A novel cryptographic framework for binding verifiable identity into high-dimensional vector spaces
⚠️ Research Software: HIE is an experimental research prototype. Its security properties have been empirically demonstrated but not formally proven. Do not use for production security without independent cryptographic audit.
HIE (Hyperdimensional Identity Entanglement) is a cryptographic framework that weaves verifiable identity keys into the functional representations of high-dimensional computing (HDC) systems. Unlike traditional encryption, which transforms data into obviously encrypted ciphertext, HIE produces protected vectors that are statistically indistinguishable from unprotected ones — the protection is invisible.
The core mechanism exploits a mathematical property of high-dimensional spaces: random vectors with D=10,000 dimensions are quasi-orthogonal (cosine similarity ≈ 0.00, std ≈ 0.01). This means that binding a vector to a key via element-wise multiplication produces a result that reveals nothing about either input to any observer without the key, while remaining perfectly reversible with the correct key.
HIE is designed for a problem class that does not yet have tools: protecting the identity of persistent computational systems — AI agents, autonomous models, and any system whose internal state represents "who it is" rather than merely "what data it holds."
Traditional cryptography protects data: files at rest (AES), messages in transit (TLS), and passwords at login (Argon2id). These tools are mature, powerful, and sufficient for their intended purpose.
But a new problem is emerging. As AI systems become persistent — remembering, learning, evolving over time — they develop something analogous to identity: a pattern of internal representations that defines their behavior, values, and capabilities. This identity is stored as vectors in high-dimensional spaces. Existing cryptographic tools cannot protect it, because:
- Encryption makes identity non-functional. AES-encrypting a neural network's weight vectors makes them unusable for computation. You must decrypt before processing, creating a window of exposure.
- Signatures are external. An RSA signature certifies that a model was produced by someone, but says nothing about whether its internal identity has been preserved after deployment.
- Traditional crypto is visible. An encrypted file is obviously encrypted. An observer can always tell that protection has been applied, revealing that something worth protecting exists.
HIE addresses all three limitations: protection is invisible, embedded in functional vectors, and evolves with the system it protects.
HIE weaves a resonance pattern into a vector by flipping a minimal set of dimensions (~3.6%). The woven vector remains bipolar, functional, and is statistically indistinguishable from an unwoven one. Empirical evidence: Kolmogorov-Smirnov test p > 0.05, lag-1 autocorrelation < 0.05.
Traditional encryption is all-or-nothing: you either have the key (full access) or you don't (zero access). HIE supports configurable binding depths (1–3), where shallower bindings allow partial functionality without the key while deeper bindings make components completely inaccessible.
HIE keys co-evolve with the protected system via the formula:
K_new = K_old ⊙ π_K(S_t) ⊙ π²_K(timestamp) [⊙ π³_K(secret)]
where S_t is the crystallized state at time t and π_K is a key-dependent Fisher-Yates permutation. An optional evolution_secret adds a fourth factor. A stolen key becomes useless after the next evolution event, without any manual rekeying.
HIE's protected binding injects key-dependent noise (~5% of dimensions) before binding and uses per-component derived keys (SHAKE-256). Even if an attacker has both the plaintext and ciphertext of one component, they recover only a corrupted key that is useless against other components.
HIE's security derives from the quasi-orthogonality of random vectors in high-dimensional spaces — a geometric property, not a number-theoretic one. This makes it inherently resistant to Shor's algorithm and provides a search space of 2^10,000 (reduced to 2^5,000 post-Grover).
┌──────────────────────────────────────────────────────────────┐
│ Layer 4 │ Morphic Key Evolution │
│ │ crystallizer → evolve → cascade → archive │
├──────────────────────────────────────────────────────────────┤
│ Layer 3 │ Resonance Binding │
│ │ registry → binder → unbinder → monitor │
├──────────────────────────────────────────────────────────────┤
│ Layer 2 │ Dimensional Weaving │
│ │ resonance → weaver → verifier │
├──────────────────────────────────────────────────────────────┤
│ Layer 1 │ Key Generation & Derivation │
│ │ entropy(Argon2id) → forge → splitter(Shamir/GF) │
│ │ key_derivation (SHAKE-256 per-component keys) │
├──────────────────────────────────────────────────────────────┤
│ Layer 0 │ HDC Primitives + Security Utilities │
│ │ vectors ⊙ binding + bundling π permutation cos │
│ │ constant_time (XOR compare, branchless select) │
├──────────────────────────────────────────────────────────────┤
│ Cross │ Persistence (AES-256-GCM) │ HSM Interface │
└──────────────────────────────────────────────────────────────┘
flowchart LR
subgraph "Layer 1: Key Generation"
A[Entropy Pool] --> B[Vector Forge]
B --> C[Key Splitter]
B --> D2[Key Derivation]
end
subgraph "Layer 2: Dimensional Weaving"
D[Resonance Pattern] --> E[Weaver]
E --> F[Verifier]
end
subgraph "Layer 3: Resonance Binding"
G[Component Registry] --> H["Protected Binder/Unbinder"]
H --> I["Integrity Monitor (3-level)"]
end
subgraph "Layer 4: Key Evolution"
J[State Crystallizer] --> K[Evolution Function]
K --> L[Re-Binding Cascade]
L --> M[Key Archive]
end
B --> D
D2 --> H
F --> G
I --> J
Layer 0 — HDC Primitives: Bipolar vectors in {-1, +1}^D, with binding (element-wise multiply, self-inverse), bundling (majority-rule sum), and key-dependent Fisher-Yates permutation (D! search space). Includes constant-time utilities for side-channel hardening.
Layer 1 — Key Generation & Derivation: Multi-source entropy (hardware RNG, timing jitter, Argon2id-hardened personal seed) → XOR-combined entropy pool → bipolar master key. Dimension-wise Shamir splitting over GF(257) for backup. SHAKE-256-based per-component key derivation for cross-component isolation.
Layer 2 — Dimensional Weaving: Key-dependent SHA-256-derived checksum positions make resonance detection impossible without the key. The weaver flips the minimum number of smallest-magnitude dimensions to achieve the target resonance. Constant-time verifier checks all blocks with branchless comparison.
Layer 3 — Resonance Binding: Protected binding with noise injection + derived component keys. Components bound at configurable depths (1–3) using key-dependent permuted key copies. Three-level integrity monitoring: quick (statistical), standard (SHA-256), deep (cross-component consistency).
Layer 4 — Morphic Key Evolution: Crystallize current state → combine with timestamp and optional secret using key-dependent permutations → evolve key → cascade protected rebind with iteration increment → archive old key. All evolved keys are quasi-orthogonal to predecessors.
| Property | Status | Evidence |
|---|---|---|
| Steganographic indistinguishability | Empirically demonstrated | KS test p>0.05, autocorrelation <0.05, mean ≈ 0.00 |
| Brute-force resistance | Provably large search space | 2^10,000 key space; D! permutations per layer |
| KPA resistance | Demonstrated | Noise injection + derived keys; 12 dedicated tests |
| Quantum resistance | Inherent by design | No factoring/discrete-log; Grover reduces to 2^5,000 |
| Perfect binding self-inverse | Mathematically proven | x² = 1 for all x ∈ {-1,+1} |
| Information-theoretic secret sharing | Proven (Shamir) | Standard Shamir property: t-1 shares reveal zero information |
| Temporal key invalidation | Demonstrated | Each evolution produces quasi-orthogonal key ( |
| Cross-component isolation | Demonstrated | Derived keys are pairwise quasi-orthogonal |
| Three-level tamper detection | Demonstrated | Quick/standard/deep checks with escalating confidence |
| Constant-time verification | Best-effort (Python) | XOR + accumulate; no early returns; branchless matching |
| Adversarial ML resistance | Demonstrated | Gradient optimization, random search, neural attacks all fail |
Important caveat: "Empirically demonstrated" ≠ "formally proven." Formal security proofs (e.g., IND-CPA reduction) are an open research direction.
Quasi-Orthogonality Theorem (informal): For two independent random bipolar vectors A, B ∈ {-1,+1}^D, the expected cosine similarity E[cos(A,B)] = 0 with standard deviation σ = 1/√D. For D=10,000, this gives σ ≈ 0.01, meaning random vectors are orthogonal with overwhelming probability.
Self-Inverse Binding: For bipolar binding ⊙ defined as element-wise multiplication:
(A ⊙ B) ⊙ B = A ∀ A,B ∈ {-1,+1}^D
Proof: (a_i × b_i) × b_i = a_i × b_i² = a_i × 1 = a_i for all a_i, b_i ∈ {-1,+1}.
Why this creates security: A ⊙ B is quasi-orthogonal to both A and B (each dimension's sign is flipped with 50% probability by a random key). Without knowing B, the result A ⊙ B is indistinguishable from a random vector — there is no structure to exploit.
Difference from number-theoretic cryptography: RSA, ECC, and Diffie-Hellman derive security from the computational hardness of specific mathematical problems (factoring, discrete log). HIE derives security from the geometric properties of high-dimensional spaces — a property that is independent of computational hardness assumptions and therefore resistant to quantum algorithms that exploit number-theoretic structure.
# Clone and install
git clone https://github.com/Artaeon/hie.git
cd hie
pip install -e ".[dev]"
# Run all tests
pytest tests/ -v
# Run an example
PYTHONPATH=. python examples/basic_usage.pyRequirements: Python ≥ 3.10, NumPy ≥ 1.24, argon2-cffi ≥ 23.1, cryptography ≥ 41.0, scipy ≥ 1.10 (dev)
import numpy as np
from src.primitives.vectors import generate_bipolar
from src.keygen.forge import forge_from_seed
from src.weaving.resonance import generate_resonance_pattern
from src.weaving.weaver import weave
from src.weaving.verifier import verify
# Generate a 10,000-dimensional key from a personal seed
key = forge_from_seed(b"My secret passphrase", d=10_000)
# Create a functional vector (e.g., an AI component's embedding)
vector = generate_bipolar(10_000, rng=np.random.default_rng(42))
# Weave the key's resonance pattern into the vector (invisible)
pattern = generate_resonance_pattern(key)
woven = weave(vector, key, pattern) # similarity ≥ 0.95 guaranteed
# Verify: only the correct key passes
result = verify(woven, key, pattern)
print(f"Verified: {result.passed}, match ratio: {result.match_ratio:.0%}")
# Output: Verified: True, match ratio: 100%from src.binding.registry import Component, ComponentRegistry
from src.binding.binder import bind_registry_component
from src.binding.unbinder import unbind_registry_component
from src.binding.monitor import IntegrityMonitor
# Create a component with KPA-resistant binding
component = Component(
name="identity",
vector=generate_bipolar(10_000),
binding_depth=3, # Maximum protection
)
registry = ComponentRegistry()
registry.add(component)
# Bind with derived key + noise injection (KPA protected)
bind_registry_component(component, key)
# Monitor for tampering (3 levels)
monitor = IntegrityMonitor()
monitor.register("identity", component.bound_vector)
# Quick check (< 1ms): shape, bipolarity, statistical
quick = monitor.quick_check("identity", component.bound_vector)
print(f"Quick check passed: {quick.passed}")
# Standard check (~1ms): SHA-256 fingerprint
print(f"Standard check: {monitor.check('identity', component.bound_vector)}")
# Recover with correct key
unbind_registry_component(component, key)import time
from src.evolution.crystallizer import crystallize_state
from src.evolution.evolve import evolve_key
from src.evolution.archive import KeyArchive
from src.primitives.similarity import cosine_similarity
# Crystallize current state from multiple bound components
crystal = crystallize_state([comp.bound_vector for comp in registry])
# Evolve the key (depends on: old key + state + time + optional secret)
k_old = key
k_new = evolve_key(k_old, crystal, timestamp=time.time())
# New key is quasi-orthogonal to old key
print(f"Old vs new key similarity: {cosine_similarity(k_old, k_new):.4f}")
# Output: ~0.00
# Archive for rollback capability
archive = KeyArchive(max_versions=3)
archive.push(k_new, timestamp=time.time())# Run all 175 tests
pytest tests/ -v
# Run with coverage
pytest tests/ --cov=src --cov-report=term-missing
# Run only security-specific tests
pytest tests/test_security.py tests/test_kpa.py tests/test_adversarial.py -v| Test Module | Tests | Coverage |
|---|---|---|
| test_primitives.py | 17 | Vectors, binding self-inverse, bundling, permutation quasi-orthogonality |
| test_keygen.py | 20 | Argon2id, timing entropy, hardware RNG, Shamir (bipolar + real-valued) |
| test_weaving.py | 12 | Key-dependent positions, minimal flips, KS test, autocorrelation |
| test_binding.py | 12 | Bind/unbind at all depths, wrong key/depth → garbage, registry |
| test_evolution.py | 13 | Crystallizer, evolution orthogonality, cascade, archive FIFO |
| test_security.py | 8 | 100 random keys fail, timing safety, depth attacks, match ratio ~50% |
| test_persistence.py | 12 | AES-GCM round-trip, tampering detection, secure wipe, HSM |
| test_integration.py | 9 | Full lifecycle, key evolution end-to-end |
| Test Module | Tests | Category |
|---|---|---|
| test_kpa.py | 12 | KPA vulnerability proof, KPA resistance proof, noise correctness |
| test_permutation_security.py | 6 | Brute-force resistance, key-dependent permutation properties |
| test_statistical.py | 6 | 10K random key attacks, chi-squared uniformity, woven distribution |
| test_drift.py | 5 | Resonance survival under 1-10% perturbation, evolution stability |
| test_evolution_security.py | 6 | Key invalidation, wrong state/time, 50-gen chain, evolution secret |
| test_component_isolation.py | 5 | Cross-component attack resistance, master key non-recoverable |
| test_integrity_monitor.py | 10 | Quick/standard/deep check, tampering detection, consistency |
| test_shamir_security.py | 5 | Single share reveals nothing, threshold enforcement, independence |
| test_persistence_security.py | 5 | Ciphertext corruption, wrong password, structure non-leakage |
| test_adversarial.py | 5 | Gradient optimization, random search, correlation, neural, resonance |
| test_constant_time.py | 7 | Constant-time comparison, equality, shape handling |
hie/
├── src/
│ ├── __init__.py # Package root, exports all public API
│ ├── primitives/
│ │ ├── vectors.py # Bipolar/binary vector generation
│ │ ├── binding.py # Element-wise multiply (self-inverse)
│ │ ├── bundling.py # Majority-rule sum → bipolar
│ │ ├── permutation.py # Key-dependent Fisher-Yates shuffle (π_K)
│ │ ├── similarity.py # Cosine similarity
│ │ └── constant_time.py # XOR compare, branchless select/eq
│ ├── keygen/
│ │ ├── entropy.py # Multi-source entropy + Argon2id
│ │ ├── forge.py # Entropy pool → bipolar master key
│ │ ├── splitter.py # Shamir SSS over GF(257)/GF(65537)
│ │ └── key_derivation.py # SHAKE-256 per-component key derivation
│ ├── weaving/
│ │ ├── resonance.py # Key-dependent resonance patterns
│ │ ├── weaver.py # Minimal-distortion pattern embedding
│ │ └── verifier.py # Constant-time resonance verification
│ ├── binding/
│ │ ├── registry.py # Component registry (with salt, iteration)
│ │ ├── binder.py # Protected multi-depth binding engine
│ │ ├── unbinder.py # Protected exact-reverse unbinding
│ │ └── monitor.py # Three-level integrity monitoring
│ ├── evolution/
│ │ ├── crystallizer.py # State → single crystal vector
│ │ ├── evolve.py # K_new = K_old ⊙ π(S) ⊙ π²(ts) [⊙ π³(s)]
│ │ ├── cascade.py # Protected rebind with iteration increment
│ │ └── archive.py # FIFO key version history
│ └── persistence.py # AES-256-GCM, secure wipe, HSM
├── tests/ # 175 tests across 18 files
├── examples/ # 3 runnable demonstrations
├── docs/
│ ├── architecture.md # Four-layer architecture reference
│ ├── security-analysis.md # Threat model and attack analysis
│ ├── comparison.md # HIE vs traditional cryptography
│ └── evaluation.md # Full system audit report
└── pyproject.toml # Package configuration
| Claim | Status | What's Needed |
|---|---|---|
| Self-inverse binding | Proven | N/A — mathematical fact |
| Quasi-orthogonality | Proven (probabilistic) | Central limit theorem for D→∞ |
| Steganographic indistinguishability | Empirically supported | Formal proof under computational steganography definitions |
| Brute-force resistance | Supported (search space argument) | Formal reduction to a known hard problem |
| KPA resistance | Empirically demonstrated (12 tests) | Formal proof of noise injection security |
| Quantum resistance | Conjectured (strong evidence) | Formal proof that no quantum algorithm improves on Grover |
| Constant-time verification | Best-effort (Python) | C/Rust implementation for true constant-time |
| Graceful degradation | Demonstrated | Formal model of partial access |
| Cross-component isolation | Empirically demonstrated (5 tests) | Formal proof of SHAKE-256 domain separation |
| Adversarial ML resistance | Empirically demonstrated (5 tests) | Formal lower bounds on optimization attacks |
@software{hie2026,
title = {HIE: Hyperdimensional Identity Entanglement},
subtitle = {Cryptographic Identity Binding via
High-Dimensional Vector Spaces},
year = {2026},
url = {https://github.com/Artaeon/hie},
note = {Research prototype — not yet peer-reviewed}
}- Key-dependent permutation — Fisher-Yates shuffle seeded by SHAKE-256 (D! search space)
- KPA protection — noise injection + per-component derived keys
- Strengthened evolution — key-dependent permutations + optional secret factor
- Three-level integrity monitoring — quick/standard/deep checks
- Constant-time utilities — XOR comparison, branchless select, arithmetic accumulation
- Comprehensive security test suite — 72 tests covering all attack vectors
- Formal security proofs — IND-CPA/IND-CCA analysis, reduction to LWE or similar
- C/Rust core — True constant-time binding, verification, and wiping
- Hardware HSM integration — PKCS#11 backend for key management
- Verifiable secret sharing — Feldman VSS extension for Shamir splitting
- NIST randomness testing — SP 800-22 test suite on entropy pool output
- Adversarial robustness bounds — Formal distortion limits and recovery guarantees
- Formal specification — Protocol-level specification for interoperability
- Peer review — Submit to IACR ePrint and relevant venues
MIT License. See LICENSE for details.
HIE builds on foundational work in Hyperdimensional Computing (HDC), also known as Vector Symbolic Architectures (VSA), pioneered by Pentti Kanerva, Tony Plate (Holographic Reduced Representations), and Ross Gayler. The cryptographic constructions use standard building blocks: Shamir's Secret Sharing (Adi Shamir, 1979), Argon2id (Alex Biryukov et al., 2015), and AES-GCM (NIST, 2007).