Pre-Obfuscation Layer (RFC-0011)

Lethean R&D Labs

RFC Cryptography Security Side-Channel

A pre-obfuscation layer that transforms plaintext before it reaches CPU encryption routines. Raw patterns never hit the hardware - defence-in-depth against side-channel attacks like timing analysis, power analysis, or electromagnetic emanation.

View on Forge Report issue

Features

Pre-Encryption Transform

Data is scrambled before reaching the encryption layer

CPU Pattern Hiding

Platform management (Intel ME, AMD PSP) never sees cleartext patterns

Reversible

All transformations are perfectly reversible given the same entropy

Minimal Overhead

Adds < 5% processing time to encryption operations

Installation

import "github.com/Snider/Enchantrix/pkg/sigil"

// Pre-obfuscation is built into ChaChaPolySigil
cipher := sigil.NewChaChaPolySigil(key)
encrypted := cipher.In(plaintext)  // Obfuscates then encrypts

Usage

Data Flow

Plaintext
    ↓ XOR with keystream derived from nonce
Obfuscated data (unpredictable patterns)
    ↓ Byte permutation
Permuted data
    ↓ ChaCha20-Poly1305 encryption
Ciphertext

CPU encryption instructions only see
randomised data, not plaintext patterns.

Design Goals

Reversibility: All transforms MUST be perfectly reversible
Determinism: Same entropy → identical results
Independence: Works with any underlying cipher
Zero security overhead: AEAD properties preserved

Quick Links

Repository Issues Pull Requests Releases

More from Lethean R&D Labs

View all projects →

Fancy helping out?

Spotted a bug? Got an idea? We'd love to hear from you.

Read the contributing guide →