The Ariadne Protocol is our exploration of a different cryptographic model. The work began with an observation of primitives like the Lion transform, which use a static, hardcoded sequence of operations. This led us to ask: What if the cryptographic "program" wasn't a constant, but a dynamic, history-dependent variable?
Our first step was a "Cryptographic Virtual Machine" that took an explicit list of operations (a "Path"). This worked, but required sharing the Path object—an explicit dependency that needed to be managed.
The Ariadne Protocol is the maturation of that idea. It eliminates the explicit Path by making it implicit and emergent.
The core design is:
The Labyrinth: A large, deterministically-generated binary tree of cryptographic rounds.
The Thread: The secret path taken through the Labyrinth. This path is not stored or transmitted. It's rediscovered for each block of data by computing a keyed hash of the CVM's secret state and the public ciphertext chunk: hash(key, state, chunk).
This makes the cipher aperiodic: because the state ratchets forward after every block, the sequence of operations is guaranteed to never repeat. It also creates inherent tamper evidence—any modification to the ciphertext "snaps the thread" and turns subsequent output into noise.
This is experimental, unaudited alpha software. We are publishing it under CC0 because we believe foundational work like this should be an unrestricted public good.
Some further reading : https://netsec.ethz.ch/publications/papers/ariadne.pdf
it's generally seen as more secure and in cases more efficient.
> Ariadne enhances previous approaches to preserve communication privacy by introducing two novelties. First, the source route is encoded in a fixed size, sequentially encrypted vector of routing information elements, in which the elements' positions in the vector are pseudo-randomly permuted. Second, the temporary keys used to process the packets on the path are referenced using mutually known encrypted patterns. This avoids the use of an explicit key reference that could be used to de-anonymize the communications.
> Ariadne is efficient, using only highly efficient symmetric cryptographic primitives.
Your implementation is up to you really. As I see the OP's link, this is just an aperiodic implementation of the Ariadne protocol in Rust ?
To your original question on the benefits over a standard AEAD:
For stateless encryption, our `ariadne-etm` crate offers no major advantage. The core protocol, however, is a programmable, stateful cryptographic engine. This enables new protocol designs.
For example:
1. Smarter Transport Layers. The Labyrinth can be a public parameter derived from a server's key. This allows building in features like proof-of-work for DoS resistance or cryptographic watermarks for traitor-tracing directly into the transport layer.
2. Verifiable Stateful Computation. The architecture allows proving that a secret, stateful program was honestly executed over a verifiable duration. The program's execution path leaves an irreversible "scar" on a one-time-use Labyrinth, creating a commitment to the entire computational history.
The point isn't to replace AES. It's a new foundation for different kinds of cryptographic systems.