HypΓ — Canonical Architecture Reference

§0

Core Axioms

FOUNDATION

The Central Principle

The {8,3} hyperbolic tessellation is not decorative. Every component of HypΓ — key generation, encryption, error structure, and signing — is load-bearing on the same geometric object. Removing the geometry does not weaken the scheme. It destroys it.

The Geometric Object

The {8,3} Fuchsian group Γ = ⟨a,b | a⁸=b³=(ab)²=1⟩ acting on the Poincaré disk D ⊂ ℂ by Möbius transformations. Its Cayley graph is quasi-isometric to H² by Švarc-Milnor.

Three Interlocked Hard Problems

HWP — Noisy Word Problem in Γ → key security
HCVP — Hyperbolic Closest Vector Problem → encryption
HLSD — Hyperbolic LDPC Syndrome Decoding → error structure

Why Hyperbolic = Hard

In ℝⁿ: ball of radius r has volume ∝ rⁿ — polynomial. BKZ and enumeration exploit this. In H²: ball of radius r has volume ∝ sinh²(r) ~ e^(2r)/4 — exponential. Enumeration attacks face exponential cost. The parallelogram law |u+v|² + |u-v|² = 2|u|² + 2|v|² fails in hyperbolic space — BKZ cannot be ported. No known reduction from or to flat CVP exists.

§1

HWP — Noisy Word Problem in Γ

KEY SECURITY

Problem HWP: Given: generators {a, b} of Γ, target g ∈ PSL(2,ℝ) as matrix Given: noise n = short walk of length k ≪ L Find: walk sequence (s₁,...,sL) ∈ {a,a⁻¹,b,b⁻¹}^L Such: matrix_product(s₁·...·sL) · n = g Search space: 4^L possibilities, group relations reduce but noise couples recovery. Joint inversion: recovering noise and secret are coupled — neither is solvable without the other.

Key Generation

# Private key: walk of length L=512
secret = [choice([a,a_inv,b,b_inv])
          for _ in range(512)]

# Public key: matrix product in PSL(2,R)
# Single 2×2 matrix at mp.dps=150
public = matrix_product(secret)

# Noise applied: k=8 step random walk
noise = short_walk(k=8)
public_noisy = public @ noise

Why Quantum Fails Here

Shor's QFT works on abelian groups via 1D irreps. Γ is non-abelian with infinitely many higher-dimensional irreps. The coset state doesn't leak subgroup info via measurement — distinguishing exponentially many matrix-valued Fourier coefficients has no efficient quantum strategy. Non-abelian HSP is open.

PSL(2,R) Representation: Elements of Γ are 2×2 real matrices [[a,b],[c,d]] with ad-bc=1, computed at mp.dps=150. Each matrix entry is ~500 bits. Public key = 4 entries = ~2000 bits. Walk is stored as index sequence (2 bits/step × 512 = 1024 bits private key). Matrix exponentiation y^c via repeated squaring.

§2

HCVP — Hyperbolic Closest Vector Problem

ENCRYPTION SECURITY

Problem HCVP (GeodesicLWE): Parameters: Poincaré disk D, tessellation T={8,3}, noise σ Secret: s ∈ D (interior point — the plaintext-bound secret) Basis: {a₁,...,aₘ} = tessellation vertices (Supabase pseudoqubits — LOAD BEARING) Samples: bᵢ = dₕ(aᵢ, s) + eᵢ, eᵢ ~ HypGaussian(σ) ∩ C_hyp Problem: Given {(aᵢ, bᵢ)}, recover s. Hyperbolic metric: dₕ(z,w) = 2·arctanh(|z-w| / |1 - z̄w|) No flat analog: Parallelogram law fails → BKZ inapplicable. Exponential balls: vol(B_r) ~ e^(2r)/4 → enumeration exponential.

Encrypt

# s = secret point in D
# {aᵢ} = tessellation vertices from DB
samples = []
for a_i in pseudoqubit_vertices:
    d = hyp_metric(a_i, s)
    e_i = hyp_gaussian_sample(sigma)
    # e_i constrained to C_hyp (§3)
    samples.append(d + e_i)
ciphertext = samples  # + metadata

Decrypt

# Recover s via iterative geodesic search
# Use pseudoqubit basis as anchors
s_candidate = hyp_cvp_solve(
    basis=pseudoqubit_vertices,
    targets=ciphertext,
    decoder=hyp_belief_prop,  # §3
)
# Private key unlocks the LDPC structure
# needed for belief propagation
plaintext = extract(s_candidate)

The Pseudoqubit Geometry Is Now Load-Bearing

The Supabase pseudoqubits table coordinates are the basis {aᵢ} for HCVP. Without the tessellation vertices, there is no basis. Without the basis, there is no encryption. The geometry is not a seed diversifier — it IS the encryption lattice. This is the key structural change from the current hlwe_engine.py.

True Hyperbolic Gaussian — Replace tanh Correction

Current code applies tanh as an afterthought shrinking flat errors. The correct distribution is the heat kernel on H²:

pₜ(z,w) = (√2·e^(-t/4))/(4πt)^(3/2) · ∫_{dₕ(z,w)}^∞ r·e^(-r²/4t)/√(cosh r - cosh dₕ(z,w)) dr

Errors that look large in ℂ (Euclidean) are small in dₕ. An attacker in Euclidean coordinates sees large noise. An attacker who knows the hyperbolic structure sees small noise — but recovering the structure IS the hard problem.

§3

HLSD — Hyperbolic LDPC Syndrome Decoding

ERROR STRUCTURE SECURITY

The {8,3} tessellation defines a natural Tanner graph. This is not a coincidence — the tessellation geometry gives the code its hardness properties.

Tanner Graph Construction from {8,3}

Variable nodes: edges of the tessellation (each edge = one code bit)
Check nodes (degree-8): octagonal faces — enforce even parity on 8 edges
Check nodes (degree-3): triangle vertices — enforce even parity on 3 edges
Result: a (3,8)-regular LDPC code — naturally from the geometry

Why Hyperbolic LDPC Is Harder

Property	Flat LDPC	Hyperbolic LDPC
Min distance	d ~ √n	d ≥ αn (linear)
Girth	~6-8	≥ 2·log₃(n)
Expansion	weak	λ₂ < 1-ε explicit
ISD attack	feasible	exp. harder

ISD Attack Complexity

Information-set decoding (Stern/May-Meurer-Thomae) complexity for [n,k,d]: O(n²·2^(0.054n)). With linear distance d=αn, ISD success probability per iteration is binom(d,t)/binom(n,k) — exponentially smaller than polynomial-distance codes. Quantum ISD gives √ speedup but base complexity is already exponentially larger.

Compound Hardness: HCVP × HLSD Coupling

Error vectors eᵢ in GeodesicLWE (§2) are constrained to be low-weight codewords of the hyperbolic LDPC code. This couples the two problems:

Solving HCVP requires recovering e from b = {dₕ(aᵢ,s) + eᵢ}
But e ∈ C_hyp — this is a syndrome decoding instance of HLSD
HLSD cannot be solved without knowing s (needed to isolate e)
HCVP cannot be solved without knowing e (noise must be removed)

Neither subproblem is solvable without solving the other. An attacker must break both simultaneously.

Quantum LDPC Bonus — Topological Protection

The {8,3} tessellation supports quantum LDPC codes (Breuckmann-Terhal hyperbolic surface codes) encoding k=Ω(n) logical qubits with distance d=Ω(n) — impossible in flat toric codes where k·d²≤n. If decryption is implemented as a quantum error-correction circuit on these codes, the decryption is topologically protected by the same geometry that provides cryptographic hardness. Unique property — no flat-space analog.

§4

Schnorr-Γ — Signatures over PSL(2,R)

SIGNING · REPLACES HMAC

⚠ Current hlwe_engine.py signing is broken

HMAC-based signing derives signing_key from private key but verifier derives it from public key — universally forgeable by anyone with the public key. Schnorr-Γ replaces this entirely. Security reduces to HWP (§1), not HMAC security.

Protocol Schnorr-Γ (Fiat-Shamir, non-interactive): SETUP: G = PSL(2,ℝ) at mp.dps=150; generators {a,b} of Γ; walk length L=512 KEYGEN: s = random walk of L steps → private key (512 × 2-bit index sequence) y = matrix_product(s) → public key (one PSL(2,ℝ) element, ~2000 bits) SIGN(m): r = random walk of L steps → nonce (fresh per signature) R = matrix_product(r) → commitment c = H(serialize(R) ‖ m) mod 2^256 [Fiat-Shamir challenge] Z = matrix_product(r) @ matrix_pow(y, c) → response (PSL(2,ℝ) element) signature = (R, Z, c) VERIFY: R' = Z @ matrix_pow(y, -c) c' = H(serialize(R') ‖ m) mod 2^256 VALID iff c' == c AND det(R')=1 AND |entries| < overflow_bound

Security Properties

EUF-CMA: forgery requires finding (R,Z) s.t. Z = R·y^c — solving HWP
HVZK: simulator picks c first, random Z, sets R = Z·y^{-c} — indistinguishable if HWP holds
Tight in QROM: Fiat-Shamir gives tight reduction under quantum-accessible RO
No nonce reuse risk: nonce r is a fresh random walk, not integer — no RFC6979 equivalent needed

Signature Sizes

Component	Size
Public key y	~2000 bits (4 × mp.dps=150 floats)
Commitment R	~2000 bits
Response Z	~2000 bits
Challenge c	256 bits
Total signature	~4256 bits (~532 bytes)

Acceptable for QTCL block headers. Can compress with canonical serialization.

Matrix Exponentiation y^c

matrix_pow(M, c) via repeated squaring in PSL(2,R) at mp.dps=150. For c up to 256 bits this is at most 256 matrix multiplications — fast. Each multiplication: 8 mpmath multiplications + 4 additions at 150 dps. At ~1ms/multiply: ~256ms/signature. Acceptable for QTCL block submission rates.

§5

Canonical Parameters

FIXED · DO NOT DEVIATE

Group & Geometry

# Fuchsian group presentation
Γ = ⟨a,b | a⁸=b³=(ab)²=1⟩
generators = [a, a_inv, b, b_inv]  # 4 choices

# PSL(2,R) matrix representation
# a, b as explicit 2×2 matrices
# computed from tessellation geometry
mp.dps = 150   # FIXED — do not reduce

# Tessellation
TESSELLATION  = "{8,3}"
RINGS_DEPTH   = 8     # ~2000 tiles
N_EDGES       = ~4000 # LDPC code length n

Cryptographic Parameters

# Key generation
WALK_LENGTH   = 512   # L — security param
NOISE_STEPS   = 8     # k — noise walk length

# GeodesicLWE
N_SAMPLES     = 512   # m — number of basis samples
SIGMA         = 0.05  # hyperbolic noise std dev

# LDPC code
CODE_RATE     = 0.5   # R = k/n
ERROR_WEIGHT  = 200   # t = αn/2

# Security estimate
# Classical: ~256 bits
# Quantum:   ~180 bits (estimated)

Generator Matrices for {8,3} Fuchsian Group

Computed once at startup from the hyperbolic rotation angle θ = 2π/8 = π/4 and the triangle vertex angle φ = 2π/3. The fundamental domain has angles summing to π/8 + π/8 + π/3 < π/2 confirming negative curvature. Explicit matrices:

a = [[cos(π/8), sin(π/8)·r], b = [[cos(π/3), sin(π/3)·s], [sin(π/8)/r, cos(π/8) ]] [sin(π/3)/s, cos(π/3) ]] where r, s are computed from the {8,3} Schläfli symbol: cosh(edge_length) = cos(π/8)·cos(π/3) / sin(π/8)·sin(π/3)

These are computed using mpmath at 150 dps. The exact values are the geometric foundation of every component. Stored in hyp_group.py:GENERATORS.

§6

Module Architecture

CODE STRUCTURE

hyp_group.py

PSL(2,R) arithmetic. Generator matrices a, b. Matrix multiply, pow, inverse, serialize. Walk generation and evaluation. Group element validation (det=1 check).

deps: mpmath only

hyp_tessellation.py

{8,3} tiling. Vertex/edge/face enumeration to depth 8. Geodesic distance dₕ. Supabase pseudoqubit coordinate loading (now semantically correct — these ARE the basis). Tanner graph construction.

deps: hyp_group, mpmath, supabase REST

hyp_ldpc.py

Tanner graph from tessellation. Generator matrix G (systematic). Belief propagation decoder (hyperbolic metric-aware). Low-weight codeword sampler for error vectors. Syndrome computation.

deps: hyp_tessellation

hyp_lwe.py

GeodesicLWE keygen (secret point s ∈ D). Encrypt (sample dₕ distances + LDPC-constrained noise). Decrypt (iterative geodesic search + belief prop). HCVP solver (private-key assisted).

deps: hyp_tessellation, hyp_ldpc, hyp_group

hyp_schnorr.py

Schnorr-Γ keygen, sign, verify over PSL(2,R). Fiat-Shamir transform. Matrix pow via repeated squaring. Canonical serialization for hashing. HVZK simulator (for testing).

deps: hyp_group, hashlib

hyp_engine.py

Unified API. Drop-in replacement for hlwe_engine.py. Exposes: generate_keypair, sign_hash, verify_signature, verify_block, derive_address, encrypt, decrypt. Maintains backward-compatible dict interface.

deps: all hyp_* modules

Dependency Flow

hyp_group

→

hyp_tessellation

→

hyp_ldpc

→

hyp_lwe

→

hyp_engine

hyp_group

→

hyp_schnorr

→

hyp_engine

Every module imports from hyp_group.py and/or hyp_tessellation.py. The geometry is the root of the entire tree.

§7

Public API — hyp_engine.py

BACKWARD COMPATIBLE

from hyp_engine import HypGammaEngine

engine = HypGammaEngine()   # loads tessellation, generators, LDPC code at startup

# ── Key generation ─────────────────────────────────────────────
keypair = engine.generate_keypair()
# → HypKeyPair(
#     private_key: str  # hex-encoded walk index sequence (1024 bits)
#     public_key:  str  # hex-encoded PSL(2,R) matrix (2000 bits)
#     address:     str  # SHA3-256(SHA3-256(pub_bytes)).hex() — unchanged
# )

# ── Signing ────────────────────────────────────────────────────
sig = engine.sign_hash(message_hash: bytes, private_key: str)
# → {'signature': hex(R‖Z), 'challenge': hex(c), 'timestamp': iso}
# NOTE: 'auth_tag' field kept for backward compat, contains hex(c)

# ── Verification ───────────────────────────────────────────────
valid = engine.verify_signature(message_hash: bytes, sig: dict, public_key: str)
# → bool  — recomputes c' from R, checks c'==c
# PUBLIC KEY IS USED FOR VERIFICATION CORRECTLY (Schnorr verify)

# ── Block sign/verify (unchanged interface) ────────────────────
sig  = engine.sign_block(block_dict: dict, private_key: str)
ok, msg = engine.verify_block(block_dict: dict, sig: dict, public_key: str)

# ── Address derivation (unchanged) ────────────────────────────
addr = engine.derive_address(public_key: str)  # SHA3-256² as before

Migration from hlwe_engine.py: All existing call sites in server.py, oracle.py, mempool.py, blockchain_entropy_mining.py use the same function signatures. Replace from hlwe_engine import ... with from hyp_engine import .... The dict keys in signature outputs are preserved. Existing wallets need key regeneration (new scheme) but address format is unchanged.

§8

Security Analysis — Attack Table

THREAT MODEL

Attack	Target	Classical	Quantum	Status
BKZ lattice reduction	HCVP	Inapplicable — parallelogram law fails	No hyperbolic analog known	✓ Blocked
Information-set decoding	HLSD	Exp. harder (linear distance)	Quantum ISD still exponential	✓ Blocked
Quantum Fourier / Shor	HWP / signing	N/A	Non-abelian HSP — open problem	✓ Blocked
HMAC forgery (public key)	Old signing	Trivial — public key derivable	Trivial	⚠ Fixed by Schnorr-Γ
Entropy collapse attack	Error vector	Requires observable block entropy	Same	⚠ Mitigated by LDPC constraint
Meet-in-the-middle (walk)	HWP	~2^(L·H_Γ/2) — ~2^384	~2^192 (Grover)	✓ Acceptable
Geodesic enumeration	HCVP	Exp. in hyperbolic radius	No speedup known	✓ Blocked

§9

Instructions to Proceeding Claude Instance

READ THIS FIRST

Build Order — Strict

Build in this exact sequence. Each module must pass its own test suite before the next begins. Do not collapse modules.

hyp_group.py — PSL(2,R) arithmetic + generator matrices for {8,3}
hyp_tessellation.py — tiling to depth 8, dₕ metric, Supabase integration
hyp_ldpc.py — Tanner graph, (3,8)-regular, belief propagation decoder
hyp_schnorr.py — Schnorr-Γ sign/verify, Fiat-Shamir, HVZK test
hyp_lwe.py — GeodesicLWE keygen, encrypt, decrypt with LDPC error coupling
hyp_engine.py — unified API, backward-compat wrapper, full integration test

Critical Implementation Rules

mp.dps=150 throughout — never reduce
All PSL(2,R) ops: verify det=1 after every multiply
Generator matrices: compute from Schläfli angles, not hardcoded
Schnorr nonce: fresh random walk, never integer, never HMAC-derived
Error vectors: must pass LDPC syndrome check before use
Supabase coords: load at startup, cache thread-safely (existing pattern ok)
Address derivation: SHA3-256² unchanged — existing addresses valid

Do Not

Do not derive signing_key from public key at verify time
Do not use flat Gaussian for errors — use heat kernel or LDPC-sampled
Do not reduce mp.dps for performance — use caching instead
Do not port BKZ or flat lattice algorithms — they are inapplicable
Do not store the walk as matrices — store as index sequence
Do not make the tessellation optional or fallback-able
Do not use HMAC as the signature binding — Schnorr only

Testing Requirements Per Module

# hyp_group: 
assert det(a) == 1;  assert a**8 == I;  assert b**3 == I;  assert (a@b)**2 == I

# hyp_tessellation:
assert dh(z, z) == 0;  assert dh(z,w) == dh(w,z);  assert triangle_inequality

# hyp_ldpc:
assert H @ G.T == 0 (mod 2);  assert min_distance >= alpha*n;  assert BP_decodes(codeword + t_errors)

# hyp_schnorr:
assert verify(sign(m, sk), m, pk) == True   # correctness
assert verify(sign(m, sk), m2, pk) == False  # binding
assert verify(forge(m, pk), m, pk) == False  # unforgeability
# HVZK: simulate 1000 transcripts, check indistinguishable from real

# hyp_lwe:
assert decrypt(encrypt(s, basis, sigma), sk) == s   # correctness
assert error_vector in C_hyp                          # LDPC constraint

# hyp_engine:
# Full round-trip: keygen → sign block → verify block
# Backward compat: same dict keys as hlwe_engine.py