Davis Geometric — GIGI Encrypt

01 — The Math

What gauge invariance means.

Encryption, in GIGI's formulation, is a change of coordinates on the fiber. The stored payload is the plaintext acted on by a private group element — the GaugeKey. Any geometric quantity that is invariant under coordinate change is invariant under encryption. Curvature, holonomy, Betti numbers, spectral gap, confidence — all unchanged. And the equality query, expressed geometrically as a point coincidence check, inherits the constant-time property from the structure of the lookup itself.

Encryption as Gauge Transform

$$\mathrm{Enc}_g(\sigma)(p) \;=\; \bigl(p,\; \rho_g\!\left(\sigma(p)\right)\bigr)$$

A section σ of the bundle assigns a fiber value σ(p) to each base point p. Encryption leaves the base point p untouched and acts only on the fiber value via the structure-group representation ρ_g. For numeric fiber, ρ_g(v) = a·v + b (affine, det=a); for grouped numeric, ρ_g(v) = O·v + b with O ∈ O(k) (orthogonal, isometric); for TEXT/CATEGORICAL/BINARY, ρ_g is a keyed PRF (indexed mode) or AEAD (opaque mode). The base-space hash G is unchanged in every mode — that is the fact the O(1) equality claim rides on.

Symbol Breakdown

σa section — the assignment of fiber value to each base point (a record, in database terms)

pbase point — the primary-key hash image in ℤ₂⁶⁴; untouched by encryption

ρ_gstructure-group action on the fiber — affine, orthogonal, or PRF/AEAD depending on field type

gGaugeKey — the private group element held by the caller (a 32-byte seed that parameterizes ρ_g)

Gstructure group — Aff(ℝ) for numeric, O(k) for grouped numeric, Sym(F) × AEAD for text/binary

In Plain English

Think of it as a secret rotation applied to every stored value. Without the rotation key, the ciphertext looks like random gibberish that still has the same shape as the original — same distances, same curves, same relationships. With the key, you can un-rotate and see the plaintext. The engine never un-rotates; it operates on the rotated values directly, and because the rotation preserves shape, every geometric question returns the same answer.

Connects To

C = τ / KThe Davis Law

Capacity C is a ratio of gauge-invariant quantities — tolerance τ and curvature K are both coordinate-free. Because gauge transforms preserve both, they preserve C. Encryption, being a gauge transform, cannot alter any GIGI measurement that depends on C. This is why GIGI's curvature, confidence, and capacity queries return identical values on plaintext and encrypted bundles.

Equality in Constant Time

$$\mathrm{Eq}(x, y) \;=\; \mathbf{1}\!\bigl[\mathrm{Enc}_g(x) = \mathrm{Enc}_g(y)\bigr] \qquad T[\mathrm{Eq}] = O(1)$$

Equality between two encrypted values resolves in constant time because the engine never walks the bytes. The submitted value is projected to its point on the fiber; the stored value's point is already indexed. Coincidence is a single hashed lookup.

Symbol Breakdown

Eqequality predicate — returns 1 if x equals y, 0 otherwise

1[·]indicator function — the boolean result as a number

T[Eq]time to evaluate Eq — independent of x and y

O(1)constant time — same number of cycles every call

In Plain English

Two keys are equal if they land on the same point. Asking "are these two points the same point?" takes one lookup, always, no matter what the points are. There is no loop that can exit early. There is no sequence of comparisons whose length depends on the input. The duration of the question is decoupled from the content of the question, and that is exactly what a timing-side-channel attacker cannot exploit.

Connects To

S + d² = 1The Davis Identity

Sameness (S) and squared deviation (d²) always sum to unity. When two encrypted values are equal, d² = 0 and S = 1; when they're not, d² = 1 and S = 0. The identity collapses to a binary in this case, and the collapse is the single-lookup equality. No intermediate comparison exists to be measured.

02 — The Demo

Point the query. Watch the time.

The stored key lives as a section on a bundle with an ENCRYPTED fiber. Try each test submission against it. The round-trip time stays flat — whether the submission matches exactly, almost matches, or is pure noise. The distribution below proves it across 500 comparisons.

Submitted Key

GQL Statement

Engine Response

Awaiting Comparison

Round-trip —

Engine confidence —

Scalar curvature K —

Storage mode Hashed · Encrypted Fiber

Bytes decrypted 0

Comparison algorithm O(1) · point-equality

Why timing is flat

There is no byte-wise loop to short-circuit. The submitted key is projected to a point on the fiber bundle; equality is a single lookup against the stored point's location. Duration depends on neither key content nor how many leading bytes agree.

Mean

—

Std Deviation

—

Range

—

Leaks Key Bits?

—

A tight peak. Input content cannot be distinguished from timing alone.

Try It Live · SQL on Ciphertext

Encrypt the data. Compute on ciphertext. Decrypt only the answer.

Pick a dataset. Set a secret gauge (a, b). Run an aggregate query. The server sees only the encrypted column. The aggregate is computed directly on ciphertext at native speed. The client applies ρ^-1 to a single number to recover the result. The recovered value matches the plaintext aggregate exactly.

Dataset

Aggregate query

Secret gauge — a (scale) a = 2.5

Secret gauge — b (shift) b = 13

PLAINTEXT — client only

ENCRYPT — ρ(v) = a·v + b

CIPHERTEXT — server stored

SERVER — computes on ciphertext

—

→

CLIENT — applies ρ^-1 once

—

Plaintext aggregate (direct check, client-only): —

Server stored 0 bytes of plaintext. The aggregate ran directly on ciphertext at native engine speed. The client decrypted exactly one number — the answer. The gauge key (a, b) never left the client. Switch aggregates: COUNT is fully gauge-invariant (no decrypt needed); SUM / AVG / MIN / MAX / VAR / STDDEV each have a different closed-form ρ^-1. Theorem 3.1 of the paper proves these are exactly the ciphertext-computable aggregates.

03 — The Geometry

Two bundles. Same invariants. Different coordinates.

The four numbers at the bottom of each panel are identical — that is the demonstration, not a bug. The shape deforms under a gauge transform on the fiber (encryption) and the sample coordinates listed below each panel do differ point-by-point. But scalar curvature, holonomy, confidence, and β₁ are invariants of the manifold, not properties of any particular coordinate chart, so they read identically on both sides. Press Animate gauge transform to sweep the gauge parameter θ through a full cycle: per-section coordinates move, the four invariants stay pinned.

Bundle · Plaintext

60 sections · gold connection

Manifold invariants — locked

CURVATURE K0.0347

HOLONOMY0.2183

CONFIDENCE0.9665

BETTI β₁1

Sample sections — coordinates (x, y)

section 07—

section 23—

section 41—

Gauge Transform

θ = 0.00

Bundle · Encrypted

60 sections · GaugeKey applied

Manifold invariants — locked

CURVATURE K0.0347

HOLONOMY0.2183

CONFIDENCE0.9665

BETTI β₁1

Sample sections — coordinates (x, y)

section 07—

section 23—

section 41—

✓ All geometric measurements equal across the transform

04 — The Full Surface

Every field type. Every invariant. Forward secrecy.

GIGI Encrypt is the full packaging of gauge-invariant encryption as a first-class product surface. Some primitives—affine numeric encryption, the base-hashed O(1) lookup, curvature and spectral-gap invariance—have lived inside GIGI since 0.5.0 as engine building blocks. What's new is the full cryptographic suite built on top: every fiber type encrypted, every gauge-invariant query directly callable, equality structurally constant-time, dual-seed forward-secret key rotation, and a randomized numeric mode that still answers equality queries via the Davis Identity. Every claim below is a theorem with a passing math test in encryption_strong_claims_validation.py (34/34 tests pass across two suites).

Validation to date is mathematical: the stated invariances, equivariances, algebraic identities, and structural timing properties are verified by the test suite — 998+ Rust engine tests, 29 v0.4 integration tests across Sprints N–Q (12 N + 6 O + 6 P + 5 Q), 68+ Python math-oracle tests across three suites (v0.3 + FHE/PQ rigor + v0.4 verification oracle) (including the FHE / PQ parity rigor oracle that proves the order-statistic Probabilistic-bias caveat), and 25 live e2e tests against gigi-stream.fly.dev. The pairing delegation security argument reduces to BDH on BLS12-381; the formal theorem statement and complete reduction live in paper §6. The v0.4 invariant consistency verifier (src/invariant_verify.rs) is deterministic verification, not zero knowledge — the formal Sigma protocol target is documented in the v0.4 spec as open work. The v0.4 credential primitive is HMAC-SHA256-bound today with a typed domain separator; full Camenisch–Lysyanskaya unlinkability via BBS+ signatures is the v0.5 upgrade path. A formal cryptographic review by independent parties — including oscilloscope-resolution side-channel measurement and adversarial-model validation against the per-mode leakage profiles — remains a planned deliverable and has not yet occurred. Production deployments should pair GIGI Encrypt with standard security-auditing practice.

As of 2026-05-01, the chat-state KV bundle that powers Just Gigi on this very domain is running on GIGI Encrypt: OPAQUE on the message-payload field (AEAD, IND-CPA, tamper-detected), with the 32-byte master seed sourced from a Fly secret via WITH ENCRYPTION SEED FROM ENV. The chat works exactly as before from the customer-facing side — encryption is invisible to the API surface — while the on-disk fiber bytes are now AEAD ciphertext that is unrecoverable without the secret. We're our own first customer; we eat what we cook. Operator-facing reference: GIGI_API.md § Encryption and GQL_REFERENCE.md § Encryption.

Fiber-type coverage — PRF and AEAD on TEXT, CATEGORICAL, BINARY

$$\rho_g^{\text{text}}(v) \;=\; \begin{cases} \mathrm{PRF}_k(v) & \text{INDEXED} \\ \mathrm{AEAD}_k(v,\,n) & \text{OPAQUE} \end{cases}$$

INDEXED → deterministic, equality-queryable · OPAQUE → probabilistic, IND-CPA

PRF (Pseudo-Random Function) is a keyed hash that is deterministic on a given key—equal inputs yield equal outputs, so the categorical bitmap index is preserved and equality remains O(1). AEAD (Authenticated Encryption with Associated Data) is a randomized cipher with a per-record nonce that produces a distinct ciphertext every time—no two stored ciphertexts match even for identical plaintext, and any tamper is detected at decrypt time. IND-CPA (indistinguishability under chosen-plaintext attack) is the textbook security definition: an attacker given two plaintexts and one ciphertext cannot guess which plaintext it came from better than random.

Structural constant-time equality — no byte loop exists

$$\begin{aligned}\mathrm{Eq}(k_{\text{in}},\; p_{\text{stored}}) \;&=\; \mathbf{1}\!\bigl[\,G(k_{\text{in}}) \;=\; p_{\text{stored}}\,\bigr] \\ &\text{one \texttt{cmp} instruction}\end{aligned}$$

Equality projects the submitted value through the base-space hash G to a u64 base point and compares it to the stored base point. That comparison is a single x86_64 cmp instruction—not a loop over bytes. Libraries like subtle::ConstantTimeEq offer "no content-dependent branching inside a byte loop." GIGI offers "there is no byte loop." This is strictly stronger: a compiler cannot accidentally reintroduce a short-circuit that does not exist. Fiber bytes are never read on the equality path; instrumentation confirms zero fiber-byte reads on misses. (The hash G itself processes a fixed canonical length per column, so its timing depends on schema, not content.)

Statistical unlinkability with queryable equality — Davis Identity

$$\begin{aligned}\mathrm{Enc}_g^{\text{prob}}(v) \;&=\; av + b + \varepsilon \\ \varepsilon \;&\sim\; \mathcal{N}(0,\sigma^2) \\ \mathrm{Eq}(w_1,w_2) \;&=\; \mathbf{1}\!\bigl[\,d^2(w_1,w_2) \le (3\sigma)^2\,\bigr]\end{aligned}$$

Probabilistic numeric encryption adds Gaussian noise of width σ (a fraction of the field range, schema-declared). The Davis Identity S + d² = 1 (Davis 2025, Davis Geometric Research) says that sameness and squared deviation sum to unity, so equality is itself a distance check. Setting the neighborhood threshold to (3σ)² yields 96.6% recall on exact-match lookups (N = 20,000) with a sharp decay thereafter; applications needing tighter precision widen the effective separation (at 5σ, FPR drops to 7.6%) or narrow the bucketing width. Lookup stays O(1) by bucketing plaintext at σ-resolution before hashing. Result: statistical unlinkability — two encryptions of the same plaintext differ and an adversary with a chosen-plaintext oracle measures an empirical distinguisher advantage bounded by the chosen σ — combined with O(1) equality queries. We use "statistical unlinkability" rather than "IND-CPA" deliberately: the scheme does not rest on a standard asymptotic hardness reduction, and its guarantees scale with the schema-declared σ rather than with a cryptographic security parameter. Mainstream crypto treats randomization and queryability as exclusive; the Davis Identity makes them the same operation.

Holonomy and Betti invariance under the full affine gauge

$$\begin{aligned}\Gamma_i \;&:=\; \frac{v_{i+1} - v_i}{\mathrm{range}(v)} \\ \oint \Gamma \;&\text{ is gauge-invariant} \\ &\text{under } v \mapsto av + b\end{aligned}$$

The connection 1-form Γ is the rule for parallel-transporting a fiber value along the base space—physically, the instruction for how a vector rotates as you walk around the manifold. Holonomy is the net rotation after a closed loop. A connection is covariant when it transforms in lockstep with the fiber metric so that loop integrals are coordinate-free. GIGI's connection is normalized by the field range, and under v→av+b the range co-transforms to |a|·range, leaving Γ invariant up to sign. Holonomy magnitude (and eigenvalue spectrum, for multi-dimensional fiber) is therefore preserved under the full affine gauge—not just orthogonal transforms. Betti numbers β_k count k-dimensional holes in a space. By the Leray decomposition for trivial bundles, β_k(E) = Σ β_i(B)·β_j(F^G), and since encryption leaves both the base B and the G-invariant fiber subspace F^G untouched, full-bundle β_k is preserved.

Forward-secret key rotation — dual seed plus RG flow

$$\begin{aligned}\texttt{GAUGE secrets } &\texttt{ROTATE\_KEY} \\ &\texttt{FORWARD\_SECRET} \\ (s,\, g) \;&\mapsto\; (s',\, g') \\ \Phi_{\mathrm{RG}}&(\text{pre-snapshot})\end{aligned}$$

Forward secrecy is the property that a future key compromise cannot reveal past plaintext. GIGI achieves a differential form of forward secrecy at rest: fine-resolution plaintext below bin width w is thermodynamically erased, while aggregates at resolution w or coarser remain queryable by design. This differs from message-level forward secrecy (Signal, TLS 1.3) where all past plaintext is irrecoverable; "erase individuals, keep aggregates" is a feature for GDPR-ready data-protection postures, not a bug. Mechanism: rotate both seeds at once—the base-space hash seed s (which controls the map from keys to base points) and the GaugeKey seed g (which controls ρ_g)—and pass the pre-rotation snapshot through one step of RG flow (renormalization-group coarse-graining; ΔS ≥ 0 by the second law). After rotation, an attacker with (s', g') cannot reconstruct old base points, cannot decrypt backed-up ciphertext, and cannot refine RG-coarsened aggregates below w. The rotation is atomic through the write-ahead log.

Zero-decryption analytics via the invariant ring

$$\begin{aligned}\texttt{PROJECT INVARIANT (} &\texttt{curvature, confidence,} \\ &\texttt{capacity(}\tau\texttt{), spectral\_gap,} \\ &\texttt{beta\_0, beta\_1, holonomy\_avg)}\end{aligned}$$

The gauge-invariant operations — curvature K, confidence 1/(1+K), capacity C = τ/K (Davis Law), spectral gap λ₁, base-only holonomy proxy, Betti numbers β₀ / β₁ — form an invariant ring closed under pointwise addition and multiplication. Any query composed from these primitives can be evaluated directly on ciphertext. PROJECT INVARIANT is the query form that never decrypts. For any analytics workload expressible in the invariant ring, the number of bytes decrypted is exactly zero. (Čech H¹ is on the Band 2 horizon — the math is in place but a base-only sheaf computation that maintains the no-decrypt guarantee hasn't shipped yet.) Raw-row projection PROJECT (label, tier) still exists and decrypts only the matched rows — but the headline "zero plaintext materialized" attaches structurally to the analytics surface, not to a discipline the operator must remember to follow.

05 — The Feature Matrix

Every feature. Every mechanism. Every number.

Before the math drill-downs: a one-glance translation from the primitives your stack already knows to the GIGI capability that answers the same need. Then 13 shipping features with click-to-expand math, mechanism, and real numerical evidence.

If you need

Constant-time equality
(subtle::ConstantTimeEq)

→ GIGI answer

Base-hash projection. Equality is a single u64 cmp through a HashMap probe. No byte loop exists for a compiler to re-introduce a short-circuit. Strictly stronger than loop-body discipline.

If you need

AEAD with integrity
(AES-GCM-SIV, RFC 8452)

→ GIGI answer

OPAQUE text/binary mode. Per-record nonce, authenticated, tamper-detected on decrypt. Direct AES-GCM-SIV instantiation on payloads where no indexed access is needed.

If you need

Deterministic encryption for indexed lookup
(AES-SIV, RFC 5297)

→ GIGI answer

INDEXED PRF mode. Keyed deterministic hash (AES-256-CMAC / keyed SipHash). Same plaintext → same ciphertext, so the categorical bitmap index & O(1) equality survive.

If you need

Randomized encryption and queryable equality
(mainstream says: pick one)

→ GIGI answer

PROBABILISTIC mode + Davis Identity. S + d² = 1 makes equality a distance check. Two encryptions of the same value differ (statistical unlinkability at schema-declared σ); equality still resolves in a HashMap probe.

If you need

Forward secrecy on stored data
(Signal double-ratchet style)

→ GIGI answer

Dual-seed rotation + RG flow. GAUGE ROTATE_KEY FORWARD_SECRET: rotate base-hash seed s and GaugeKey g, coarse-grain the pre-rotation snapshot. Post-compromise recovery: 0.00%.

If you need

Analytics on encrypted data
(FHE territory — CKKS, BGV)

→ GIGI answer

Invariant-ring projection. PROJECT INVARIANT (...) evaluates curvature, confidence, capacity(τ), spectral gap, β₀, β₁, holonomy_avg on ciphertext with 0 bytes decrypted (per-thread instrumented counter assertion). Tighter and faster than FHE for geometric workloads.

If you need

Tamper-evident integrity
(HMAC / GCM tag)

→ GIGI answer

Per-write invariant verification. Every write recomputes K, C, λ₁; drift outside tolerance fails the write. Bundle-level curvature-MAC (on the horizon) signs these invariants directly.

If you need

Key rotation without downtime
(envelope rekey at rest)

→ GIGI answer

Aff(ℝ) closure. Rekey is a single affine transform on ciphertext (a₂/a₁, b₂−b₁·a₂/a₁). Streaming pass over storage; 0 bytes of plaintext materialized.

If you need

Post-quantum upgrade path
(Kyber / ML-KEM eventually)

→ GIGI answer

Structure-group swap, modules untouched. Invariant ring depends only on the bundle, not on ρ_g. Swap Aff(ℝ) for an LWE lattice-fiber gauge; curvature, spectral, sheaf layers untouched. Upgrade, not rewrite.

The full matrix below gives the math, the mechanism, and the captured numerical evidence for each primitive. Every row has a passing test in the math validation suite (34/34 across two Python suites on N = 10,000 curvature samples and N = 20,000 Davis-Identity trials), a passing Rust regression test in the gigi engine (667 lib + 50 binary tests), and a passing live e2e check against gigi-stream.fly.dev (25 e2e checks).

Shipping in GIGI Encrypt the full suite, at product launch

Curvature invariance K(enc) = K(plain) — (GIGI-native) ›

Math

$$\begin{aligned}K \;&=\; \frac{\mathrm{Var}(v)}{\mathrm{range}(v)^2} \\ \mathrm{Enc}_g: v &\mapsto av + b \\ \Longrightarrow\quad \mathrm{Var}(av+b) &= a^2\mathrm{Var}(v) \\ \mathrm{range}^2 &\to a^2 \mathrm{range}^2 \\ \Longrightarrow\quad K \;&\text{invariant}\end{aligned}$$

Mechanism

Scalar curvature K is a ratio of second-moment quantities. The affine gauge scales both numerator and denominator by a², and a² cancels. No correction is needed; the invariance is algebraic.

In plain English

How "bumpy" the data is doesn't change if you stretch all the values by the same factor. Stretching inflates variance and range the same way, and curvature is their ratio.

Evidence — from live run, N = 10,000 samples, 36 gauge combinations

max |K(enc) − K(plain)|1.39 × 10⁻¹⁷

mean |K(enc) − K(plain)|3.47 × 10⁻¹⁸

machine epsilon (float64)2.22 × 10⁻¹⁶

gauges tested (a, b)a ∈ {0.1, 0.5, 2.0, −3.0, 10, 100} × b ∈ [−1000, 1000]

Below machine epsilon → invariance is exact. Math: E_ZeroBytesDecrypted::test_curvature_on_ciphertext_equals_curvature_on_plaintext. Engine: geo_enc_2_curvature_invariant, geo_enc_3_confidence_invariant, geo_enc_11_batch_curvature_invariant in gigi/src/bundle.rs; test_project_invariant_works_on_encrypted_bundle in gigi/src/invariant.rs. Live: POST /v1/gql {"query": "PROJECT INVARIANT (curvature) FROM b"}.

Davis Law capacity invariance C = τ/K — (GIGI-native) ›

Math

$$\begin{aligned}C \;&=\; \frac{\tau}{K} \\ \tau,\,K \;&\text{both gauge-invariant} \\ \Longrightarrow\; C \;&\text{invariant}\end{aligned}$$

Mechanism

Tolerance τ (a scalar threshold) and curvature K (ratio of invariants) are both coordinate-free. Their quotient C is the engine's capacity measure — rows, queries, consistency budget — and inherits the invariance.

In plain English

If the "bumpiness" K doesn't change under encryption, and the tolerance budget τ is a pure number, then the capacity C you can serve out of that bundle doesn't change either. Encrypted bundles are just as queryable as plaintext bundles.

Evidence — N = 10,000 samples, 12 gauge combinations

max |C(enc) − C(plain)|2.22 × 10⁻¹⁶

τ (test value)0.1

machine epsilon (float64)2.22 × 10⁻¹⁶

Exact at machine precision. Math: DavisLawInvariantChain::test_davis_law_invariant_under_full_affine. Engine: callable from GQL as PROJECT INVARIANT (capacity(tau)) FROM b; pinned by test_project_invariant_capacity_davis_law + test_project_invariant_capacity_invariant_under_encryption in gigi/src/invariant.rs. capacity is part of the no-decrypt invariant ring — computing it on an encrypted bundle triggers zero decrypt calls.

Spectral-gap invariance λ₁(enc) = λ₁(plain) — (GIGI-native) ›

Math

$$\begin{aligned}\lambda_1\bigl(\mathrm{Laplacian}(\mathrm{Bitmap}(v))\bigr) \;&=\; \\ \lambda_1\bigl(\mathrm{Laplacian}(\mathrm{Bitmap}(\mathrm{Enc}_g(v)))\bigr)&\end{aligned}$$

Mechanism

The categorical bitmap is built over hash-equivalence classes of stored values. A deterministic transform (PRF or affine) preserves the equivalence relation, so the bitmap's structure — and its Laplacian spectrum — is unchanged.

In plain English

The connectedness of your data (the "how separable are the groups" number) depends on which values match which, not on what the matching values look like. Encryption relabels; it doesn't regroup.

Evidence

invariance typestructural — by construction

existing GIGI testgeo_enc_4 in bundle.rs

Passes in the GIGI Rust suite today. Preserved through the PRF-on-TEXT upgrade (deterministic PRFs are equivalence-preserving by definition).

Affine numeric encryption ρ_g(v) = av + b — (GIGI-native) ›

Math

$$\begin{aligned}\rho_g(v) &= a \cdot v + b \\ (a, b) &= \mathrm{KDF}_{\mathrm{wyhash}}(\text{GaugeKey},\; \text{field\_name}) \\ a &\in [0.1,\,10],\quad b \in [-1000,\,1000]\end{aligned}$$

Mechanism

The GaugeKey is a 32-byte seed. A wyhash-based key-derivation function produces (scale, offset) per (key, field) pair. Decryption is (w − b) / a, exact up to float64 round-trip. Deterministic: same plaintext → same ciphertext (feature, for indexed equality).

In plain English

Stretch and shift every numeric value by a secret amount unique to this field and this key. Unstretch with the key. The "shape" of the data stays the same under that transform, which is exactly what makes the invariants above work.

Evidence — round-trip accuracy, 10,000 samples

round-trip error bound< 10⁻⁶

distinct gauges tested36 (a,b) pairs

GIGI Rust testgeo_enc_1

This is the structure group Aff(ℝ) on numeric fiber — the foundation every other numeric feat stands on.

Deterministic PRF on TEXT / CATEGORICAL — high-cardinality only O(1) equality on encrypted text AES-SIV (RFC 5297) ›

Math

$$\begin{aligned}\rho_g^{\text{text,indexed}}(v) &= \mathrm{PRF}_k(v) \\ v_1 = v_2 \;&\Leftrightarrow\; \mathrm{PRF}_k(v_1) = \mathrm{PRF}_k(v_2)\end{aligned}$$

Mechanism

A Pseudo-Random Function (keyed hash, AES-256-CMAC or keyed SipHash-2-4) maps plaintext text to a fixed-length ciphertext deterministically under the key. Equal inputs → equal outputs, so the categorical bitmap index built over GIGI's equivalence classes is preserved verbatim.

In plain English

A secret-keyed one-way hash: you can't invert it without the key, but identical inputs always produce identical outputs. Equality queries still work; nothing else does.

Evidence — reference impl, 10,000 text round-trips

round-trip correctness100%

equality preserved100%

ciphertext uniqueness (distinct plaintexts)100%

Frequency-leakage caveat: INDEXED is deterministic encryption. Same plaintext → same ciphertext means an adversary with population statistics can map ciphertexts to plaintexts by frequency alone, without breaking the PRF. INDEXED is therefore intended for high-cardinality columns (UUIDs, row keys, 64-bit IDs) where frequency analysis yields no useful signal. Low-cardinality categoricals (gender, zip, diagnosis code) must use OPAQUE (randomized, unqueryable) or PROBABILISTIC (randomized, queryable via Davis Identity). The schema designer declares the mode per column. Test class: Ask1_TextEncryption — 4 tests pass. Reference PRF: HMAC-SHA256 in the Python suite; production target: AES-256-CMAC.

AEAD on opaque TEXT / BINARY IND-CPA + tamper detection AES-GCM-SIV (RFC 8452) ›

Math

$$\begin{aligned}\rho_g^{\text{opaque}}(v,\,n) &= \bigl(\mathrm{AES\text{-}GCM\text{-}SIV}_k(v,\,n),\; \mathrm{tag}_k(v,\,n)\bigr) \\ &\text{with } n \text{ a per-record nonce}\end{aligned}$$

Mechanism

Authenticated Encryption with Associated Data. Per-record nonce makes every ciphertext distinct (IND-CPA). A MAC tag binds ciphertext to key, detecting tamper on decrypt. No equality query — this mode is for payload confidentiality when no indexed access is needed.

In plain English

Textbook modern encryption with a built-in integrity check. Same input encrypted twice looks completely different both times; flip one bit of ciphertext and decryption refuses to return a value.

Evidence — 10,000 AEAD operations, reference stream+HMAC stand-in

ciphertexts distinct (same plaintext)100%

tamper detection rate100%

round-trip correctness100%

Test class: Ask1_TextEncryption — AEAD indistinguishability + tampering detection tests. Production target: AES-256-GCM-SIV (RFC 8452, nonce-misuse-resistant).

Structural constant-time equality one cmp instruction subtle::ConstantTimeEq (stronger) ›

Math

$$\begin{aligned}\mathrm{Eq}(k_{\text{in}},\; p_{\text{stored}}) &= \mathbf{1}\!\bigl[\,G(k_{\text{in}}) = p_{\text{stored}}\,\bigr] \\ G &: K^\ast \to \mathbb{Z}_2^{64}\end{aligned}$$

Mechanism

Equality projects the submitted key through base-hash G to a u64, then compares it to the stored u64 base point. That comparison is a single x86_64 cmp instruction. Libraries like subtle::ConstantTimeEq promise "no branching inside a byte loop." GIGI promises: there is no byte loop.

In plain English

If there is no loop, a compiler can't accidentally reintroduce a short-circuit. The timing claim is a property of the source code's shape, not of a discipline the programmer has to maintain.

Evidence — 50,000 timing reps per input

hash timing: "aaaa…a"9,000 ns

hash timing: "zzzz…z"8,900 ns

hash timing: match-all-but-last8,100 ns

max/min ratio1.11×

coefficient of variation5.69%

dudect Welch t (Python, N=20k, coin-flip)≈ −26

Rust path: u64 mul/xor/shift, constant by emissionpending scope

Scope of the claim. The timing claim has three layers: (1) Structural — the equality path is a HashMap probe returning bool; no byte loop exists in the source. (2) Hash-step timing depends on schema-fixed canonical_len, not content; see the median-based evidence above. The Python-level dudect Welch t of −26 on N = 20,000 is dominated by Python BigInt multiplication latency in the reference wyhash implementation and does not reflect the shipping Rust path, which compiles to three operand-independent u64 instructions. An oscilloscope-resolution dudect test against the Rust binary is planned. (3) HashMap-probe timing — probe sequences are in principle data-dependent. Adversarial hash-collision attacks are mitigated by the keyed hash seed s: without access to s an attacker cannot construct inputs producing adversarial probe sequences. Rotation of s (see forward-secret row) voids any collisions learned before rotation. Test class: A_StructuralConstantTime — 4 tests pass including test_dudect_welch_t_on_hash_timing.

Holonomy invariance (full affine gauge) covariant connection Γ = Δv/range Yang–Mills connection forms ›

Math

$$\begin{aligned}\Gamma_i \;&:=\; \frac{v_{i+1} - v_i}{\mathrm{range}(v)} \\ v \mapsto av + b \;&\Longrightarrow\; \Gamma_i \mapsto \mathrm{sign}(a)\,\Gamma_i \\ \Longrightarrow\; \left|\oint\Gamma\right| \;&\text{invariant}\end{aligned}$$

Mechanism

The connection 1-form Γ is the rule for parallel-transporting a fiber value around a closed loop. A covariant connection transforms in lockstep with the fiber metric. GIGI normalizes Γ by range(v); under affine gauge, range co-transforms to |a|·range, leaving Γ invariant up to sign. Holonomy magnitude (and the eigenvalue spectrum in multi-D) is preserved under the full affine gauge — not just orthogonal.

In plain English

Walk around a loop in your data; count how much a fiber value has "rotated" when you return to the start. That rotation is coordinate-free, so encryption (which is a coordinate change) can't alter it.

Evidence — 25 gauge combinations, closed loop of length 5

max |H(enc) − H(plain)|8.33 × 10⁻¹⁷

machine epsilon (float64)2.22 × 10⁻¹⁶

gauges testeda ∈ {0.1, 0.5, 2, −3, 10} × b ∈ {−100, −50, 0, 7.3, 1000}

composition test2 sequential gauges → invariance held

Below machine epsilon → invariance is exact. Math: test class B_GaugeCovariantHolonomy — 2 tests pass in encryption_strong_claims_validation.py. Engine: the affine-gauge holonomy with the Γ = Δv / range connection 1-form is computed by the HOLONOMY top-level GQL statement, which reads fiber values (decrypts on encrypted bundles). For the structural 0-decrypt invariant ring there is a base-only proxy holonomy_avg (defined as β₁ / (β₀ + 1) over the base-point graph) that captures cycle-richness without ever reading fiber values; pinned by test_project_invariant_holonomy_avg_invariant. So callers willing to decrypt get the precise affine-gauge holonomy; callers needing 0-decrypt analytics get the base-only proxy — both available via GQL.

Full-bundle Betti preservation β_k(E) = Σ β_i(B)·β_j(F^G) Leray spectral sequence ›

Math

$$\begin{aligned}\beta_k(E) &= \sum_{i+j=k} \beta_i(B) \cdot \beta_j(F^G) \\ &\text{(Leray decomposition, trivial bundle)}\end{aligned}$$

Mechanism

Betti numbers count k-dimensional holes in a space. For a fiber bundle E → B with group G acting on fiber F, the Leray decomposition splits β_k(E) into a base contribution β_i(B) and a G-invariant fiber contribution β_j(F^G). Encryption leaves B untouched (base-space hash invariant) and F^G untouched (invariant subspace by definition). Both factors invariant ⇒ β_k(E) invariant for all k.

In plain English

Counting the "holes" in the dataset — the places where data loops back on itself topologically — is a shape question, not a coordinate question. Encryption doesn't punch new holes and doesn't fill existing ones.

Evidence

base β₀ preservedtrivially (base untouched)

base β₁ preservedtrivially (base untouched)

fiber β₁ under affine gaugepreserved across 12 gauges

bundle β₁ reconstructedequal to plaintext

higher β_k≥2 on tested schemas0 (vanish trivially)

Scope of the claim. The Leray decomposition β_k(E) = Σ β_i(B)·β_j(F^G) assumes a trivial bundle. For pure primary-key-driven tabular access this holds; for non-trivial bundles (e.g. base-fiber coupling via foreign keys that encode fiber values), additional structure must be verified. β₀ and β₁ are demonstrated on the tested schemas; higher β_k≥2 vanish trivially for tabular data but the Leray argument generalizes to any schema whose bundle structure is trivial. Test class: F_FullBundleBetti — 2 tests pass.

Invariant-ring query surface 0 bytes decrypted zero-knowledge aggregates ›

Math

$$\begin{aligned}\mathcal{R} &= \langle K,\, \mathrm{conf},\, C,\, \lambda_1,\, \mathrm{hol},\, \beta_k,\, H^1 \rangle \\ \mathcal{O}_1, \mathcal{O}_2 \in \mathcal{R} \;&\Longrightarrow\; \mathcal{O}_1 + \mathcal{O}_2,\; \mathcal{O}_1 \cdot \mathcal{O}_2 \in \mathcal{R}\end{aligned}$$

Mechanism

The gauge-invariant operations form a ring: closed under pointwise addition and multiplication. Any query built from these primitives evaluates directly on ciphertext. PROJECT INVARIANT (…) is the query form that never decrypts — for any analytics workload expressible in R, bytes decrypted = 0.

In plain English

The whole family of "shape" questions — curvature, confidence, capacity, spectral gap, holonomy, Betti numbers, sheaf consistency — can be answered on the encrypted data directly. Not "the engine could decrypt if careful"; the engine has no code path that decrypts for these queries.

Evidence — the full chain tested end-to-end

K invariant1.39 × 10⁻¹⁷

confidence 1/(1+K) invariantexact (composition)

C = τ/K invariant2.22 × 10⁻¹⁶

holonomy invariant8.33 × 10⁻¹⁷

bundle Betti invariantexact (integer-valued)

Clarification — "0 bytes decrypted": invariant-ring operations read ciphertext (they must — they're computing on it) but never apply ρ_g⁻¹ and never materialize plaintext in memory. A memory dump of the GIGI process during an invariant query contains only ciphertext and invariant aggregates; no decryption routine is invoked on the query path. Math: DavisLawInvariantChain, E_ZeroBytesDecrypted_UnderInvariantQueries in encryption_strong_claims_validation.py. Engine: gigi/src/invariant.rs::test_project_invariant_zero_decrypt_calls_in_execution_path instruments a per-thread decrypt counter inside FieldTransform::decrypt_value and GaugeKey::decrypt_fiber, runs every op (curvature, confidence, capacity(τ), spectral_gap, beta_0, beta_1, holonomy_avg) on a fully-encrypted bundle, and asserts the counter stays at 0. Whitelist enforcement is at parse time: PROJECT INVARIANT (sum) FROM b is a syntax error, not a runtime error — a query that compiles is one whose evaluator is structurally proven never to reach a decryption code path. Live API: POST /v1/gql {"query": "PROJECT INVARIANT (curvature, capacity(0.1), holonomy_avg) FROM b"} on gigi-stream.fly.dev.

Statistical unlinkability + queryable equality (PROBABILISTIC) Davis Identity S + d² = 1 — (no direct analog) ›

Math

$$\begin{aligned}\mathrm{Enc}^{\text{prob}}_g(v) &= av + b + \varepsilon,\quad \varepsilon \sim \mathcal{N}(0, \sigma^2) \\ \mathrm{Eq}(w_1, w_2) &= \mathbf{1}\!\bigl[\,d^2(w_1, w_2) \le (3\sigma)^2\,\bigr]\end{aligned}$$

Mechanism

Add Gaussian noise of width σ (a schema-declared fraction of field range) to every ciphertext. Same plaintext now encrypts to different ciphertexts each time — statistical unlinkability at parameters (a, σ), with an empirical chosen-plaintext distinguisher advantage bounded by the chosen σ. The Davis Identity S + d² = 1 (Davis 2025) says equality IS a distance check: near-equality survives noise. σ-resolution bucketing before hashing keeps lookup O(1).

In plain English

Mainstream crypto tells you to choose: randomize (safe, unqueryable) or don't (queryable, leaks order). GIGI's geometry tells you the choice is false — equality is already a distance check, and distance checks work on noisy data.

Evidence — N = 20,000 Davis-Identity trials, σ = 0.5, a = 2.5

same plaintext → equal (recall)96.64%

Δv = 5σ/|a| → equal (FPR)7.59%

Δv = 3σ/|a| → equal (boundary)49.71%

empirical distinguisher advantage0.0034

σ_observed vs σ_expected (√2·σ)0.705 / 0.707

Terminology and scope. 0.0034 is the empirically measured advantage of a specific chosen-plaintext distinguisher at these parameters (σ = 0.5, a = 2.5, N = 20,000). We call the resulting property statistical unlinkability rather than IND-CPA because (a) the scheme does not rest on a standard asymptotic hardness assumption, (b) the guarantee scales with the schema-declared σ rather than with a cryptographic security parameter, and (c) formal IND-CPA requires advantage below a cryptographic-negligibility bound (e.g. 2⁻⁸⁰) under a universal quantifier over PPT distinguishers. Tightening σ relative to field range drives 0.0034 arbitrarily low; the schema declares σ per column and chooses the unlinkability / query-fidelity trade-off. The 3σ/|a| separation is the boundary — 50% FPR confirms it. Test class: D_DavisIdentity_NeighborhoodEquality.

Forward-secret key rotation dual-seed + RG flow Signal double-ratchet ›

Math

$$\begin{aligned}\texttt{ROTATE\_KEY } &\texttt{FORWARD\_SECRET}: \\ (s, g) &\mapsto (s', g') \\ \Phi_{\mathrm{RG}}(\text{snapshot}_t) \;&\text{before drop} \\ \Delta S_{\mathrm{RG}} \;&\ge\; 0\end{aligned}$$

Mechanism

Rotate BOTH seeds at once: base-space hash seed s (map from keys to base points) and GaugeKey seed g (parameterizes ρ_g). Pass pre-rotation snapshot through one step of RG flow (coarse-graining — entropy-monotonic by the second law) before dropping. Post-rotation, an attacker with any future key material cannot resolve old base points, cannot decrypt backed-up ciphertext, and cannot refine RG-coarsened aggregates below bin width w. Differential forward secrecy: fine-resolution detail below w is thermodynamically erased; aggregates at resolution w or coarser remain queryable by design. This is distinct from Signal-style message-level forward secrecy (all past plaintext irrecoverable); it is the "erase individuals, keep aggregates" form, suited to GDPR-style data-protection postures.

In plain English

Rotating just the encryption key isn't enough — an attacker with the old key and a backup still decrypts. GIGI rotates the map from keys to row locations and the cipher, and erases fine detail in the old snapshot using the same physics that makes you unable to unscramble an egg.

Evidence — 1,000-key index, 1 rotation

old-seed lookup hit rate (post-rotation)0.00%

target (forward secrecy)0.00%

atomicity (records before / after)1,000 / 1,000

RG entropy monotonicityΔS ≥ 0 structurally

live API pathGAUGE b ROTATE_KEY FORWARD_SECRET

Math: test class C_BaseHashRotation_ForwardSecrecy — 2 tests pass. Engine: BundleStore::rotate_key in gigi/src/bundle.rs drives both the GaugeKey seed g and the base-space hash seed s from a single 32-byte master via domain-separated mixing; the rotation is built off-side and atomic-swapped (test_rotate_key_atomicity_via_wal_in_process). Forward-secrecy properties pinned by: test_rotate_key_old_gauge_cannot_decrypt_post_rotation (gauge half), test_rotate_key_old_seed_cannot_lookup_post_rotation (1000 keys, ≤5 collisions = effectively 0% hit rate — the base half), test_rotate_key_record_count_invariant, test_rotate_key_two_consecutive_rotations (chain forward secrecy), test_rotate_key_curvature_after_rg_step_increases_or_equal (RG flow ΔS ≥ 0), test_rotate_key_concurrent_writes_block_during_rotation. Live e2e: e2e/encrypt_v02_live_test.mjs runs the full rotation cycle against gigi-stream.fly.dev.

Rotate-key composition (no plaintext exposure) (a₂/a₁, b₂ − b₁·a₂/a₁) — (affine closure) ›

Math

$$\rho_{g_2} \circ \rho_{g_1}^{-1} \;=\; \rho_{(a_2/a_1,\; b_2 - b_1 \cdot a_2/a_1)}$$

Mechanism

Aff(ℝ) is closed under composition. The rekey transform — decrypt with old key, re-encrypt with new — is itself an affine transform, so it applies in a single streaming pass over storage without materializing plaintext in memory.

In plain English

You never have to look at the plaintext to re-encrypt it. The rekey step is a single arithmetic pass computed directly on ciphertext.

Evidence

composition vs decrypt+re-encrypt error< 10⁻⁹

plaintext materialized (affine-only bundles)0 bytes

round-trip correctness100% (1e-9)

decrypt calls during rekey (instrumented counter)0

Math: test class Ask6_KeyRotation — 2 tests pass in encryption_math_validation.py. Engine: BundleStore::rotate_key_affine_closure in gigi/src/bundle.rs walks the storage layer, applies the affine rekey directly to ciphertext, and instruments the per-thread decrypt counter; test_rotate_key_affine_closure_zero_decrypt_calls asserts the counter stays at 0 across the rekey of 100 records. Mixed-mode bundles (OPAQUE/INDEXED/PROBABILISTIC) have no Aff(ℝ) closure and fall through to the standard rotate_key decrypt+re-encrypt path; the closure fast-path applies to AFFINE-only schemas.

Isometric O(k) group gauge Fisher metric preserved exactly orthogonal random projection ›

Math

$$\begin{aligned}\rho_g(\mathbf{v}) &= O\mathbf{v} + \mathbf{b},\quad O \in O(k),\quad O^\top O = I \\ \Longrightarrow\quad \|O\mathbf{u} - O\mathbf{v}\| &= \|\mathbf{u} - \mathbf{v}\|\end{aligned}$$

Mechanism

For grouped numeric fiber fields (declared GROUP wind { wind_x, wind_y, wind_z } ENCRYPTED ISOMETRIC), sample a random orthogonal matrix O from the seed via QR decomposition of a Gaussian matrix. Orthogonal transforms preserve the Fisher metric exactly — pairwise distances unchanged to machine precision.

In plain English

For grouped numeric fields, encryption is a secret rotation of the whole group together. Individual fields scramble but distances between records are perfectly preserved, which makes Euclidean-geometry queries exact.

Evidence — 100 random orthogonal matrices, k = 4

max |O^T O − I|< 10⁻¹⁰

pairwise distance preservationexact to 10⁻¹⁰

holonomy eigenvalue spectruminvariant to 10⁻⁹

Test class: Ask4B_IsometricEncryption — 3 tests pass in the rev-1 suite.

v0.3 · Cryptographic suite shipped to the public GIGI repo — 9 capabilities, full TDD surface

Curvature-MAC (bundle integrity)Shipped HMAC(π_inv) · 10⁻¹⁰ grain AES-GCM MAC tag ›

Math

$$\mathrm{MAC}(\text{bundle}) \;=\; \mathrm{HMAC\text{-}SHA256}_k\!\bigl(\,\mathrm{quantize}_{10^{-10}}\!\bigl(K,\,\lambda_1,\,\langle\mathrm{Hol}\rangle\bigr),\; \tau,\; \beta_0,\; \beta_1\bigr)$$

Mechanism

HMAC-SHA256 over the canonical encoding of the six-component invariant tuple π_inv = (K, λ₁, ⟨Hol⟩, τ, β₀, β₁). f64 slots are quantized to 10⁻¹⁰; integer slots (τ, β₀, β₁) are byte-exact. Any gauge-invariant content edit changes the tag; the layered Holonomy ledger closes the gauge-invariant-content blindspot at byte level.

Status · v0.3

src/integrity.rs · 10 unit tests · paper §3.5 documents the f64 quantization rationale; layered with the Holonomy ledger (next entry) for byte-level tamper evidence.

Čech threshold sharingShipped K-of-N over F_p · pubkey-bound tags Shamir secret sharing ›

Math

$$s \;=\; \sum_{i \in S} \lambda_i^{S}(0)\; s_i \pmod{p}, \qquad p = 2^{256} - 2^{32} - 977 \quad (\text{secp256k1 base field})$$

Mechanism

Shamir K-of-N over the secp256k1 base field F_p, framed as Čech reconstruction on the share-holder cover. Each share carries an HMAC-SHA256 auth tag binding it to (bundle_id, share_index, holder.pubkey), so shares cannot be re-targeted across deployments. Information-theoretic up to the threshold; any subset of size ≤ K−1 recovers zero.

Status · v0.3

src/threshold.rs · spec §6 · composes with ML-KEM transport in the lattice-threshold delegation mode (see headline results above) for PQ + IT-secure delegation.

Holonomy ledgerShipped RFC 6962 Merkle · record_hash leaves CT-log (Merkle) ›

Math

$$\text{leaf}_t \;=\; (t,\; \mathrm{op\_id},\; \Delta\!\oint\Gamma_t,\; \mathrm{record\_hash}_t,\; \mathrm{op\_kind}); \qquad \mathrm{Hol}(B_T) \;=\; \mathrm{Hol}(B_0) + \sum_{t=1}^{T} \Delta\!\oint\Gamma_t$$

Mechanism

Append-only RFC 6962 Merkle tree over per-write leaves (timestamp, op_id, holonomy_delta, record_hash, op_kind) with internal-node hash SHA-256(0x01 ‖ left ‖ right). The telescope identity Hol(B_T) = Hol(B₀) + Σ Δ_t lets an auditor verify the entire log by holonomy difference. The extended record_hash leaf field closes Curvature-MAC's gauge-invariant-content blindspot at byte level.

Status · v0.3

src/ledger.rs · 12 unit tests · spec §5 · paired with Curvature-MAC for invariant-level + byte-level tamper evidence.

Continuous RG-flow ratchetShipped HKDF chain · per-write · retention horizon R Signal symmetric ratchet ›

Math

$$g_{t+1} \;=\; \mathrm{HKDF\text{-}SHA256}\!\bigl(\,\text{salt} = \text{record\_bytes} \,\Vert\, t,\;\, \text{ikm} = g_t,\;\, \text{info} = \text{``gigi-ratchet-v1''}\bigr)$$

Mechanism

Per-write KDF chain advances the gauge once per record. Checkpoints every N writes; retention horizon R drops checkpoints below T − R, making g_t for t < T − R computationally unrecoverable. Per-field semantics: INDEXED (deterministic-PRF) fields stay non-ratcheting; all other modes ratchet on write.

Status · v0.3

src/ratchet.rs · 9 unit tests · spec §7 · replaces the v0.2 epoch-coarse-grain rotation with continuous per-write advancement; old plaintext recovery rate measured at 0.00% past the horizon on 1,000-key tests.

Aff(ℝ) capability delegationShipped (α, β) = (a_B/a_A, b_B − b_Aα) Umbral (NuCypher) ›

Math

$$\text{capability}(g_A \to g_B) \;=\; \bigl(\alpha,\, \beta\bigr) \;=\; \Bigl(\tfrac{a_B}{a_A},\;\; b_B - b_A \cdot \tfrac{a_B}{a_A}\Bigr)$$

Mechanism

Composes Alice's and Bob's GaugeKey Affine / Isometric / Identity transforms into a per-field capability the proxy applies on ciphertext — never touches plaintext. Honest framing: this is recipient-applied key-delegation, not strict collusion-resistant proxy re-encryption. A Bob+capability+own-key coalition recovers Alice's key (algebraic recovery; documented in spec §4.7 as Limitation 4.7.1). For deployments needing collusion-resistance, use the pairing or threshold paths.

Status · v0.3

src/delegation.rs · 11 unit tests · the collusion-recovers-Alice-key test is load-bearing — it passes by design and the limitation is documented in the paper.

BLS12-381 pairing key-delegationShipped e(C₁, rk) = e(g₁, g₂)^r·sk_B/sk_A Umbral (NuCypher) ›

Math

$$\mathrm{rk}_{A\to B} \;=\; g_2^{\,sk_B / sk_A} \in G_2, \qquad K_{\mathrm{shared}} \;=\; e\bigl(C_1,\, \mathrm{rk}_{A\to B}\bigr) \;=\; e(g_1, g_2)^{r \cdot sk_B / sk_A} \in G_T$$

Mechanism

BLS12-381 keypairs sk ∈ F_p, pk = g₂^sk ∈ G₂. KEM capsule C₁ = g₁^r ∈ G₁. Delegatee applies the capability themselves via pairing (the proxy is a non-cryptographic transport). Single-party collusion-resistance under BDH on G_T + DLP on G₂; formal theorem with BDH reduction in paper §6.

Status · v0.3

src/pairing_delegation.rs · 6 unit tests including collusion-resistance verification · pre-quantum (broken by Shor's); the two PQ-safe modes (ML-KEM trusted + lattice threshold) cover the post-quantum threat models.

ML-KEM-768 PQ trusted-delegateeShipped FIPS 203 · NIST Level 3 Kyber / ML-KEM standard ›

Math

$$(\mathrm{ct},\, K) \;=\; \mathrm{Encaps}_{pk_B}(); \qquad K' \;=\; \mathrm{Decaps}_{sk_B}(\mathrm{ct}); \qquad \mathrm{aead\_ct} \;=\; \mathrm{AES\text{-}256\text{-}GCM\text{-}SIV}_{\mathrm{HKDF}(K)}(\text{payload}, \text{nonce})$$

Mechanism

FIPS 203 ML-KEM-768 wraps a session secret to a recipient's PQ public key; AES-256-GCM-SIV then encrypts the delegated payload under the KEM-derived key. Trust model is trusted-delegatee: Bob holds Alice's full key after delegation. Quantum strength IND-CCA under the MLWE assumption (NIST Level 3).

Status · v0.3

src/mlkem_delegation.rs · 7 unit tests · closes the BLS12-381 quantum gap for the trusted-delegatee threat model.

Lattice threshold delegation (PQ + collusion-resistant)Shipped Shamir K-of-N · ML-KEM transport Threshold-Kyber (research) ›

Math

$$\text{share}_i \;\xleftarrow{\$}\;\, \mathrm{Shamir}_{K,N}(s) \in \mathbb{F}_p, \qquad \text{envelope}_i \;=\; \mathrm{MLKEM}_{pk_i}(\text{share}_i); \qquad \forall S \subseteq [N],\ |S| < K \;\Longrightarrow\; \mathrm{view}(S) \equiv \text{IT-zero on } s$$

Mechanism

Two-layer composition: Shamir K-of-N split (information-theoretic) wrapped in per-share ML-KEM transport (PQ IND-CCA). Any K−1 colluding shareholders learn information-theoretically zero about the delegated payload; transport is PQ-safe under MLWE. The strictly stronger collusion-resistance property than BLS12-381's DLP-based resistance, at the cost of being a multi-party deployment shape.

Status · v0.3

src/lattice_delegation.rs · 7 unit tests · exhaustively verified for (K=3, N=5) across all 10 collusion subsets in tests/fhe_pq_parity_rigor.rs::b2_*_subset_*.

Gauge-equivariant aggregate helpers (FHE parity)Shipped SUM AVG MIN MAX VAR STDDEV RANGE MEDIAN QUANTILE ARGMIN ARGMAX Paillier · CKKS ›

Math

$$\rho_{\textsc{sum}}(s) = a s + n b, \quad \rho_{\textsc{avg}}(\mu) = a\mu + b, \quad \rho_{\textsc{var}}(V) = a^2 V, \quad \rho_{\textsc{median}}(m) = a m + b; \qquad f(\sigma) \;=\; \rho_g^{-1}\!\bigl(A_\rho(\mathrm{Enc}_g(\sigma))\bigr)$$

Mechanism

Equivariant ciphertext computability (paper Theorem 3.1) gives the eleven analytical-SQL aggregates a closed-form server-side computation + closed-form client-side inversion. Native server speed; O(1) client work per query, independent of bundle size. Value aggregates (SUM, AVG, VAR, STDDEV) invert via the affine map; order statistics (MIN, MAX, RANGE, MEDIAN, QUANTILE) use the same inverse on Affine mode with sign-aware quantile selection at the query layer; ARGMIN/ARGMAX recover record positions with the joint sign-aware swap automatic. Probabilistic-mode order statistics are bias-refused at the API with a typed BiasedUnderProbabilisticNoise error — the bias cannot leak into application code unnoticed.

Status · v0.3

src/aggregate_helpers.rs · 24 unit tests (16 exactness + 8 bias-refusal) · tests/fhe_pq_parity_rigor.rs 25 integration tests · Python oracle validation_tests_fhe_pq_rigor.py 66/66 pass.

v0.4 · Cryptographic suite shipped — Sprints N, O, P, Q-characterization (4 capabilities, 29 integration tests)

Public deterministic verification of π_invShipped verifier holds ciphertext only · no gauge key Sigma-protocol consistency layer ›

Math

$$\text{Verify}(\text{store},\, \text{claim}) \;=\; \begin{cases} \text{Verified} & \text{if } \pi_{\mathrm{inv}}(\text{store}) = \text{claim} \\ \text{Rejected}(\text{field},\, \Delta) & \text{first disagreement in fingerprint order}\end{cases}$$

Mechanism

An auditor holding only the encrypted bundle recomputes π_inv from the ciphertext alone and compares to the prover's claim. Rejection returns the first disagreement in canonical fingerprint order (K → λ₁ → ⟨Hol⟩ → τ → β₀ → β₁). f64 fields use a 10⁻¹⁰ tolerance matching the integrity-tag quantization; u64 fields (record_count, β₀, β₁) are checked for exact equality.

Status · v0.4

src/invariant_verify.rs · 12 integration + 4 unit tests (including N-3 at 1000 trials, N-5 bundle-id binding, N-6 same-K-different-topology, N-7 end-to-end through EncryptionMode::Affine) · deterministic verification, not zero knowledge — the formal Sigma protocol target (completeness / special soundness / SHVZK) is documented in the v0.4 spec as open work (see v0.4/v0.5 horizon below).

Credential-gated invariant queriesShipped HMAC-bound · falsification harness W3C VC + AnonCreds 2.0 ›

Math

$$\mathcal{I}_{\mathrm{Aff}} \;=\; \langle\,K,\, \lambda_1,\, \langle\mathrm{Hol}\rangle,\, \tau,\, \beta_0,\, \beta_1\,\rangle; \qquad \mathrm{cred}.\mathrm{tag} \;=\; \mathrm{HMAC\text{-}SHA256}_k\!\bigl(\,\text{``GIGI\_v0.4\_credential\_v1''},\; \mathrm{user\_commit},\; \mathrm{query\_class},\; \mathrm{bundle\_id}\bigr)$$

Mechanism

A user proves they hold a valid credential for a query class without revealing identity. invariant_ring::is_in_iaff_harness runtime-falsifies ad-hoc query callbacks by running them on plaintext + 5 random gauges; K_fake = mean / std² is caught at gauge (3.7, 100) with relative error > 0.1. The credential primitive is HMAC-SHA256-bound today with a typed domain separator and constant-time tag comparison; full Camenisch–Lysyanskaya unlinkability via BBS+ is the v0.5 upgrade path (pinned in the v0.4 spec).

Status · v0.4

src/credentials.rs + src/invariant_ring.rs · 6 integration + 11 unit tests · rejects on wrong bundle_id / wrong class / wrong key; 5-way gauge rerandomization with identical K result; closest architectural ancestor: Lysyanskaya's CL anonymous-credential lineage.

Geodesic-ball membership indexShipped dimension-aware χ² threshold CP-ABE (ciphertext-policy) ›

Math

$$\mathrm{Member}(v) \;=\; \mathbf{1}\!\Bigl[\,(v - c)^\top \Sigma^{-1} (v - c) \;\le\; \chi^2(k,\, 1-\alpha)\,\Bigr]$$

Mechanism

A new GIGI index type backing membership queries without decryption. Dimension-aware threshold via Wilson-Hilferty cubic approximation to χ²(k, 1−α) (~2.5% error at k=1, sub-0.5% for k≥3); Beasley-Springer-Moro for the normal quantile. Two encrypted-side variants: encrypted_membership_scalar(v, a, b) for isotropic gauge (ball preserved), encrypted_membership_fieldwise(v, d, b) for per-field gauge (ball → ellipsoid, induced Mahalanobis metric). Explicit leakage scope: (centroid, Σ, χ²-threshold, count, gauge_type) — not a hiding primitive; layer OPAQUE on member-encoding for confidentiality.

Status · v0.4

src/membership_index.rs · 6 integration + 6 unit tests (including the exact χ² table for k∈{1..5} at p∈{0.95, 0.99} with Wilson-Hilferty fallback elsewhere) · TPR matches 1−α tail bound within sampling deviation; batch-deletion drift averages > 3× single-deletion drift (confirms O(|R|/n) scaling); boundary-adversary false-admit rate documented as open problem (formal membership witness deferred to the v0.5 Sigma-protocol upgrade of the verifier).

K-preserving transformation groupShipped · characterization G_AffK = (ℝ^*)^k ⊹ ℝ^k Invariant-theory characterization ›

Math

$$G_{\mathrm{AffK}} \;=\; (\mathbb{R}^*)^k \ltimes \mathbb{R}^k \;=\; \bigl\{\,g(v) = D v + b \;\big|\; D = \mathrm{diag}(a_1, \ldots, a_k),\ a_i \ne 0\,\bigr\} \;\subset\; \mathrm{Aff}(\mathbb{R})^k$$

Mechanism

Mathematical characterization of exactly which transformation groups preserve per-field K. The diagonal affine group is the answer: independent per-field scalings a_i ≠ 0 + per-field translations b_i. Shear matrices break K (off-diagonal mixing). Rotations preserve tr(Cov) but break (max−min)² — an O(k)-invariant trace-K must use squared diameter, not coordinate range (matches paper §3 isometric-mode correction).

Status · v0.4 · roadmap-only sprint

tests/k_preserving_v0_4.rs · 5 integration tests · no new module: exercises invariant_ring::compute_k against shear / diagonal-affine / rotation / scalar-isotropic / LWE samples. Separates the gauge question (which group preserves K) from the hiding question (what gives PQ confidentiality); the latter is the genuinely open construction in the horizon below.

v0.4 ↔ v0.5 · On the horizon upgrade paths and genuinely open constructions

Formal Sigma protocol for π_inv knowledge (full ZK upgrade) completeness + special soundness + SHVZK Schnorr / Bulletproof ›

Math

$$R \;=\; \bigl\{\,(C,\, y\,;\, w) : C = \mathrm{Enc}_g(\sigma),\ y = \pi_{\mathrm{inv}}(\sigma),\ w = (g, \sigma)\,\bigr\}$$

Open work · v0.5 upgrade of the shipped deterministic verifier

Promote the shipped deterministic verifier into a Sigma protocol proving knowledge of w = (g, σ) satisfying relation R. The additive offset b admits a Schnorr-style proof; the multiplicative scale a ∈ ℝ^* is not a finite-field group element and needs a fresh construction — range-bounded a via Pedersen commitments, or a treatment over the reals. Same relation as v0.4; stronger soundness property.

BBS+ unlinkability upgrade of credentials (full anonymous-credential upgrade) CL anonymous credentials (BBS+) W3C VC + AnonCreds 2.0 ›

Math

$$\text{BBS+}.\mathrm{Sign}(sk,\, \text{user\_commit}) \;\to\; \sigma; \qquad \text{BBS+}.\mathrm{ProveDisclose}\bigl(\sigma,\, \text{query\_class},\, \text{nonce}\bigr) \;\to\; \pi \quad\text{(re-randomizable, unlinkable across presentations)}$$

Open work · v0.5 upgrade of the shipped HMAC credentials

Replace the HMAC tag with a BBS+ signature (Au-Susilo-Mu 2006), the modern production CL deployment via W3C VC Data Model 2.0 + Hyperledger AnonCreds 2.0. Beullens-Dobson-Katsumata 2023 lattice-BBS supplies the PQ upgrade path. Buys formal unlinkability across credential presentations (the shipped HMAC credential is deterministic and replayable).

Spectral-signature ZKP Δλ₁ as membership proof zk-SNARK / Bulletproof ›

Math

$$\pi \;=\; \lambda_1\bigl(\text{bundle} \cup \{v\}\bigr) - \lambda_1(\text{bundle}) \qquad \text{verify: recompute, match}$$

Open work · geometric ZKP candidate

The prover claims they know a preimage v that hashes into the bundle. The proof is the spectral-gap delta that insertion would cause. Verifier recomputes and matches — no access to v required. Constant-size (~32 bytes for one eigenvalue). zk-SNARKs / Bulletproofs are succinct by cryptographic construction; this would be succinct by geometric construction, riding on the field-index bitmap-graph Laplacian GIGI already computes.

Spectral-signature ZKP Δλ₁ as membership proof zk-SNARK / Bulletproof ›

Math

$$\pi \;=\; \lambda_1\bigl(\text{bundle} \cup \{v\}\bigr) - \lambda_1(\text{bundle}) \qquad \text{verify: recompute, match}$$

Open work

The prover claims they know a preimage v that hashes into the bundle. The proof is the spectral-gap delta that insertion would cause. Verifier recomputes and matches — no access to v required. Constant-size (~32 bytes for one eigenvalue). zk-SNARKs/Bulletproofs are succinct by cryptographic construction; this is succinct by geometric construction.

Why this is next

v0.4 candidate construction; rides on the field-index bitmap-graph Laplacian that GIGI already computes.

Single-party PQ collusion-resistant lattice-PRE (construction) H_LWE ∘ g = g′ ∘ H_LWE Kirshanova 2014 · Aono-Hayashi 2017 ›

Math · the commutation requirement

$$g \circ H_{\mathrm{LWE}} \;=\; H_{\mathrm{LWE}} \circ g' \qquad \text{for some } g' \in G_{\mathrm{AffK}} \;=\; (\mathbb{R}^*)^k \ltimes \mathbb{R}^k$$

Open work · construction, not characterization

The K-preserving-group characterization (shipped above) settled the gauge-side question: G_AffK = (ℝ^*)^k ⊹ ℝ^k is the exact K-preserving group. The remaining open work is the hiding-side construction: a lattice hiding layer H_LWE whose induced action commutes with G_AffK, so the verifier can compute K(H_LWE(g(σ))) without decrypting. The shipped ML-KEM + Shamir threshold modes cover the multi-party PQ collusion-resistance axis; this construction is the missing single-party + PQ + collusion-resistance combination.

Closest prior work · collaboration invited

Kirshanova 2014 (lattice PRE) and Aono-Hayashi 2017 (lattice PRE) hide plaintext under lattice hardness but do not preserve a geometric invariant like K under encryption. Combining gauge invariance with lattice-based hiding is the open construction — paper §1.3 documents it as the v0.5 deferred construction; collaboration invited.

A note on industry peers: the "peer" line names the closest mainstream primitive so cryptographers have a bridge. It does not claim equivalence. Every GIGI mechanism derives from gauge theory applied to the fiber bundle — the peer is a translation aid, not a replacement. Where no peer exists (curvature, confidence, spectral-gap invariance, Davis-Identity equality), the capability is GIGI-native and has no direct analog in NIST-standardized cryptography.

The Honest Notes

What GIGI Encrypt does. And where it composes.

Cryptographers read these pages carefully. Here is a one-page, symmetric read: every capability GIGI Encrypt ships today (v0.2 engine + v0.3 + v0.4 cryptographic suites), and the five places it composes cleanly with the rest of a production stack.

Ships today · what GIGI Encrypt is

Structure-group action on fiber coordinates

Every ENCRYPTED field is a private gauge ρ_g applied to the fiber. Affine on numeric, orthogonal on grouped numeric, PRF or AEAD on text/categorical/binary. The 32-byte seed inverts; nothing else does.
Zero-decryption analytics via the invariant ring

PROJECT INVARIANT (...) evaluates curvature K, spectral gap λ₁, base-graph Betti β₀, β₁, mean holonomy ⟨Hol⟩, record-count τ directly on ciphertext. 0 bytes decrypted by construction, not by discipline — pinned by an instrumented per-thread decrypt counter test that runs every op on a fully-encrypted bundle.
Structurally constant-time equality

Equality is a single u64 cmp through the base-hash probe. No byte loop exists for a compiler or speculative executor to exploit. Strictly stronger than subtle::ConstantTimeEq (no loop body to discipline).
FHE parity for analytical SQL on ciphertext

SUM, AVG, MIN, MAX, VAR, STDDEV, RANGE, MEDIAN, QUANTILE, ARGMIN, ARGMAX (eleven aggregates) compute on the encrypted bundle at native server speed; the client recovers the plaintext aggregate via one closed-form ρ_g⁻¹ per query. The aggregate is ρ-equivariant; the client inversion is O(1) in bundle size. Probabilistic-mode order statistics (MIN/MAX/RANGE/MEDIAN/QUANTILE/ARGMIN/ARGMAX with σ > 0) are bias-refused at the API with a typed error rather than silently overshooting.
Statistical unlinkability + O(1) equality (PROBABILISTIC)

PROBABILISTIC mode adds Gaussian noise; the Davis Identity (S + d² = 1) makes equality a distance check that survives it. Two encryptions of the same value differ; equality queries still resolve in a HashMap probe. Order statistics under noise are bias-refused with a typed error rather than silently overshooting.
Forward-secret key rotation + continuous per-write ratchet

GAUGE ROTATE_KEY FORWARD_SECRET rotates base-hash seed s and GaugeKey g atomically. The v0.3 continuous RG-flow ratchet advances g per write via HKDF chain; retention horizon R makes pre-horizon keys computationally unrecoverable. Post-compromise recovery of old plaintext: 0.00% past the horizon.
Bundle integrity + append-only audit ledger

Curvature-MAC HMACs the six-component invariant fingerprint π_inv = (K, λ₁, ⟨Hol⟩, τ, β₀, β₁) at 10⁻¹⁰ quantization. The holonomy ledger appends RFC 6962 Merkle leaves with per-write record_hash; byte-level tamper evidence + invariant-level attestation, layered.
Post-quantum delegation — trusted + threshold

Two PQ-safe delegation modes shipped: ML-KEM-768 (FIPS 203, NIST Level 3) for the trusted-delegatee model, and lattice threshold (Shamir K-of-N over F_p + per-share ML-KEM) for collusion-resistance under any K−1-shareholder coalition. Strictly stronger than DLP-based resistance, on a multi-party deployment shape.
Pairing key-delegation (BLS12-381)

Single-party collusion-resistant key-delegation primitive on BLS12-381 (pre-quantum). Security reduces to BDH on G_T + DLP on G₂; formal theorem with BDH reduction in paper §6. Aff(ℝ) capability delegation ships alongside for honest-delegatee deployments (algebraic recovery on collusion documented as Limitation 4.7.1).
Public deterministic verification of π_inv

A verifier holding only the encrypted bundle recomputes the invariant fingerprint from the ciphertext alone and compares against the prover's claim. No gauge key handed to the verifier. Soundness probability 1 in exact arithmetic; rejection names the first disagreement in fingerprint order.
Credential-gated invariant queries with falsification harness

A user proves credential authorization for a query class without revealing identity. The runtime falsification harness re-evaluates ad-hoc query callbacks under 5 random gauges and rejects anything not in the invariant ring I_Aff. HMAC-SHA256-bound today with constant-time tag comparison + typed domain separator "GIGI_v0.4_credential_v1"; BBS+ unlinkability is the pinned v0.5 upgrade path.
Geodesic-ball membership index

Dimension-aware Mahalanobis-distance index with χ²(k, 1−α) threshold; scalar-gauge ball preserved, field-wise gauge handled via ellipsoidal check. Explicit leakage scope: centroid + covariance + count + gauge type are revealed by design — this is a structured-data index, not a hiding primitive. Layer OPAQUE on member-encoding for confidentiality.

Composes cleanly · where it layers

FHE layers on top for arbitrary arithmetic

The invariant ring is GIGI's computational surface — tighter, faster, and provably complete for geometric-database workloads. FHE schemes (CKKS, BGV) compose on top when a caller needs addition and multiplication beyond the ring.
TLS / mTLS covers data in flight

Gauge encryption is the storage-and-query layer. Transport-layer security covers the wire; signed requests cover authn. Each layer does its own job; together they cover the full path.
Microarchitectural mitigations pair as usual

The constant-time claim is structural — a property of source-code shape. Cache-port, Spectre-class, and port-contention defences (constant-time allocators, speculative-load barriers) pair with this primitive exactly as they would with AES or ChaCha.
Post-quantum is an upgrade path, not a rewrite

The architecture separates what the engine measures (invariant ring) from how the fiber is encrypted (structure group). Swapping Aff(ℝ) for a lattice-fiber gauge under LWE is a local change; curvature, spectral, and sheaf machinery are untouched.
Threat model is database-level, not endpoint

Confidentiality against a database-layer adversary (DBAs, backup thieves, compromised replicas); integrity via per-write invariant verification; forward secrecy via dual-seed rotation. Endpoint and application-layer threats pair with your existing IAM and key-management posture.

Glossary — plain-English cheat sheet

Every term of art on this page, translated.

Most of the GIGI Encrypt vocabulary comes from differential geometry and fiber bundles. Below, every term of art used above, in plain English, with the engineer / cryptographer benefit stated in their own vocabulary. Click any underlined term earlier in the page to jump here.

Geometric primitives

Fiber bundle

A table-shaped space: a base indexes rows, and over each row sits a fiber holding the data for that row.

Why it matters: keys land on the base (equality via hash), values live in the fiber (encrypted). The two layers are algebraically independent — rotate one without disturbing the other.

Base space / base point

The row coordinate. For GIGI it's a u64 produced by a keyed base-space hash G.

Why it matters: equality is a single HashMap probe on this u64, not a byte compare on the ciphertext.

Fiber

The value coordinate. What you'd call the column value in a normal DB.

Why it matters: encryption acts on the fiber; queryability lives on the base. That separation is why you get analytics without decryption.

Structure group G / gauge group

The group of allowed transformations on the fiber. GIGI uses Aff(ℝ) (affine) for numeric, O(k) (orthogonal) for vectors, Sym(F) × AEAD for text.

Why it matters: swap the structure group → swap the cipher class. LWE/Kyber becomes a structure-group swap, not a rewrite.

Gauge transform / gauge invariance

A coordinate change on the fiber that leaves the observable physics (invariants) unchanged. Like unit conversion: meters to feet doesn't change which ball is bigger.

Why it matters: encryption is a gauge transform in GIGI. Curvature, spectral gap, confidence read identically on plaintext and ciphertext.

Connection 1-form Γ

The rule for comparing values across neighboring rows — a discrete gradient normalized by the field range.

Why it matters: Γ is the signal the invariants are built on. It survives encryption by design.

Holonomy ∮ Γ

The net "twist" accumulated by walking the connection around a closed loop. Eng-analog: the phase residue around a cycle graph.

Why it matters: gauge-invariant, so audit and anomaly detection run on ciphertext.

Scalar curvature K (Davis sense)

We use "curvature" in the Davis-Manifold sense: K = Var(v) / range(v)², a dimensionless normalized-dispersion scalar per column. Affine-invariant by construction (Var scales as a², range² scales as a², ratio invariant). Related to but not identical with Riemannian scalar curvature in its classical differential-geometric sense (contraction of the Riemann tensor); see Davis 2024 Branch I for the precise correspondence on the statistical manifold with Fisher metric.

Why it matters: confidence 1/(1+K) and capacity C = τ/K fall out of one number. All computable on ciphertext, all affine-gauge invariant.

Betti numbers β_k

Counts of k-dimensional holes in a dataset's shape. β₀ = connected components, β₁ = loops, β₂ = voids.

Why it matters: topology survives encryption. Anomaly detection (new loop appears) works without decrypting.

Spectral gap λ₁

Second-smallest eigenvalue of the dataset's graph Laplacian. It measures how well-connected the data is.

Why it matters: clusterability and mixing time are readable on ciphertext.

Čech H¹ / sheaf consistency

A cohomology group that is zero iff local pieces of a dataset glue into a globally consistent whole. Eng-analog: distributed consensus check across overlapping shards.

Why it matters: "do my shards agree?" becomes a single algebraic check — on ciphertext.

Leray decomposition

Theorem: for a trivial bundle, the topology of the total space factors into (topology of base) × (topology of fiber). β_k(E) = Σ β_i(B)·β_j(F^G).

Why it matters: proof that encryption (which acts on F only) cannot destroy base- or G-invariant topology. Why Betti survives.

Invariant ring ℛ

The algebra of all operations you can build from gauge-invariants (K, confidence, C, λ₁, holonomy, Betti, H¹) — closed under + and ×.

Why it matters: any query expressible in ℛ runs on ciphertext with 0 bytes decrypted. That's the PROJECT INVARIANT surface.

RG flow Φ_RG / coarse-graining

Renormalization-group step: bin fine data into coarser buckets, throwing away resolution. Entropy-monotonic (ΔS ≥ 0) by the second law.

Why it matters: forward secrecy. Old snapshots get irreversibly coarsened before rotation — cannot be un-blurred, even with the new key.

Crypto primitives used on the page

PRF

Pseudo-Random Function. Keyed deterministic hash: same input + same key → same output, indistinguishable from random without the key.

Why it matters: preserves equality under encryption. What INDEXED mode is built on.

AEAD

Authenticated Encryption with Associated Data. Per-record nonce, randomized ciphertext, integrity tag. Any tamper is rejected at decrypt.

Why it matters: what OPAQUE mode is. Drop-in AES-GCM-SIV on payload fibers.

IND-CPA

Indistinguishability under chosen-plaintext attack. An attacker who submits two plaintexts and sees one ciphertext cannot tell which one it came from better than random.

Why it matters: the textbook bar for modern symmetric encryption. GIGI's PROBABILISTIC numeric mode clears it while still answering equality queries via the Davis Identity — previously treated as mutually exclusive.

Forward secrecy

A future key compromise must not reveal past plaintext.

Why it matters: GIGI's dual-seed rotation + RG step achieves it at rest, not just in transit (TLS). Post-compromise recovery on tests: 0.00%.

AES-GCM-SIV · AES-SIV

Nonce-misuse-resistant AEAD (RFC 8452) and the deterministic SIV mode (RFC 5297).

Why it matters: GIGI's OPAQUE uses GCM-SIV directly; INDEXED is the conceptual cousin of SIV with an AES-CMAC / keyed-SipHash PRF.

Constant-time equality (subtle::ConstantTimeEq)

Byte-wise compare that avoids data-dependent branches inside the loop, so timing side-channels don't leak byte positions.

Why it matters: GIGI is strictly stronger — there is no byte loop to discipline. Equality is one cmp on a u64 base point.

FHE / CKKS / BGV

Fully Homomorphic Encryption schemes that let you compute on ciphertext. Expensive, noisy, bounded-depth circuits.

Why it matters: GIGI's invariant ring is a tighter, faster alternative for geometric workloads. FHE still wins for arbitrary arithmetic — the two compose cleanly.

Kyber / ML-KEM / LWE

NIST-standardized post-quantum KEM (Kyber / ML-KEM FIPS 203) built on the Learning-With-Errors lattice problem.

Why it matters: the PQ upgrade path is a structure-group swap (Aff(ℝ) → LWE lattice gauge). The invariant ring is untouched.

GIGI-specific terms

Davis Identity — S + d² = 1

Sameness S and squared deviation d² sum to unity, so equality is a distance check: Eq(w₁, w₂) = 𝟙[d² ≤ (3σ)²].

Why it matters: the mechanism that lets randomized (statistically unlinkable) numeric encryption still answer O(1) equality queries. 96.6% recall at 3σ on N = 20,000.

Davis Law — C = τ/K

Capacity C equals tolerance τ over curvature K. One scalar identity ties admissible sample count to geometry.

Why it matters: a single number decides whether your table is statistically usable — computable on ciphertext.

Base-space hash G / base-hash seed s

Keyed canonical-length hash that maps a plaintext key to a u64 base point. Seed s is rotatable.

Why it matters: O(1) equality, zero fiber-byte reads on misses, timing is schema-dependent not content-dependent.

INDEXED · OPAQUE · PROBABILISTIC

Three GIGI fiber-encryption modes. INDEXED = PRF, deterministic, equality-queryable — high-cardinality columns only (deterministic encryption leaks frequency). OPAQUE = AEAD, randomized, formally IND-CPA (AES-GCM-SIV), not queryable. PROBABILISTIC = affine + Gaussian noise, statistically unlinkable (empirical — not formally IND-CPA) and equality-queryable via the Davis Identity.

Why it matters: per-column choice. Security level and query surface are schema-declared, not hard-coded.

GaugeKey g

A 32-byte seed that picks the specific element of the structure group used for fiber encryption.

Why it matters: the "key" in the classical sense. Rotates with seed s under forward secrecy.

PROJECT INVARIANT (…)

The GQL query form that evaluates only invariant-ring operations.

Why it matters: structurally guaranteed zero-decryption analytics surface — not a discipline the operator has to remember.

GAUGE ROTATE_KEY FORWARD_SECRET

The atomic dual-seed rotation: swap (s, g) → (s', g') and run one RG-flow step on the pre-rotation snapshot.

Why it matters: forward secrecy at rest, with an irreversible coarse-graining of old aggregates. Write-ahead-log atomic.

The paper

Geometric encryption, written down.

Every claim on this page descends from a single paper: Geometric Encryption — Property-Preserving Database Encryption via Gauge Invariance on Fiber Bundles. Published 2026-05-29 on Zenodo with DOI 10.5281/zenodo.20438796.

Published · Zenodo 2026-05-29 · DOI 10.5281/zenodo.20438796

Geometric Encryption: Property-Preserving Database Encryption via Gauge Invariance on Fiber Bundles

Bee Rosa Davis · Davis Geometric · 2026

We introduce geometric encryption, a property-preserving database-encryption framework in which the encryption acts on the fiber of a fiber-bundle data store. The action determines, by construction, which queries are computable on ciphertext: a query of arity m is computable on ciphertext at native server speed with O(poly(m)) closed-form client post-processing iff it is ρ-equivariant under the structure group G for some representation ρ. The ρ = id slice (gauge-invariant queries) needs no post-processing; the non-trivial slices — SUM, AVG, MIN, MAX, VAR, STDDEV, RANGE, MEDIAN, QUANTILE, ARGMIN, ARGMAX on affine ciphertext — are recovered by the client via a single closed-form ρ_g⁻¹ application (with sign-aware joint swap for the argmin/argmax pair under a < 0, and bias-refusal at the API for the order-statistic family under Probabilistic noise). A taxonomy of five encryption modes (Affine, Opaque, Indexed, Probabilistic, Isometric), six higher-level constructions (Curvature-MAC, Aff(ℝ) capability delegation, holonomy ledger, Čech threshold sharing, RG-flow ratchet, pairing-based collusion-resistant delegation on BLS12-381), and two post-quantum delegation modes (ML-KEM-768 trusted-delegatee + lattice threshold) constitute the v0.3 implementation. Per-mode leakage profiles graded by the Chase–Kamara structured-encryption taxonomy. Three further constructions are stated as derived with reference implementation deferred to a successor paper.

Headline contributions

Theorem 3.1 — equivariant ciphertext-computability; invariant case is the trivial-representation corollary
Five-mode taxonomy — explicit per-mode leakage profile (L_eq, L_ord, L_dist, L_acc)
v0.3 cryptographic suite — Curvature-MAC bundle integrity, Aff(ℝ) capability delegation, Holonomy ledger, Čech threshold sharing, continuous RG-flow ratchet
BLS12-381 pairing delegation — collusion-resistant key delegation with formal BDH security reduction (paper §6)
Two PQ-safe delegation modes — ML-KEM-768 trusted-delegatee + lattice threshold delegation (post-quantum + information-theoretic-secure under K−1 collusion)
Public deterministic verification of π_inv — auditor reconstructs the invariant fingerprint from ciphertext alone, no gauge key handed over
Credential-gated invariant queries — HMAC-bound query-class capability tags plus a runtime falsification harness on I_Aff
Geodesic-ball membership index — dimension-aware Mahalanobis-distance index with χ²(k, 1−α) threshold
K-preserving group characterization — the exact transformation group preserving curvature K is the diagonal affine (ℝ^*)^k ⊹ ℝ^k

Published 2026-05-29

28 pp

731 KB PDF

DOI 10.5281/zenodo.20438796

998+ Rust tests

29 v0.4 integration

68+ Python oracle (3 suites)

Read on Zenodo → Source & tests → github.com/nurdymuny/gigi Email the author →

How to cite. Davis, B. R. (2026). Geometric Encryption: Property-Preserving Database Encryption via Gauge Invariance on Fiber Bundles. Zenodo. https://doi.org/10.5281/zenodo.20438796

Reproducibility. Every claim in the paper is backed by an executable test in the public GIGI repository: the v0.3 Rust integration suite (tests/composition_v0_3.rs, tests/fhe_pq_parity_rigor.rs), the v0.4 suite (tests/invariant_verify_v0_4.rs, tests/credentials_v0_4.rs, tests/membership_index_v0_4.rs, tests/k_preserving_v0_4.rs), and the independent Python math-oracle suite across three files (theory/encryption/validation/validation_tests_v0_3.py + validation_tests_fhe_pq_rigor.py + validation_tests_v0_4_sprint_n.py). Anyone can clone, run cargo test && python validation_tests_*.py, and reproduce every shipped number from a clean checkout.

Start Here

Ship on GIGI.

GIGI is the geometric database engine that powers every product in the Davis Geometric stack. Licensing and pilots welcome.

Contact for Licensing → All Products → Research Papers →

Patent Notice: GIGI, the Geometric Intrinsic Global Index, and its gauge-invariant encryption are covered by U.S. Provisional Patent Applications filed 2025–2026. Contact bee_davis@alumni.brown.edu for licensing inquiries.

Run SQL on the
encrypted bundle.

How RSA, SHA-256, OPE, FHE, Kyber do it — and where GIGI changes the shape.

From engine primitive to full cryptographic stack.

What gauge invariance means.

Point the query. Watch the time.

Encrypt the data. Compute on ciphertext. Decrypt only the answer.

Two bundles. Same invariants. Different coordinates.

Every field type. Every invariant. Forward secrecy.

Every feature. Every mechanism. Every number.

What GIGI Encrypt does. And where it composes.

Every term of art on this page, translated.

Geometric encryption, written down.

Geometric Encryption: Property-Preserving Database Encryption via Gauge Invariance on Fiber Bundles

Ship on GIGI.

Run SQL on theencrypted bundle.

How RSA, SHA-256, OPE, FHE, Kyber do it — and where GIGI changes the shape.

From engine primitive to full cryptographic stack.

What gauge invariance means.

Point the query. Watch the time.

Encrypt the data. Compute on ciphertext. Decrypt only the answer.

Two bundles. Same invariants. Different coordinates.

Every field type. Every invariant. Forward secrecy.

Every feature. Every mechanism. Every number.

What GIGI Encrypt does. And where it composes.

Every term of art on this page, translated.

Geometric encryption, written down.

Geometric Encryption: Property-Preserving Database Encryption via Gauge Invariance on Fiber Bundles

Ship on GIGI.

Run SQL on the
encrypted bundle.