT | immediate |
| A2 | Artin L-function cryptosystem: inverse Galois problem as trapdoor. Explicit construction using Frobenius conjugacy classes over number fields. | EUROCRYPT / TCC | near-term |
| A3 | Dessins d'Enfants cryptosystem: Belyi maps and absolute Galois group action as one-way function. Construction over Q̄. | CRYPTO / Annals adj. | medium-term |
| A4 | Full automorphic L-function crypto: unifying A1–A3 under the Langlands correspondence. Hecke eigenvalue inversion as master primitive. | Journal of Cryptology / JACM | long-term |
| A5 | Motivic crypto: when Standard Conjectures admit partial resolution, motivic zeta functions give hardness strictly above A4. | Future work | decade horizon |
A second framework whose hardness comes from physics rather than mathematics. Operates on high-dimensional continuous data (model outputs, embeddings, sensor readings) where Track A operates on symbolic discrete data.
| paper | content | target | horizon |
|---|---|---|---|
| B1 · now | Hyperbolic Neural Cryptosystem: formal construction, key = isometry T ∈ O(n,1), hardness from holographic bulk-to-boundary reconstruction + Langlands obfuscation in latent space. | CRYPTO / NeurIPS Security | immediate |
| B2 | Computational complexity of bulk reconstruction: connecting AdS inversion to complexity classes. Relationship to QMA-hardness and quantum circuit complexity. | STOC / CCC / QIC | near-term |
| B3 | Hyperbolic neural key exchange: replacing Diffie-Hellman with O(n,1) isometry agreement protocol. | IEEE S&P / EUROCRYPT | medium-term |
A natural question: MSIA rests on a concrete, computable identity — the Selberg / Artin–Mazur zeta product that translates geodesic lengths into a characteristic polynomial. Does the geometric Track B have an equally computable identity available right now, or is it purely aspirational? The answer is that it does, and which form it takes depends entirely on the dimension.
The BTZ black hole is ℍ³/Γ — precisely the Kleinian quotient MSIA uses. The Selberg zeta formalism has been applied directly to the Euclidean BTZ black hole, a quotient of ℍ³ by a discrete subgroup Γ. The one-loop bulk partition function, the boundary CFT partition function, and the Selberg zeta product over prime geodesics are the same object viewed three ways.
Given any two of: (i) the one-loop partition function, (ii) the quasinormal-mode frequencies, and (iii) the zeros of the Selberg zeta function, the third is constructible. In 3D the Track B computable identity is the MSIA identity — same prime geodesic lengths ℓ(γ), same product structure.
In higher dimensions the holographic retarded Green's function GR(ω) is computed numerically: solve the bulk wave equation (a second-order linear ODE in the radial coordinate) with ingoing boundary conditions at the horizon, then read off the ratio of asymptotic modes at the boundary. This is the established Horowitz–Santos–Tong / holographic-conductivity computation.
The forward direction (bulk geometry → GR) is numerically stable and well-implemented. The inverse direction (GR → quasinormal modes → bulk geometry) is the hard, cryptographic direction.
The structural parallel between the two tracks is exact. In higher dimensions the boundary Green's function factorizes meromorphically over its quasinormal-mode poles:
The quasinormal-mode frequencies ωn play the role of the geodesic lengths ℓi; the boundary Green's function plays the role of the characteristic polynomial det(I − zA). The key encodes the bulk geometry (black-hole parameters and field content); the ciphertext is sampled values of GR(ω); and the security would rest on recovering the quasinormal modes from those samples — an ill-posed inverse-scattering problem.
Bottom line. The condensed-matter holographic-conductivity work (Horowitz and collaborators) is not merely analogous to the Track B primitive — it is a working implementation of the forward identity. In 3D the identity is literally the MSIA Selberg product; in 4D/5D it is the numerically-computed boundary Green's function. The gap between this and a deployable Track B scheme is not a computational gap — the forward map runs today — but a hardness-formalization gap: proving that the inverse direction (recovering quasinormal modes from sampled GR values) is computationally hard remains open, exactly as MSIA's Option B does.
The long-horizon contribution that most dramatically elevates both tracks. Track C formalizes the Kapustin-Witten connection as a cryptographic theorem: MSIA (Track A) and the Hyperbolic Neural Cryptosystem (Track B) are dual manifestations of the same underlying hard problem.
S-duality, Langlands, and holography as a unified post-quantum cryptographic framework. MSIA and the Hyperbolic Neural Cryptosystem as dual manifestations of the same mathematical hardness. The Kapustin-Witten duality as a formal reduction between Track A and Track B security proofs.
Formal complexity theory for holographic inversion. Placing bulk-to-boundary reconstruction in a rigorous complexity class; connecting quantum gravity inversion to canonical hard problems. First formal bridge between quantum gravity and complexity-theoretic cryptography.
This program is comparable to what lattice cryptography represented in 1996 before Ajtai's worst-case to average-case reduction — a mathematical structure with deep hardness properties that had not yet been translated into a cryptographic framework. Three differences favour this program: the mathematical depth is greater (the Langlands program and quantum gravity are harder than lattice geometry); the work is already further along (two working implementations, a provisional patent, formal hardness papers); and the timing is better (NIST has just standardized lattice systems and the field is actively seeking diversity of hardness assumptions).
The core identity det(I − zA)−1 = exp(Σ Tr(Am)zm/m) holds for any matrix over any commutative ring — formally, there are infinitely many zeta-function-based constructions. Genuine cryptographic hardness, however, appears only when the inverse problem is computationally deep. The table below shows why most zeta functions do not yield hard cryptosystems, and which ones do.
| Zeta function | Primitives | Inverse problem | Hard? |
|---|---|---|---|
| Riemann ζ(s) | Rational primes {2,3,5,…} | Factor integers / recover primes | No — primes are explicitly constructible |
| Ihara ζ(X) of a graph | Prime cycles in finite graph | Factor the Ihara zeta polynomial | Moderate — depends on graph structure |
| Ruelle ζ for generic map | Periodic orbits of f | Recover f from its orbit count | Depends entirely on f |
| Selberg ζΓ(s) — MSIA | Primitive closed geodesics of ℍⁿ/Γ | Recover length spectrum from Γ | Yes — inverse spectral problem is open |
| Artin L-function of Galois rep ρ | Frobenius conjugacy classes | Recover ρ from L(ρ,s) | Yes — inverse Galois problem |
| Automorphic L-function | Hecke eigenvalues | Recover automorphic form from L-function | Yes — conjectured hard; Langlands core |
| Hasse-Weil ζ(V/𝔽q) | Points of variety over 𝔽qm | Recover variety from zeta | Yes — Torelli problem |
| Motivic zeta functions | Motivic cohomology classes | Recover motive from ζ | Yes — deeply open |
The hard cases are not arbitrary — they cluster around the same objects: automorphic forms, algebraic varieties over finite fields, Galois representations, and hyperbolic geometry. The Langlands program conjectures that all of these L-functions are instances of a single object (automorphic L-functions attached to representations of adèle groups), which would mean the different hard constructions may not yield independent hardness assumptions but rather different encodings of the same underlying problem. This is the direct analogue of how RSA, Diffie-Hellman, and ECDLP all seemed independent until Shor revealed they share abelian group structure. Whether that unification holds in the Langlands case remains an open conjecture — which is itself part of what makes this territory hard.
Among the hard instantiations in the table, the Selberg / Kleinian construction has four properties that distinguish it from the others as a cryptographic primitive.
Abstracting away the zeta / L-function structure entirely, the operative pattern is: a mathematical identity that translates between two representations, where the forward direction is efficient and the inverse direction connects to a deeply open problem. This pattern appears in several areas outside the Langlands hierarchy, constituting a broader landscape of potential post-quantum primitives.
The Jones polynomial V(L; t) = Z(ℝ³, L) (Chern-Simons partition function on link L). Computing V from L is #P-hard in general. The inverse — recovering L from V(L; t) — is an open problem in low-dimensional topology. Quantum resistant: the relevant group structure (quantum groups at roots of unity) is non-abelian with no known Fourier sampling structure.
The mapping class group Mod(Σ) of a surface contains the hard conjugacy problem and subsurface projection machinery. The identity connecting pseudo-Anosov maps to their dilatation spectra (Thurston's geometrization) is a potential encryption primitive, with hardness from the conjugacy problem in Mod(Σ).
A finite bipartite graph on a Riemann surface (dessin) corresponds bijectively to a Belyi pair (X, β). The absolute Galois group Gal(Q̄/Q) acts on dessins in a way that is still deeply mysterious. Identity: dessin ↔ Belyi pair. Hard problem: given a dessin, recover the algebraic curve over Q̄. Grothendieck's conjecture (faithfulness of the Galois action on dessins) is still open. Already listed as A3 in Track A above — this is the same territory reached from a different angle.
Mochizuki proved that the étale fundamental group π₁ét(X, x̄) completely determines X for hyperbolic curves over number fields. Identity: X → π₁ét(X). Hard problem: recover X from π₁ét(X). The proof is existential — no efficient algorithm is known. Hardness comes from the profinite structure of Gal(Q̄/Q).
The 1D inverse scattering problem (given S-matrix, recover potential V(x)) is solved via the Marchenko equation. The 3D case remains open. Identity: V(x) → S-matrix via the Lippmann-Schwinger equation. Hard problem: recover V from S in 3 dimensions. Resistant to quantum attacks because the problem is analytic and spectral, not algebraic.
Given |F̂(k)|² (diffraction magnitudes) but not the phase of F̂(k) = ∫ρ(x)eikxdx, recover ρ(x). Open in full generality for 2D and 3D. Identity: Fourier transform ρ ↔ F̂. Already used in some cryptographic proposals, though the hardness basis is less deep than the Langlands / spectral route.
Solutions R to R₁₂R₁₃R₂₃ = R₂₃R₁₃R₁₂ classify braided tensor categories. The identity connects R-matrices to knot invariants via the Reshetikhin-Turaev construction. Hard problem: given a knot invariant, recover R. Relevant to topological quantum computation; no known Fourier sampling vulnerability.
Computing tensor rank is NP-hard. Identity: a rank-r tensor T = Σi ai ⊗ bi ⊗ ci. Hard problem: given T, find its minimal decomposition. Resistant to known quantum attacks. The hardness is combinatorial rather than number-theoretic, distinguishing it from the Langlands cluster.
These alternatives converge on the same structural insight: deep mathematical hardness in the inverse direction tends to appear precisely where the relevant symmetry group is non-abelian and where the global mathematics community has worked for decades without a constructive inversion algorithm. The zeta / L-function route and the topological / anabelian route are different doors into the same territory — and the Langlands program conjectures they are ultimately different views of the same object.
This cryptographic study sits alongside, and is informed by, Logarchéon's two primary research tracks: ASI seed architecture (the CEAS / Ψ-operator / GRAIL triadic framework for recursive intelligence) and Indo-Pacific lawfare (legal-strategic analysis of the Taiwan Strait and associated legal instruments). The same spectral-geometric methods that appear in MSIA — Kleinian groups, geodesic flow, trace formulas — appear in the mathematical substrate of the CEAS architecture. The same concern with asymmetric capability gaps that drives the lawfare analysis drives the cryptographic research: encryption whose hardness assumptions are not yet in the adversary's threat model.
The tool above uses the hashed FO-KEM path. The constructions here demonstrate the algebraic core of MSIA directly: each character’s count becomes a companion block of xℓ−·1; the blocks are assembled by block-diagonal concatenation and disguised by a random diagonal similarity D−¹1AD; and for the pure-algebraic variant, decryption recovers the message by solving the Vandermonde system from the power-trace vector T — no hash involved.
A clean station for the receiving side. Paste a JSON ciphertext (or upload the saved file) and decrypt it on its own — the variant and generator count are read from the object, and the companion structure is shown as it recovers the message.