Version: 1.0.0 (INTERNAL REVIEW โ no external audit) Date: 2026-02-22 Status: Production
Meow Decoder is an optical air-gap file transfer system that combines:
- Cryptography (AES-256-GCM, Argon2id, X25519, ML-KEM-768/1024 PQXDH hybrid)
- Error Correction (Luby Transform fountain codes โ Python + JavaScript)
- Visual Encoding (QR codes in GIF animations)
- Optical Transfer (screen โ camera with 33% frame loss tolerance)
- Mobile Capture (Meow Capture โ iOS/Android companion app for on-device scanning and export)
Meow Capture is a secure offline QR capture companion app for air-gapped file transfer. It is the recommended way to use a phone as the receiving device.
๐ฅ Download: Meow Capture v3.2.2 APK (Android) โ sideload on Android, iOS & store listings coming soon.
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ MEOW CAPTURE (React Native) โ
โ A secure offline QR capture companion app โ
โ for air-gapped file transfer โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Camera (VisionCamera v4)
โ MLKit / AVFoundation QR decode (on-device)
โผ
useQRScanner hook โโโ dedup + fountain droplet parse
โ
โผ
useSessionManager โโโ fountain auto-complete at 1.5ร threshold
โ
โผ
CaptureScreen
โโโ ProgressHUD โโโ confidence tier + safeToStop pill
โโโ CaptureCoachPanel โโโ decode-rate / shake / exposure hints
โโโ CameraPreview โโโ pinch zoom, exposure nudge
โ User taps "Confirm & Export"
โผ
Biometric gate (Face ID / fingerprint)
โ
โผ
jsonExporter โโโ chunked JSON โ Downloads/ + SHA-256
โ
โผ
ExportScreen โโโ SHA-256 display, ADB pull cmd, filename copy
Security invariants enforced by the app:
- No
INTERNETpermission (enforced by Android OS / iOS sandbox) - Frame payload strings wiped from JS heap on
AppStatebackground/inactive - Panic wipe via 3-second long-press (zeroes all session state)
FLAG_SECURE+ iOS snapshot overlay (no screenshots / task-switcher leak)- Biometric export gate before any file write
Integration with CLI pipeline:
# Desktop โ generate request
meow-encode -i secret.pdf -o secret.gif -p "password" --output-request request.json
# Phone โ scan GIF, export โ Downloads/meow-capture-<id>.json
# Desktop โ retrieve + decode
adb pull /sdcard/Download/meow-capture-<id>.json ./
meow-decode-gif -i meow-capture-<id>.json -p "password"
# Multi-device โ merge first
python -m meow_decoder.merge --input capture-a.json capture-b.json --output merged.json
meow-decode-gif -i merged.json -p "password"โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ MEOW DECODER โ
โ Air-Gap File Transfer System โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโ
โ SENDER โ โ OPTICAL โ โ RECEIVER โ
โ DEVICE โโโโโถโ CHANNEL โโโโโถโ DEVICE โ
โ โ โ (screen โ โ โ โ
โ encode.py โ โ camera) โ โ decode.py โ
โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโ
โ โ
โผ โผ
โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโ
โ secret.pdf โ โ secret.pdf โ
โ (plain) โ โ (plain) โ
โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโ
INPUT FILE (secret.pdf)
โ
โ 1. READ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ FILE BYTES (original_data) โ
โ Size: N bytes โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โ 2. COMPRESS (zlib level 9)
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ COMPRESSED DATA โ
โ Size: ~0.7N bytes (typical) โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โ 3. ENCRYPT (AES-256-GCM + Argon2id)
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ CIPHERTEXT โ
โ Size: ~0.7N bytes โ
โ + Nonce (12B) โ
โ + GCM Tag (16B) โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โ 4. FOUNTAIN ENCODE (Luby Transform)
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ FOUNTAIN DROPLETS (kibbles) โ
โ Count: K blocks ร 1.5 redundancy โ
โ (33% frame loss tolerance) โ
โ Each: block_size bytes โ
โ Format: seed + block_indices + XOR_data โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โ 5. QR ENCODE (per droplet)
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ QR CODE FRAMES (paw prints) โ
โ Count: K ร 1.5 frames โ
โ Each: 600ร600 pixels โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โ 6. GIF CREATION
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ ANIMATED GIF (yarn ball) โ
โ Frames: K ร 1.5 โ
โ FPS: 10 โ
โ Size: ~10 MB (for 1 MB input) โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โ 7. DISPLAY (optical transfer)
โผ
OUTPUT GIF (secret.gif)
INPUT GIF (secret.gif)
โ
โ 1. GIF PARSE
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ GIF FRAMES (extracted) โ
โ Count: K ร 1.5 frames โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โ 2. QR DECODE (each frame)
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ QR DATA (droplets) โ
โ Frame 0: Manifest (collar tag) โ
โ Frame 1+: Fountain droplets โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โ 3. FOUNTAIN DECODE (belief propagation)
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ RECONSTRUCTED CIPHERTEXT โ
โ Size: ~0.7N bytes โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โ 4. DECRYPT (AES-256-GCM + verify HMAC)
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ COMPRESSED DATA โ
โ Size: ~0.7N bytes โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โ 5. DECOMPRESS (zlib)
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ ORIGINAL DATA โ
โ Size: N bytes โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โ 6. VERIFY (SHA-256 check)
โผ
OUTPUT FILE (secret.pdf)
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ MEOW DECODER MODULES โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ โ
โ โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโ โ
โ โ CONFIG โ โ CRYPTO โ โ FOUNTAIN โ โ
โ โ โ โ โ โ โ โ
โ โ โข Settings โ โ โข AES-GCM โ โ โข Encoder โ โ
โ โ โข Presets โ โ โข Argon2id โ โ โข Decoder โ โ
โ โ โข Validate โ โ โข HMAC โ โ โข Soliton โ โ
โ โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโ โ
โ โ
โ โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโ โ
โ โ QR CODE โ โ GIF HANDLERโ โ CAT UTILS โ โ
โ โ โ โ โ โ โ โ
โ โ โข Generate โ โ โข Create โ โ โข Sounds โ โ
โ โ โข Read โ โ โข Parse โ โ โข Facts โ โ
โ โ โข Webcam โ โ โข Optimize โ โ โข Progress โ โ
โ โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโ โ
โ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ SECURITY ENHANCEMENTS โ โ
โ โ โ โ
โ โ โข Forward Secrecy (MEOW3) โ โ
โ โ โข Post-Quantum (MEOW5/MEOW4) โ โ
โ โ โข Steganography (Ninja Cat + Phase 1) โ โ
โ โ โข Streaming Crypto (Prowling) โ โ
โ โ โข Resume Support โ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ USER INTERFACES โ โ
โ โ โ โ
โ โ โข encode.py (CLI encoder) โ โ
โ โ โข decode_gif.py (CLI decoder + --tamper-report)โ โ
โ โ โข decode_webcam.py (webcam capture) โ โ
โ โ โข meow_dashboard.py (GUI) โ โ
โ โ โข Meow Capture (iOS/Android companion app) โ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ SUPPORT MODULES โ โ
โ โ โ โ
โ โ โข canonical_aad.py (deterministic AAD) โ โ
โ โ โข tamper_report.py (frame MAC timeline) โ โ
โ โ โข merge.py (multi-device capture merge CLI) โ โ
โ โ โข mobile/bridge/protocol.py (CLI phone bridge)โ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ SECURITY ONION โ
โ (Defense in Depth - 7 Layers) โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Layer 7: Air-Gap (optical transfer, no network)
โ
Layer 6: Steganography (optional, hides presence โ APNG for lossless stego)
โ
Layer 5: Per-Frame Ratchet (MSR v1.2: header encryption, key commitment, forward secrecy)
โ
Layer 4: Encryption (AES-256-GCM)
โ
Layer 3: Authentication (HMAC-SHA256)
โ
Layer 2: KDF (Argon2id, memory-hard)
โ
Layer 1: Strong Password + Optional Keyfile (2FA)
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Attack Surface: Minimal (endpoint only) โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
All secret-handling cryptographic operations are implemented in the Rust crypto_core/ crate and exposed to Python via PyO3 bindings (meow_crypto_rs module).
- Constant-time operations: The
subtlecrate provides timing-safe comparisons - Secure zeroing: The
zeroizecrate guarantees secrets are wiped from memory - Memory safety: No buffer overflows or use-after-free vulnerabilities
- Performance: Native-speed crypto without Python GIL overhead
Moving cryptographic primitives from Python (cryptography library) to Rust (meow_crypto_rs) does not upgrade the underlying algorithms. The math stays exactly the same:
- AES-256-GCM is still 256-bit secure.
- X25519 is still Curve25519 Diffie-Hellman.
- HKDF-SHA256 is still RFC 5869.
- Argon2id is still the same memory-hard KDF with the same parameters.
- ML-KEM-768/1024 is still the same post-quantum KEM.
- The ratchet math, transcript binding, and post-quantum assumptions are unchanged.
What it improves is the implementation layer โ the code that handles secrets at runtime. In real-world systems, implementation failures (memory leaks, timing side-channels, silent fallbacks) are far more common than broken mathematical primitives. The Rust migration hardens precisely the layer where most real bugs happen.
Before (Python): Secrets live in garbage-collected objects. Python's GC makes no guarantee about when โ or whether โ sensitive bytes are zeroed. Copies may linger in memory across heap allocations, and secrets can be accidentally logged or serialized.
After (Rust): The zeroize crate provides Zeroize on Drop โ secrets are deterministically wiped when they leave scope. Rust's ownership model prevents accidental copies, gives the developer controlled secret lifecycles, and eliminates an entire class of memory-inspection risks.
This reduces: secret retention risk, key leakage through memory dumps, accidental logging of sensitive material.
Before: Cryptographic operations were mixed with protocol orchestration in the same Python modules. Python code touched raw key material directly, making it harder to audit which code paths handle secrets.
After: Python handles orchestration only (manifest parsing, fountain coding, QR generation). Rust handles the cryptographic boundary (key derivation, encryption, signing, zeroing). This separation makes the architecture cleaner and makes both halves easier to audit independently.
Before (Python): Python offers limited constant-time guarantees. hmac.compare_digest() exists but reasoning about timing behavior across the interpreter, bytecode, and GC is difficult. Custom comparisons are nearly impossible to make genuinely constant-time in CPython.
After (Rust): The subtle crate provides explicit constant-time types (Choice, CtEq) with well-understood timing properties. Constant-time comparisons are enforced at the type level, not by convention. This narrows the timing-leak attack surface considerably.
The Rust crypto core (crypto_core/src/) is a deliberately small, tightly-scoped surface. It contains only primitive operations โ no protocol logic, no I/O, no user-facing code. This makes it:
- Easier for external reviewers to read in a single sitting
- Easier to verify ownership and data-flow properties
- Compatible with Rust-native formal verification tools (Verus, Kani)
- Backed by a well-audited crate ecosystem (
aes-gcm,argon2,x25519-dalek,hkdf)
Before: A misconfigured environment could silently fall back to a Python crypto path that lacked constant-time guarantees and memory zeroing โ with no indication to the user.
After: The Rust backend is required. If meow_crypto_rs is not available, the system fails closed with a clear error. CI enforces RUST_BACKEND_REQUIRED=1, and an AST-based import scanner blocks from cryptography in all production modules. There are no shadow crypto paths, no partial migrations, no "works locally but insecure in production" surprises.
| Before Rust Migration | After Rust Migration | |
|---|---|---|
| Protocol strength | Strong (AES-256-GCM, Argon2id, X25519, ML-KEM) | Identical โ no algorithm changes |
| Implementation risk | Moderate (Python secret handling, GC, timing) | Lower (Rust ownership, zeroize, subtle) |
| Crypto boundary | Blurred (Python touches secrets) | Clean (Rust = secrets, Python = orchestration) |
| Fallback behavior | Silent Python fallback possible | Fail-closed, CI-enforced |
| Auditability | Harder (crypto spread across Python modules) | Easier (compact Rust core) |
This is not increasing cryptographic strength. It is increasing implementation security, operational robustness, secret hygiene, side-channel discipline, and architectural integrity. That is a meaningful upgrade.
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ meow_crypto_rs Module โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ โ
โ Key Derivation: Symmetric Crypto: Hashing: โ
โ โโ derive_key_argon2id โโ aes_gcm_encrypt โโ sha256 โ
โ โโ derive_key_hkdf โโ aes_gcm_decrypt โโ hmac_sha256 โ
โ โโ hkdf_extract โโ aes_ctr_crypt โโ hmac_verify โ
โ โโ hkdf_expand โ
โ โ
โ Key Exchange: Utilities: Post-Quantum: โ
โ โโ x25519_generate โโ constant_time_cmp โโ mlkem768_* โ
โ โโ x25519_exchange โโ secure_zero โโ mlkem1024_* โ
โ โโ x25519_pub_from_priv โโ secure_random โ
โ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
RUST_BACKEND_REQUIRED=1environment gate โ CI fails if Rust backend unavailable- AST-based import scanner blocks
from cryptographyin production modules - Golden vector regression tests verify Python/Rust output parity
All production meow_decoder/*.py modules route crypto through crypto_backend.CryptoBackend() (Rust).
No production module imports cryptography at module level or runtime.
Non-production / legacy modules (exempt from enforcement):
| Module | Status | Reason |
|---|---|---|
crypto_DEBUG.py |
Debug-only | Verbose logging variant, not imported by production |
pq_crypto_real.py |
Dead code | raise RuntimeError before imports; kept for audit trail |
pq_signatures.py |
Experimental | Ed25519 not yet in Rust backend; _PQ_EXPERIMENTAL = True |
x25519_forward_secrecy.py |
Legacy PEM fallback | New keys use MEOW_X25519 format via Rust; legacy PEM path imports cryptography only when loading old-format keys |
spec_v12/ |
Reference spec | Not imported by production entrypoints |
Meow Decoder's codebase is organized into five strict layers. These boundaries exist to prevent refactors, AI-assisted edits, or well-meaning contributions from flattening the project's personality, renaming cryptographic primitives, altering protocol invariants, or reintroducing Python cryptography imports into production code.
Every module in the project belongs to exactly one layer. Code in a given layer may call downward (Layer 4 โ Layer 3 โ Layer 2 โ Layer 1) but never upward.
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Layer 5 โ Demos / Documentation / Branding โ
โ examples/, docs/, README.md, assets/, Jupyter notebooks โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ Layer 4 โ Themed Faรงade API (Cat Personality) โ
โ meow_encode.py, cat_utils.py, cat_errors.py, โ
โ meow_gui_enhanced.py, gui_logo_example.py, logo_eyes.py โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ Layer 3 โ Protocol Orchestration โ
โ crypto.py, encode.py, decode_gif.py, ratchet.py, โ
โ forward_secrecy.py, fountain.py, pq_hybrid.py, โ
โ schrodinger_encode.py, quantum_mixer.py, frame_mac.py โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ Layer 2 โ crypto_backend (Python โ Rust Bridge) โ
โ crypto_backend.py โ CryptoBackend() โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ Layer 1 โ crypto_core (Rust) โ
โ crypto_core/src/ โ meow_crypto_rs (PyO3) โ
โ pure_crypto.rs, aead_wrapper.rs, nonce.rs, lib.rs โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Location: crypto_core/src/
Pure cryptographic primitives only: AES-256-GCM, Argon2id, HKDF-SHA256, X25519, SHA-256, HMAC-SHA256, ML-KEM-768/1024. Built with the subtle crate (constant-time) and zeroize crate (memory zeroing).
Rules:
- No humor in function names. Identifiers are cryptographic domain terms (
aes_gcm_encrypt,hkdf_expand,x25519_exchange). - No renaming of domain separation labels. Strings like
"meow_pqxdh_v1","meow-fs-block","meow-ratchet-chain"are protocol constants bound in formal proofs and test vectors. - No playful identifiers inside primitive logic.
- Zero jokes below this layer. External auditors read this code.
Location: meow_decoder/crypto_backend.py
A thin wrapper that exposes Rust primitives to Python via the CryptoBackend class and get_default_backend() factory.
Rules:
- Thin wrapper only โ each method delegates directly to
meow_crypto_rs. No multi-step crypto logic. - No business logic. Protocol decisions belong in Layer 3.
- No
cryptographylibrary imports. The Pythoncryptographypackage is permanently banned from this module and all production modules. - Stable primitive names. Method names (
derive_key_argon2id,aes_gcm_encrypt,x25519_generate_keypair, etc.) are the API contract.
Location: meow_decoder/crypto.py, encode.py, decode_gif.py, ratchet.py, forward_secrecy.py, fountain.py, pq_hybrid.py, schrodinger_encode.py, quantum_mixer.py, frame_mac.py, double_ratchet.py, and related modules.
Protocol logic that composes Layer 2 primitives into the MEOW protocol: manifest packing (MEOW2โMEOW5), AAD construction, fountain coding, symmetric ratchet (MSR v1.2), PQXDH key exchange, Schrรถdinger mode, QR/GIF encoding.
Rules:
- All crypto calls go through
CryptoBackend(). Never import raw primitives. - No renaming of protocol invariants โ manifest magic bytes, mode bytes, domain separation strings, struct layouts, and AAD field ordering are frozen.
- Light comments are fine, but do not rename variables that track protocol state (
chain_key,message_key,ephemeral_public_key,pq_ciphertext). - Fail-closed on all MAC verification (
ValueErroron failure, never silently disable). - Constant-time comparisons for all authentication checks.
Location: meow_decoder/meow_encode.py, cat_utils.py, cat_errors.py, meow_gui_enhanced.py, gui_logo_example.py, logo_eyes.py, ascii_qr.py, and similar user-facing wrappers.
Playful, cat-themed wrappers around Layer 3 operations. CollarTag for manifests, CatError for exceptions, themed progress messages, GUI skins with cat imagery, CLI names like meow-encode.
Rules:
- Safe to introduce playful wrapper names (
whisker_check(),purr_progress(), etc.). - Must call Layer 2/3 functions internally. Personality is a naming layer, not a reimplementation.
- Must not alter semantics โ no changing encryption parameters, skipping verification, or adding new cryptographic behavior.
- No "fun encryption" or "cat cipher" โ only delegate to established primitives.
Location: examples/, docs/, README.md, QUICKSTART.md, assets/, Jupyter notebooks, HTML demos.
Everything that helps humans understand and enjoy the project: example scripts, browser demos, JavaScript fountain codes, cat imagery, markdown documentation.
Rules:
- Fully allowed to be playful โ cat puns, emoji, personality, creative writing all welcome.
- Must not contradict the protocol spec. Playful framing is fine; incorrect security claims are not.
- Demo code may use simplified patterns but must not demonstrate insecure usage without explicit warnings.
The following invariants are load-bearing. Violating any one of them constitutes a security regression, not a style preference.
| Invariant | Why It Exists | How It Is Enforced |
|---|---|---|
No from cryptography in production modules |
Rust backend provides constant-time operations and memory zeroing that Python cryptography cannot guarantee |
AST-based import scanner (tests/test_crypto_enforcement.py); CI gate RUST_BACKEND_REQUIRED=1 |
| Manifest magic bytes and mode bytes are frozen | MEOW2=0x02, MEOW3=0x03, MEOW4=0x04, MEOW5=0x05, duress=|0x80 โ changing them breaks all existing encoded files |
Golden vector tests (tests/test_golden_vectors.py) |
| Domain separation strings are immutable | "meow_pqxdh_v1", "meow-fs-block", "meow-ratchet-chain", etc. are bound in formal proofs and interop test vectors |
verify_domain_separation.sh; formal model checks |
| AAD field ordering is fixed | orig_len โ comp_len โ salt โ sha256 โ magic โ ephemeral_pub โ pq_ciphertext โ reordering silently breaks authentication |
Tamper detection tests (tests/test_security.py) |
| HMAC-then-use for manifests | Manifest HMAC must be verified before any field is trusted; skipping this enables oracle attacks | Adversarial tests (tests/test_adversarial.py) |
| Fail-closed MAC verification | ValueError on invalid MAC; silent MAC bypass is a critical vulnerability |
Unit tests assert ValueError is raised, never caught |
| Argon2id production parameters | 512 MiB memory, 20 iterations, 4 threads โ lowering them weakens brute-force resistance | Config tests; MEOW_TEST_MODE flag for CI only |
| Nonce uniqueness | LRU cache (10K cap) + HKDF-derived synthetic IV + Rust CAS loop (prevents u64 counter wrap) | Nonce reuse guard tests |
| Fountain code frame format | FOUNTAIN:<k>:<block_size>:<length>:<droplet_b64> โ changing this breaks Python โ JavaScript interop |
Interop tests across both implementations |
| Rust primitive function names | aes_gcm_encrypt, derive_key_hkdf, x25519_exchange, etc. โ renaming them breaks every Layer 3 module |
Layer 2 API contract; compilation and import tests |
- Do not rename Layer 1 or Layer 2 function signatures without updating every call site, every test, and every formal proof.
- Do not add new cryptographic algorithms to Layer 4 or Layer 5. All crypto lives in Layer 1; orchestration lives in Layer 3.
- Do not weaken Argon2id parameters, MAC verification, or AAD bindings for convenience, performance, or "simplicity."
- Do not bypass the
CryptoBackend()abstraction. If a module needs a cryptographic operation, it calls Layer 2.
Meow Decoder's cat-themed identity is part of the project, but it must not leak into security-critical code. The table below defines where personality is safe and where it is forbidden.
| Layer | Personality Level | What Is OK | What Is Not OK |
|---|---|---|---|
| Layer 1 (Rust primitives) | None | aes_gcm_encrypt, hkdf_expand |
paws_encrypt, meow_hkdf |
| Layer 2 (crypto_backend) | None | CryptoBackend.derive_key_argon2id |
CatCryptoBackend.scratch_key |
| Layer 3 (protocol orchestration) | Minimal | Conversational code comments; technical names (pack_manifest, ratchet_step) |
Replacing HMAC-SHA256 with whisker-hash in protocol code |
| Layer 4 (themed faรงade) | Full | CollarTag, CatError, purr_progress() โ but must delegate to Layers 2/3 |
Implementing a custom cipher, skipping MAC checks |
| Layer 5 (demos/docs) | Full | Cat art, emoji, playful tutorials, meow-encode CLI name |
Documenting incorrect security properties |
- Layer 4 wrapper:
class CollarTagthat internally callspack_manifest()/unpack_manifest() - Layer 4 error:
class CatError(Exception)with a friendly message wrapping a rawValueError - Layer 5 docs: "Your secret file is now wearing its invisible collar!"
- Layer 5 CLI:
meow-encodeas the user-facing command (delegates toencode.py)
- Renaming
aes_gcm_encryptโcat_encryptin Layer 1 or 2 - Adding
meow_prefix to Rust function names inpure_crypto.rs - Using cat puns in domain separation strings (
"meow-purr-chain"instead of"meow-ratchet-chain") - Creating a
FunCipherclass that implements novel crypto in Layer 4 - Replacing protocol variable names (
chain_keyโyarn_key) in Layer 3
PASSWORD + SALT
โ
โ Argon2id (512 MiB, 20 iter)
โผ
256-bit MASTER KEY
โ
โโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโ
โ โ โ
โผ โผ โผ
AES-256-GCM HMAC Key (unused)
Encryption (manifest
auth)
PASSWORD + SALT
โ
โ Argon2id
โผ
MASTER KEY
โ
โ HKDF
โผ
INITIAL CHAIN KEY
โ
โโโโถ Block 0 Key โโโถ Encrypt Block 0
โ โ
โ โ HKDF (ratchet)
โ โผ
โโโโถ Block 1 Key โโโถ Encrypt Block 1
โ โ
โ โ HKDF (ratchet)
โ โผ
โโโโถ Block 2 Key โโโถ Encrypt Block 2
...
(Each block key is independent!)
PASSWORD + SALT
โ
โ Argon2id
โผ
MASTER KEY
โ
โโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโ
โ โ โ
โผ โผ โผ
Generate Generate Generate
X25519 ML-KEM-768 (MEOW5) HKDF Keys
Keypair ML-KEM-1024 (MEOW4)
โ โ
โ ECDH โ KEM Encap
โผ โผ
Classical Quantum
Shared (32B) Shared (32B)
โ โ
โโโโโโโโโฌโโโโโโโโ
โ PQXDH Two-Step HKDF
โ
โ 1. PRK = HMAC-SHA256(0x00*32, classical_ss || pq_ss)
โ 2. transcript = SHA256(domain || eph_pub || recv_cls_pub || recv_pq_pub || pq_ct)
โ 3. key = HKDF-Expand(PRK, "meow_pqxdh_v1" || transcript, 32)
โผ
HYBRID SHARED SECRET
โ
โผ
AES-256-GCM Key
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ LUBY TRANSFORM FOUNTAIN โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
ENCODING:
Input Data (N bytes)
โ
โ Split into K blocks
โผ
โโโโโโฌโโโโโฌโโโโโฌโโโโโฌโโโโโฌโโโโโ
โ B0 โ B1 โ B2 โ B3 โ B4 โ B5 โ K blocks
โโโโโโดโโโโโดโโโโโดโโโโโดโโโโโดโโโโโ
โ โ โ โ โ โ
โโโโฌโโดโโโฌโโดโโโฌโโดโโโฌโโดโโโฌโโ
โ โ โ โ โ
โ Robust Soliton Distribution
โ (determines degree d)
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ SELECT d random blocks โ
โ XOR them together โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โผ
DROPLET (can reconstruct infinite!)
DECODING (Belief Propagation):
Collect droplets until K blocks solved
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ DEGREE 1 DROPLETS โ
โ (single block) โ
โ โ Immediately solved! โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ DEGREE 2+ DROPLETS โ
โ (multiple blocks) โ
โ โ XOR out solved blocks โ
โ โ May become degree 1 โ
โ โ Cascade solving! โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โผ
ALL K BLOCKS SOLVED โ SUCCESS!
The fountain code implementation is available in both Python (CLI) and JavaScript (web demo):
File: examples/fountain-codes.js (414 lines)
Classes:
FountainEncoder: Generate droplets from source dataFountainDecoder: Reconstruct via belief propagationDroplet: Serialization (pack/unpack for QR transmission)RobustSolitonDistribution: Optimal degree samplingSeededRandom: Deterministic PRNG (reproducible block selection)
Integration Points:
[ENCODING - wasm_browser_example.html]
User encrypts large file (>2500 bytes)
โ
FountainEncoder(payloadBytes, kBlocks, blockSize)
โ
Generate kร1.5 droplets (50% redundancy)
โ
Each droplet โ Pack to bytes โ Base64 โ QR frame
Frame format: FOUNTAIN:<k>:<block_size>:<length>:<droplet_b64>
โ
Animated QR cycling through droplet frames
[DECODING - webcam scanner]
Point camera at animated QR
โ
jsQR detects frame: "FOUNTAIN:5:600:2847:AAB..."
โ
Parse metadata, initialize FountainDecoder(5, 600, 2847)
โ
Droplet.unpack(base64ToBytes(droplet_b64), 600)
โ
decoder.addDroplet(droplet) โ belief propagation
โ
Progress: "Collecting: 8 scanned, 80% decoded (4/5 blocks)"
โ
decoder.isComplete() โ true
โ
recovered = decoder.getData(originalLength)
โ
Decrypt with password โ Original file!
Frame Loss Tolerance:
- 33% loss: With 1.5ร redundancy (k โ 1.5k droplets), can lose 33% of frames
- Automatic retry: Keep scanning until enough droplets collected
- Visual progress: Real-time feedback shows decode percentage
Performance:
- Encoding: ~10ms for typical payloads (1000 blocks)
- Decoding: O(n ร k) belief propagation, runs in real-time
- Memory: O(k ร block_size) - stores only decoded blocks
See the MEOW5/MEOW4 PQXDH section and the fountain coding implementation in meow_decoder/fountain.py for full technical details.
โโโโโโโโโโโโโโโโ
โ encode.py โ
โโโโโโโโฌโโโโโโโโ
โ
โโโโถ config.py (load settings)
โโโโถ crypto.py (encrypt)
โโโโถ fountain.py (encode)
โโโโถ qr_code.py (generate QR)
โโโโถ gif_handler.py (create GIF)
โโโโถ cat_utils.py (fun features)
โโโโโโโโโโโโโโโโ
โ decode_gif.pyโ
โโโโโโโโฌโโโโโโโโ
โ
โโโโถ config.py (load settings)
โโโโถ crypto.py (decrypt)
โโโโถ fountain.py (decode)
โโโโถ qr_code.py (read QR)
โโโโถ gif_handler.py (parse GIF)
โโโโถ cat_utils.py (fun features)
โโโโโโโโโโโโโโโโโโโโโ
โ meow_dashboard.py โ (GUI)
โโโโโโโโโโฌโโโโโโโโโโโ
โ
โโโโถ dearpygui (UI framework)
โโโโถ encode.py (background threads)
โโโโถ decode_gif.py (background threads)
โโโโถ cat_utils.py (progress, sounds)
SECURITY MODULES (optional):
โโโโถ forward_secrecy.py (MEOW3)
โโโโถ pq_hybrid.py (MEOW5/MEOW4, primary PQ module โ PQXDH transcript binding)
โโโโถ pq_crypto_real.py (DEPRECATED โ use pq_hybrid.py)
โโโโถ ninja_cat_ultra.py (steganography)
โโโโถ prowling_mode.py (low-memory)
โโโโถ resume_secured.py (resume support)
OS-LEVEL HARDENING (Phases 1โ4, 2026-02-22):
โโโโถ memory_guard.py (mlockall, RLIMIT_CORE=0, PR_SET_DUMPABLE, MADV_DONTDUMP)
โโโโถ constant_time.py (secure_zero_memory, SecureBuffer, mlock lifecycle)
โโโโถ forensic_cleanup.py (thumbnails, clipboard, shell history, temp files)
โโโโถ secure_temp.py (tmpfs enforcement, /dev/shm preferred)
โโโโถ timing_equalizer.py (constant wall-clock decode, CSPRNG jitter)
โโโโถ size_normalizer.py (fixed-size output padding, size classes)
โโโโถ expiry.py (timed self-destruct, manifest expiry field)
โโโโถ source_cleanup.py (secure source deletion, TRIM hints)
โโโโถ decorrelation.py (inter-file parameter randomization)
โโโโถ secure_input.py (keystroke timing normalization)
โโโโถ air_gap.py (network/WiFi/Bluetooth/DNS air-gap checks)
โโโโถ crypto_core/src/secure_alloc.rs (Rust SecureBox: guard pages + mlock + DONTDUMP)
[IDLE]
โ
โ encode.py --input file.pdf
โผ
[READING FILE]
โ
โ Success
โผ
[COMPRESSING]
โ
โ zlib compress
โผ
[ENCRYPTING]
โ
โ AES-GCM encrypt
โผ
[FOUNTAIN ENCODING]
โ
โ Generate Kร1.5 droplets
โผ
[QR GENERATION]
โ
โ Create QR for each droplet
โผ
[GIF CREATION]
โ
โ Combine frames into GIF
โผ
[WRITING OUTPUT]
โ
โ Save secret.gif
โผ
[COMPLETE] โ
โ
โ (Optional: wipe source)
โผ
[DONE]
[IDLE]
โ
โ decode_gif.py --input secret.gif
โผ
[READING GIF]
โ
โ Parse frames
โผ
[QR DECODING]
โ
โ Frame 0 โ Manifest
โ Frame 1+ โ Droplets
โผ
[MANIFEST VALIDATION]
โ
โ Verify HMAC
โผ
[FOUNTAIN DECODING]
โ
โ Collect droplets
โ Belief propagation
โผ
[CHECKING COMPLETION]
โ
โโ All blocks solved? โโถ [DECRYPTING]
โ โ
โโ Need more? โโถ [QR DECODING]
(retry/continue)
[DECRYPTING]
โ
โ AES-GCM decrypt
โผ
[DECOMPRESSING]
โ
โ zlib decompress
โผ
[VERIFYING]
โ
โ Check SHA-256
โผ
[WRITING OUTPUT]
โ
โ Save secret.pdf
โผ
[COMPLETE] โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ TRUSTED ZONE โ
โ โ
โ โข User's computer (sender/receiver) โ
โ โข Python interpreter โ
โ โข Meow Decoder code โ
โ โข Cryptography libraries โ
โ โข User's memory/disk โ
โ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โ TRUST BOUNDARY
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ UNTRUSTED ZONE โ
โ โ
โ โข Optical channel (screen โ camera) โ
โ โข Anyone who can see the screen โ
โ โข Recorded video/photos โ
โ โข GIF file in transit โ
โ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
KEY INSIGHT:
Even if attacker controls UNTRUSTED zone, they
cannot decrypt without password (cryptography).
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ PERFORMANCE PROFILE โ
โ (1 MB input file, typical setup) โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
ENCODING BREAKDOWN:
โโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโฌโโโโโโโโโโโ
โ Phase โ Time โ % Total โ
โโโโโโโโโโโโโโโโโโผโโโโโโโโโโโผโโโโโโโโโโโค
โ Read file โ 0.1s โ 1% โ
โ Compress โ 1.2s โ 14% โ
โ Encrypt โ 0.3s โ 4% โ
โ Fountain โ 2.1s โ 25% โ
โ QR generation โ 4.2s โ 49% โ โ Bottleneck!
โ GIF creation โ 0.7s โ 8% โ
โโโโโโโโโโโโโโโโโโผโโโโโโโโโโโผโโโโโโโโโโโค
โ TOTAL โ 8.6s โ 100% โ
โโโโโโโโโโโโโโโโโโดโโโโโโโโโโโดโโโโโโโโโโโ
DECODING BREAKDOWN:
โโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโฌโโโโโโโโโโโ
โ Phase โ Time โ % Total โ
โโโโโโโโโโโโโโโโโโผโโโโโโโโโโโผโโโโโโโโโโโค
โ Read GIF โ 0.5s โ 12% โ
โ QR decode โ 2.1s โ 50% โ โ Bottleneck!
โ Fountain โ 0.8s โ 19% โ
โ Decrypt โ 0.3s โ 7% โ
โ Decompress โ 0.3s โ 7% โ
โ Verify SHA โ 0.2s โ 5% โ
โโโโโโโโโโโโโโโโโโผโโโโโโโโโโโผโโโโโโโโโโโค
โ TOTAL โ 4.2s โ 100% โ
โโโโโโโโโโโโโโโโโโดโโโโโโโโโโโดโโโโโโโโโโโ
MEMORY USAGE:
โโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโ
โ Mode โ Peak RAM โ
โโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโค
โ Normal encode โ ~200 MB โ
โ Normal decode โ ~150 MB โ
โ Prowling mode โ ~50 MB โ โ Low-memory!
โโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ ATTACK SURFACES โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
1. INPUT VALIDATION
โโ File paths [LOW RISK]
โโ Password input [MEDIUM RISK - weak passwords]
โโ Keyfile format [LOW RISK - validation in place]
โโ Config files [LOW RISK - JSON parsing]
2. CRYPTOGRAPHIC
โโ Key derivation [LOW RISK - uses Argon2id]
โโ Encryption [LOW RISK - uses cryptography lib]
โโ HMAC [LOW RISK - constant-time compare]
โโ Random generation [LOW RISK - uses secrets module]
3. DATA PROCESSING
โโ Compression [LOW RISK - zlib is mature]
โโ QR encoding [LOW RISK - qrcode lib]
โโ QR decoding [MEDIUM RISK - pyzbar can crash on bad data]
โโ GIF handling [MEDIUM RISK - Pillow has had vulns]
4. DEPENDENCIES
โโ Python stdlib [LOW RISK]
โโ meow_crypto_rs [LOW RISK - Rust crypto backend, constant-time]
โโ Pillow [MEDIUM RISK - monitor CVEs]
โโ opencv-python [MEDIUM RISK - C++ code]
โโ Third-party libs [MEDIUM RISK - supply chain]
5. SIDE CHANNELS
โโ Timing [LOW RISK - Rust `subtle` crate, constant-time]
โโ Power analysis [HIGH RISK - no mitigation]
โโ EM emissions [HIGH RISK - no mitigation]
โโ Cache timing [LOW RISK - Rust bitsliced AES]
6. OPERATIONAL
โโ Password entry [HIGH RISK - keyloggers]
โโ Screen recording [HIGH RISK - endpoint compromise]
โโ Memory forensics [MEDIUM RISK - key zeroing helps]
โโ Physical access [HIGH RISK - rubber-hose]
OVERALL RISK: MEDIUM
(Depends heavily on endpoint security and password strength)
Want to add new features? Here are the extension points:
# In crypto.py โ new manifest versions follow this pattern
# MEOW2 through MEOW5 are already implemented:
# MODE_MEOW2 = 0x02 (password-only)
# MODE_MEOW3 = 0x03 (X25519 forward secrecy)
# MODE_MEOW4 = 0x04 (ML-KEM-1024 + X25519, paranoid)
# MODE_MEOW5 = 0x05 (ML-KEM-768 + X25519, default PQ hybrid)
# Adding a new version requires updating pack_manifest/unpack_manifest# In ninja_cat_ultra.py
class SuperNinjaCat(NinjaCatUltra):
"""Even stealthier than ULTRA!"""
def apply_quantum_stego(self, frame):
# Your quantum stego code# In cat_utils.py
CAT_BREED_PRESETS[CatBreed.RAGDOLL] = {
"stego_palette": "fluffy-cream",
"success_message": "๐ป Ragdoll says: So soft, so secure!",
# Your preset
}# In meow_dashboard.py
def _create_statistics_tab(self):
"""Add a statistics/analytics tab."""
with dpg.tab(label="๐ Statistics"):
# Your tab UIThe crypto core is also available as a WebAssembly module for browser-based encryption:
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ BROWSER ENVIRONMENT โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ โ
โ โโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโ โ
โ โ Main Thread โ โ Web Worker โ โ Service โ โ
โ โ (UI) โ<โโ>โ (crypto-worker) โ โ Worker โ โ
โ โ โ โ โ โ (caching) โ โ
โ โ wasm_browser_ โ โ crypto_core.wasm โ โ sw.js โ โ
โ โ example.html โ โ + JS bindings โ โ โ โ
โ โโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโ โ
โ โ โ โ
โ โผ โผ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ WASM CRYPTO CORE โ โ
โ โ โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโโ โ โ
โ โ โ AES-256-GCM โ โ Argon2id KDF โ โ X25519 / ML-KEM โ โ โ
โ โ โ (AEAD) โ โ (64-512 MiB) โ โ (hybrid PQ) โ โ โ
โ โ โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโโ โ โ
โ โ Rust โ wasm-pack โ crypto_core.wasm โ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
| Feature | CLI (Python) | WASM Browser | Notes |
|---|---|---|---|
| AES-256-GCM | โ | โ | Identical AEAD |
| Argon2id | โ 512/20 | โ Configurable | Web: 4 security levels |
| X25519 | โ | โ | Forward secrecy |
| ML-KEM-1024 | โ | โ | Requires wasm-pq feature |
| Schrรถdinger Mode | โ | โ | Dual-secret deniability |
| Fountain Codes | โ | โ | Full support (Python CLI + JavaScript web demo) |
| Steganography | โ Level 1-5 | Canvas limitations | |
| Hardware Keys | โ | โ | WebAuthn planned |
# Standard build
make build-wasm
# With Post-Quantum ML-KEM-1024
wasm-pack build crypto_core --target web --release --features wasm-pq- Hissing (encryption) happens in
crypto.py๐ - Purring (decryption) also in
crypto.py๐ป - Kibbles (droplets) are dispensed by
fountain.py๐ - Paw Prints (QR codes) made by
qr_code.py๐พ - Yarn Balls (GIFs) created by
gif_handler.py๐งถ - Nine Lives (forward secrecy) in
forward_secrecy.py๐ฑ - Quantum Nine Lives (post-quantum) in
pq_hybrid.py๐ฎ (pq_crypto_real.py is deprecated) - Ninja Cat (steganography) in
ninja_cat_ultra.py๐ฅท - Prowling (low-memory) in
prowling_mode.py๐พ - Collar Tags (manifests) in all the above! ๐ท๏ธ
๐พ "The architecture is like a cat: elegant, mysterious, and always lands on its feet!" ๐บ
The multi-layer stego system (stego_multilayer.py) underwent a comprehensive 4-session audit
(see docs/STEGO_AUDIT_REPORT.md for full details).
| Metric | Result | Threshold |
|---|---|---|
| Artifacts tested | 43/43 PASS | โ |
| Unit tests | 252/252 PASS | โ |
| RS detection (max) | 0.048 | < 0.3 |
| Chiยฒ detection (max) | 0.000 | < 0.3 |
| SPA rate (max) | 0.015 | < 0.15 |
| PSNR (min) | 36.2 dB | > 30 dB |
| SSIM (min) | 0.9978 | > 0.99 |
| Bugs found & fixed | 11 | โ |
| STC algorithm | Viterbi trellis (Rust), rate 1/4, ~1s encode | โ |
Key changes from audit:
- Output format switched to APNG (lossless) โ GIF palette quantization destroys LSB data
- STC algorithm replaced: Gaussian elimination โ Viterbi trellis (50ร faster, 100% reliable)
- Round-trip decode fixed (sequential frame fill strategy)
- SPA reimplemented (Dumitrescu-Wu-Wang method)
Last Updated: 2026-02-25 Version: 1.0.0 (INTERNAL REVIEW โ no external audit) Status: Production