A 1600-bit sponge hash and cipher built from heterogeneous physics-based round transformations.
Status: Research prototype. Not audited. Not peer-reviewed. Do not use for production security.
PRE-1600 is an experimental cryptographic sponge that replaces the single repeated permutation used in SHA-3 (Keccak-f[1600] = 24 identical rounds of θ/ρ/π/χ/ι) with 48 rounds of 24 different transforms drawn from number theory, physics, and dynamical systems.
The core hypothesis: heterogeneous rounds create more complex internal structure than homogeneous rounds, making differential and linear cryptanalysis harder to model.
This is unproven.
- State width: 1600 bits (200 bytes), same as SHA-3/Keccak
- Sponge parameters: Rate = 136 bytes, Capacity = 64 bytes
- Rounds: 48 total — two full passes through all 24 transforms
- Padding: 10*1 with domain separator (0x1F)
- Output: 256-bit digest (configurable)
| # | Transform | Mathematical Domain |
|---|---|---|
| 0 | ARX mixing | Twin prime gap rotations |
| 1 | Triple S-Box | Twin/Sophie Germain/Mersenne substitution |
| 2 | Cellular Automaton | Rules 30/90/110/150 (state-selected) |
| 3 | Nuclear binding | Semi-Empirical Mass Formula (SEMF) |
| 4 | Fission cascade | Chain reaction bit splitting |
| 5 | Quantum tunneling | Fusion probability mixing |
| 6 | Hyperdimensional projection | High-dim rotation matrix |
| 7 | P-adic valuation | 2-adic/3-adic/5-adic permutation |
| 8 | Riemann zeta zeros | First 50 non-trivial zero positions |
| 9 | Path integral | Feynman 5-path interference |
| 10 | Goldbach decomposition | Partition-based diffusion |
| 11 | Sophie Germain chains | Safe prime chain mixing |
| 12 | Lorenz chaos | 3-axis strange attractor |
| 13 | Iron-56 convergence | Binding energy minimum attractor |
| 14 | Weyl sequence | Multi-irrational equidistribution |
| 15 | Crystallographic symmetry | Oh group (48-element) rotation |
| 16 | Mersenne reduction | Mersenne exponent modular reduction |
| 17 | Boltzmann entropy | State-dependent thermal mixing |
| 18 | Born rule | Wavefunction collapse sampling |
| 19 | Fibonacci-Lucas | Bidirectional recurrence |
| 20 | DNA codon | 3-frame reading mixing |
| 21 | Fourier butterfly | O(n²) DFT-inspired permutation |
| 22 | BEC condensation | Bose-Einstein ground state convergence |
| 23 | Grand Unified + Higgs | Coupling constant + symmetry breaking |
Implemented in pre1600_cipher.py:
- Hash (
pre1600_hash) — Standard sponge hash, 256-bit output - Stream cipher (
pre1600_encrypt/pre1600_decrypt) — Keyed sponge squeeze, XOR keystream - AEAD (
pre1600_seal/pre1600_open) — Authenticated encryption with associated data, ciphertext feedback, 256-bit tag - MAC (
pre1600_mac) — Keyed sponge MAC
Tested on identical inputs using Python hashlib.sha3_256 (C implementation) vs PRE-1600 (pure Python).
| Metric | PRE-1600 | SHA-3 | Notes |
|---|---|---|---|
| Avalanche % | 50.08% | 49.95% | Both near ideal 50%; marginal difference |
| Avalanche σ | 8.05 | 8.90 | Lower = tighter distribution |
| Bit bias (avg) | 0.0252 | 0.0403 | Lower = less bias per bit position |
| Byte χ² | 249.8 | 254.5 | Closer to 255 expected = more uniform |
| Bit-pair max φ | 0.2008 | 0.2120 | Lower = less correlated bit pairs |
| Sequential min hamming | 109 | 99 | Higher = better minimum diffusion |
| Metric | PRE-1600 | SHA-3 | Notes |
|---|---|---|---|
| Serial correlation | 0.018 | 0.010 | PRE-1600 is worse here. Lower = less autocorrelation between consecutive outputs |
Bit bias max, bit-pair average φ, differential uniformity, collision resistance (0/10000 both) — statistically equivalent on these tests.
| Implementation | Speed |
|---|---|
| SHA-3 (hashlib, C) | ~1,150,000 H/s |
| SHA-256 (hashlib, C) | ~1,700,000 H/s |
| PRE-1600 (pure Python) | ~100 H/s |
| PRE-256 optimized (pure Python) | ~6,800 H/s |
PRE-1600 is roughly 11,500× slower than SHA-3. This is mostly (but not entirely) the Python-vs-C gap. A C implementation would narrow this significantly, but the 24 heterogeneous transforms will always carry overhead compared to SHA-3's single repeated permutation.
PRE-1600 produces slightly more uniform statistical output than SHA-3 across most metrics in our test suite. The differences are small. Both are statistically excellent.
-
No security proof. SHA-3 (Keccak) has a formal security reduction to the sponge construction and has been the subject of 15+ years of public cryptanalysis. PRE-1600 has none of this.
-
Statistical tests ≠ cryptographic security. Passing NIST-style randomness tests is necessary but not sufficient. RC4 passes many statistical tests and is broken. A PRNG can look random and be completely predictable.
-
No differential/linear cryptanalysis. SHA-3's security margin is known — it survives the best known attacks with a wide margin. Nobody has attempted formal cryptanalysis of PRE-1600 because it was built this week.
-
Heterogeneous rounds are uncharted. The core premise — that diverse transforms are harder to attack — is intuitive but unproven. It's possible that the interaction between different transforms creates exploitable structure that doesn't exist in a well-designed homogeneous permutation. SHA-3's designers chose one simple, well-analyzed permutation for good reason.
-
Complexity is not security. More transforms means more code, more potential implementation bugs, and a larger attack surface. SHA-3's Keccak-f is ~20 lines of C. PRE-1600's permutation is ~750 lines of Python. Every line is a line that could be wrong.
-
Serial correlation is worse. PRE-1600's serial autocorrelation (0.018) is worse than both SHA-256 (0.004) and SHA-3 (0.010). This suggests consecutive outputs may have subtle dependencies that a dedicated attacker could exploit.
-
Python implementation means no timing guarantees. Constant-time behavior (critical for side-channel resistance) is impossible to guarantee in Python. The tag comparison uses
hmac.compare_digest, but the rest of the cipher has branching and data-dependent operations throughout.
-
The heterogeneous round approach is novel. Every published hash function we're aware of uses a single permutation repeated N times. Using 24 different transforms is unexplored design space. Whether it's better or worse is an open question.
-
State-dependent adaptation. Several rounds adjust their behavior based on the current state's entropy/density (Boltzmann, BEC, fusion). This is unusual and makes the permutation harder to characterize statically.
-
One permutation, four modes. The sponge construction gives you hash, stream cipher, AEAD, and MAC from a single primitive. This is shared with SHA-3 (Keccak already supports this via Keyak/Ketje) but not with SHA-256.
-
The statistical results are real. In a head-to-head test on identical inputs, PRE-1600 won 6 metrics, tied 4, and lost 1 to SHA-3. This doesn't prove security, but it proves the output distribution is at least competitive with a world-class hash function.
| File | Description |
|---|---|
pre1600_v2.py |
Core permutation: 1600-bit sponge, 48 rounds, 24 transforms, sponge hash |
pre1600_cipher.py |
Cipher suite: Stream cipher, AEAD, MAC (imports permutation from pre1600_v2) |
pre256.py |
PRE-256: 256-bit state variant with 12 rounds and 8 transforms |
pre256_fast.py |
Optimized PRE-256: word-level CA, translate tables, ~76× faster |
benchmark.py |
Statistical comparison script: PRE-1600 vs SHA-256 vs SHA-3 |
# Hash
python3 -c "from pre1600_v2 import pre1600; print(pre1600(b'hello').hex())"
# AEAD encrypt/decrypt
python3 -c "
from pre1600_cipher import pre1600_seal, pre1600_open
key = bytes(32) # your 256-bit key
nonce = bytes(16) # your 128-bit nonce
ct, tag = pre1600_seal(key, nonce, b'plaintext', b'associated data')
pt = pre1600_open(key, nonce, ct, tag, b'associated data')
print(pt)
"
# Run benchmark (takes ~5 minutes)
python3 benchmark.pyRequires Python 3.8+. No external dependencies.
MIT
Shane Fitzgibbon — concept, mathematical framework, testing Claude (Anthropic) — implementation, optimization, statistical analysis