Post-Alphabet-Dictionary Cryptography: Symbol Identity, Dictionary Distribution, and Cryptographic Structure

Alexey A. Nekludoff

ORCID: 0009-0002-7724-5762

DOI: 10.5281/zenodo.20823992

24 June 2026

Original language of the article: English

PDF
Canonical Version (Zenodo DOI):
Local Mirror (Astraverge.org):

Abstract

Modern cryptography and cryptanalysis normally assume that the analytical domain has already been established. Plaintext and ciphertext are treated as sequences of stable units drawn from identifiable alphabets, while recurrent units, object boundaries, and cross-session identities remain available for statistical and structural comparison.

This paper introduces Post-Alphabet-Dictionary Cryptography (PADC), a framework in which the formation of the observable alphabet, dictionary, statistical profile, and cryptographic-object structure becomes a controllable part of the encoding architecture. A source symbol or dictionary unit may be represented by multiple externally distinct code units, while observable frequencies and higher-order transitions may be shaped according to a selected artificial, uniform, technical, or language-like target process.

PADC distinguishes three levels of controlled non-equivalence: symbol identity, dictionary distribution, and cryptographic structure. Repeated source units need not preserve a stable external identity; the observable dictionary need not preserve the statistical organization of the source; and visible carrier segmentation need not determine the internal units of a cipher, hash, signature, or other cryptographic transformation.

The complete architecture is represented as

\[M \xrightarrow{F_{\Theta}} X \xrightarrow{E_{K}} Y \xrightarrow{R_{\Phi}} O,\]

where \(F_{\Theta}\) forms an alternative alphabet-dictionary representation and \(R_{\Phi}\) forms the externally observable carrier structure.

A central result is that one observable sequence may remain compatible with multiple mutually incompatible cryptographic-object reconstructions. The observer may therefore lack not only the key or the plaintext, but also a uniquely determined ciphertext object and ciphertext space in which conventional cryptanalysis could begin. Language Segment Encoding (LSEG) is identified as a concrete candidate for the representation function \(R_{\Phi}\) because it can preserve recoverable carrier segmentation while leaving higher-level cryptographic-object assembly dependent on a hidden structural state.

The framework is further extended across sessions. If each session forms a distinct observable alphabet and dictionary, observations from different sessions cannot be pooled into one statistical corpus until the adversary reconstructs the cross-session identification maps connecting their analytical units. More observations therefore do not automatically produce one larger statistical sample.

The resulting security objective is not the elimination of observable regularity, but the prevention of a unique unauthorized stabilization of the alphabet, dictionary, cross-session identity relations, and cryptographic-object structure required to interpret the observed stream. Successful compromise of one transformation reveals only an adjacent representation layer and does not necessarily recover the source message.

Keywords: post-alphabet cryptography; dictionary formation; cryptanalysis; statistical analysis; frequency shaping; non-canonical encoding; observable structure; LSEG; cryptographic architecture.

Introduction

Modern cryptography is usually formulated as a transformation between already established message spaces. A plaintext message is assumed to exist as a sequence of elements drawn from a defined alphabet, after which an encryption transformation produces a ciphertext represented in another defined alphabet. Cryptanalysis then attempts to recover the key, the plaintext, or some structural property of the transformation.

This conventional formulation can be represented as

\[\begin{equation} M \in \mathcal{A}*{P}^{*} \xrightarrow{,E*{K},} C \in \mathcal{A}_{C}^{*}, \end{equation}\]

where \(\mathcal{A}*{P}\) is the plaintext alphabet, \(\mathcal{A}*{C}\) is the ciphertext alphabet, and \(E_{K}\) is an encryption transformation determined by a key \(K\).

The formulation appears technically neutral. It nevertheless contains a strong epistemic assumption: the elementary units belonging to both message spaces are already sufficiently stable to be distinguished, compared, counted, and recombined. The alphabet is therefore not merely a notation used after the message has been discovered. It is a condition under which a message can become an object of analysis at all.

Previous work examined the boundary case in which a stable ciphertext alphabet fails to form for an external observer [1]. In that case, standard analytical operations such as frequency counting, pattern comparison, entropy estimation, and known-plaintext matching cease to possess a stable symbolic domain.

The present paper extends this argument from alphabet formation to dictionary formation.

A cryptanalyst does not operate only on isolated symbols. Statistical analysis may be performed on morphemes, words, word pairs, word triples, phrases, headers, protocol sequences, instruction patterns, and other persistent constructions. The relevant analytical object is therefore not only an alphabet but an extended dictionary of recurrent forms.

The dependence of alphabets on dictionaries and of messages on both was examined in Before Information: Languages, Dictionaries, Alphabets, and Messages [2]. The dynamics through which language constructions are coordinated, canonized, and separated into diverging dictionaries were considered in Dynamics of Linguistic Constructions: Coordination, Canonization, and Divergence of Dictionaries [3].

Building on these results, this paper introduces Post-Alphabet-Dictionary Cryptography (PADC). PADC does not assume that an external observer must receive a stable symbolic and lexical projection of the source message. Instead, the formation of the observable alphabet and dictionary is treated as a controllable component of encoding.

The central transformation is therefore not merely

\[\begin{equation} M \xrightarrow{,E_{K},} C, \end{equation}\]

but

\[\begin{equation} M \xrightarrow{,F_{\Theta},} X \xrightarrow{,E_{K},} Y \xrightarrow{,R_{\Phi},} O, \end{equation}\]

where:

  • \(F_{\Theta}\) forms an alternative alphabet-dictionary representation;

  • \(X\) is a message expressed in the alternative code dictionary;

  • \(E_{K}\) is a cryptographic transformation;

  • \(R_{\Phi}\) forms the externally observable representation;

  • \(O\) is the physical or digital sequence available to the external observer.

The observer does not obtain \(M\), \(X\), or \(Y\) directly. The observer obtains \(O\) and must reconstruct the transformations that connect the observable sequence to the source message.

The proposed framework distinguishes three levels:

  1. symbol identity;

  2. dictionary distribution;

  3. cryptographic structure.

These levels correspond to three different assumptions normally available to cryptanalysis:

\[\begin{aligned} \text{source symbol} &\leftrightarrow \text{observable symbol}, \\ \text{source dictionary} &\leftrightarrow \text{observable distribution}, \\ \text{cryptographic unit} &\leftrightarrow \text{observable segment}. \end{aligned}\]

PADC replaces these correspondences with controlled non-equivalence:

\[\begin{aligned} \text{source symbol} &\not\leftrightarrow \text{single observable symbol}, \\ \text{source dictionary} &\not\leftrightarrow \text{observable statistical profile}, \\ \text{cryptographic unit} &\not\leftrightarrow \text{observable segmentation}. \end{aligned}\]

The purpose is not to claim that physical observations cease to exist. An external observer necessarily receives variations, samples, bytes, or other measurement outputs. However, the alphabet of the measuring system must not be confused with the alphabet of the source. A radio telescope may produce a binary data stream without thereby establishing that the observed source contains binary symbols, a dictionary, a language, or a message.

Likewise, the existence of an observable byte stream does not imply that its bytes correspond directly to source symbols, dictionary units, cipher blocks, hash boundaries, or message structures.

The central thesis of this paper is therefore:

Cryptanalysis requires not only access to observable data, but also the stabilization of analytical units whose identity, distribution, and structural relations can be connected to the source message. PADC makes that stabilization a controllable part of the encoding architecture.

Alphabet and Dictionary as Conditions of Analysis

Alphabet

Let

\[\begin{equation} \mathcal{A} = {a_{1},a_{2},\ldots,a_{n}} \end{equation}\]

denote an alphabet of elementary units.

For an external observer, the alphabet is not established merely because physical variations exist. Alphabet formation requires that observations can be divided into stable equivalence classes:

\[\begin{equation} o_{i}\sim o_{j} \quad\Longleftrightarrow\quad o_{i}\text{ and }o_{j} \text{ are treated as occurrences of the same unit}. \end{equation}\]

Only after such equivalence classes have stabilized can the observer count occurrences, identify repetition, estimate frequencies, and construct higher-order sequences.

Extended dictionary

In this paper, a dictionary is not restricted to a list of conventional words. It is defined as a system of recurrent and stably recognizable composite units.

Let

\[\begin{equation} \mathcal{D} = \mathcal{D}*{1} \cup \mathcal{D}*{2} \cup \mathcal{D}_{3} \cup \cdots, \end{equation}\]

where:

  • \(\mathcal{D}*{1}\) contains morphemes, words, tokens, or other elementary dictionary units;

  • \(\mathcal{D}*{2}\) contains recurrent pairs of units;

  • \(\mathcal{D}_{3}\) contains recurrent triples;

  • higher-order sets contain persistent phrases, sequences, templates, or protocol constructions.

The statistical profile of the dictionary includes not only unigram probabilities

\[\begin{equation} P(w_{i}), \end{equation}\]

but also higher-order relations such as

\[\begin{equation} P(w_{i},w_{j}), \qquad P(w_{i},w_{j},w_{k}), \end{equation}\]

and conditional transitions

\[\begin{equation} P(w_{j}\mid w_{i}). \end{equation}\]

Consequently, the elimination of elementary-symbol frequency alone does not eliminate dictionary-level statistical regularity.

The hidden assumption

Cryptanalysis does not require that the alphabet and dictionary be known in advance. It requires that they can be stabilized from observations.

The conventional analytical chain is

\[\begin{aligned} \text{observations} &\rightarrow \text{recurrent units} \\ &\rightarrow \text{alphabet} \\ &\rightarrow \text{dictionary} \\ &\rightarrow \text{statistical model} \\ &\rightarrow \text{interpretation}. \end{aligned}\]

PADC intervenes before the final interpretation by controlling the formation of the recurrent units and their observable statistical relations.

Level I: Symbol Identity Diversification

Let \(a_{i}\in\mathcal{A}_{S}\) be a source symbol.

Canonical encoding normally assigns one stable code representation:

\[\begin{equation} a_{i}\mapsto c_{i}. \end{equation}\]

Repeated source symbols therefore produce repeated observable units:

\[\begin{equation} a_{i}=a_{j} \quad\Longrightarrow\quad c_{i}=c_{j}. \end{equation}\]

This preserves symbol identity across occurrences.

PADC replaces the canonical mapping with a family of admissible representations:

\[\begin{equation} a_{i} \mapsto C_{i} = {c_{i1},c_{i2},\ldots,c_{im_{i}}}. \end{equation}\]

A particular occurrence is encoded by selecting

\[\begin{equation} c_{ij}\in C_{i} \end{equation}\]

according to an encoding state, context, key, distribution, or selection rule.

Thus,

\[\begin{equation} a_{i}=a_{j} \centernot\Longrightarrow \operatorname{Enc}(a_{i}) = \operatorname{Enc}(a_{j}). \end{equation}\]

The source identity remains recoverable for the legitimate decoder because

\[\begin{equation} c_{ij}\in C_{i} \quad\Longrightarrow\quad \operatorname{Dec}(c_{ij})=a_{i}. \end{equation}\]

For the external observer, however, different representations need not stabilize as occurrences of one source unit.

This level was examined in detail in the earlier analysis of alphabet formation and the epistemic limits of cryptographic analysis [1].

Level II: Dictionary Distribution Shaping

From frequency elimination to distribution formation

Uniform frequency is the simplest special case of dictionary distribution shaping.

Let the source dictionary be

\[\begin{equation} \mathcal{D}*{S} = {w*{1},w_{2},\ldots,w_{n}} \end{equation}\]

with source distribution

\[\begin{equation} p_{i}=P_{S}(w_{i}). \end{equation}\]

Let the observable code dictionary be

\[\begin{equation} \mathcal{D}*{O} = {c*{1},c_{2},\ldots,c_{m}}. \end{equation}\]

Encoding is described by the conditional matrix

\[\begin{equation} T_{ij} = P(c_{j}\mid w_{i}), \end{equation}\]

subject to

\[\begin{equation} T_{ij}\geq 0, \qquad \sum_{j=1}^{m}T_{ij}=1. \end{equation}\]

The observable distribution is

\[\begin{equation} q_{j} = P_{O}(c_{j}) = \sum_{i=1}^{n}p_{i}T_{ij}. \end{equation}\]

In vector form,

\[\begin{equation} \mathbf{q} = \mathbf{p}T. \end{equation}\]

The encoding matrix \(T\) can be selected so that the observable distribution \(\mathbf{q}\) differs from the source distribution \(\mathbf{p}\).

Uniform shaping

The simplest target is a uniform observable distribution:

\[\begin{equation} q_{j} = \frac{1}{m}. \end{equation}\]

In this mode, all observable dictionary units occur with approximately equal frequency.

The natural lexical hierarchy of the source language is therefore not preserved in the observable stream.

Target-profile shaping

Uniformity is not the general objective. In the general PADC framework, the encoder may specify an arbitrary target distribution

\[\begin{equation} \mathbf{q}^{*} = \left( q_{1}^{*}, q_{2}^{*}, \ldots, q_{m}^{*} \right). \end{equation}\]

Whether the selected profile can be realized exactly depends on the admissible encoding class.

When the target profile is realizable by the conditional encoding matrix \(T\), it satisfies

\[\begin{equation} \mathbf{p}T = \mathbf{q}^{*}. \end{equation}\]

For a fixed-length, stateless, and disjoint mapping, the realizable target profiles are constrained by the probability mass assigned to the source equivalence classes. More general target profiles may require variable-length sequences, auxiliary units, context-dependent encoding, overlapping representations, or additional encoder and decoder state.

The target distribution may represent:

  • an artificial statistical profile;

  • a uniform distribution;

  • a technical corpus;

  • a natural-language corpus;

  • a selected genre;

  • a protocol or telemetry profile;

  • a deliberately misleading dictionary.

The observable stream may therefore possess clear, stable, and highly convincing statistics while those statistics remain unrelated to the source language.

The relevant condition is not

\[\begin{equation} P_{O}(c_{j})\text{ does not exist}, \end{equation}\]

but

\[\begin{equation} P_{O}(c_{j}) \not\Rightarrow P_{S}(w_{i}). \end{equation}\]

The observer receives a statistical structure, but the structure belongs to the encoding architecture rather than to the source dictionary.

Higher-order shaping

If only unigram frequencies are shaped, higher-order structures may remain available:

\[\begin{equation} P(c_{i},c_{j}), \qquad P(c_{i},c_{j},c_{k}). \end{equation}\]

The general PADC model therefore extends distribution shaping to recurrent sequences.

For an order-\(r\) dictionary model, the target condition becomes

\[\begin{equation} P_{O} \left( c_{t} \mid c_{t-r+1},\ldots,c_{t-1} \right) = Q_{r} \left( c_{t} \mid c_{t-r+1},\ldots,c_{t-1} \right), \end{equation}\]

where \(Q_{r}\) is a selected target transition model.

Thus, PADC may shape not only the frequency of individual code units but also the observable dynamics of the code dictionary.

Level III: Cryptographic Structure Decoupling

Observable and internal units

Conventional cryptographic representation often exposes units that correspond directly to the architecture of the transformation.

For a block cipher, the ciphertext is commonly represented as

\[\begin{equation} Y = B_{1}\Vert B_{2}\Vert\cdots\Vert B_{r}, \end{equation}\]

where the block boundaries and block size are externally recoverable.

Similar structural units may occur in:

  • stream-cipher synchronization intervals;

  • hash and digest boundaries;

  • message authentication codes;

  • digital signatures;

  • key containers;

  • protocol records;

  • serialized cryptographic objects.

The general structural assumption is

\[\begin{equation} \text{observable unit} \cong \text{cryptographic unit}. \end{equation}\]

PADC removes this assumption.

Structural representation layer

Let \(Y\) be the output of a cryptographic transformation. A representation layer \(R_{\Phi}\) maps it into the observable sequence \(O\):

\[\begin{equation} R_{\Phi}:Y\rightarrow O. \end{equation}\]

The mapping may divide internal units into fragments, reorder fragments, combine fragments from different units, insert auxiliary segments, and route fragments through different interpretation spaces.

The legitimate receiver applies

\[\begin{equation} R_{\Phi}^{-1}:O\rightarrow Y. \end{equation}\]

The external segmentation of \(O\) therefore need not reveal the internal segmentation of \(Y\):

\[\begin{equation} \operatorname{Seg}(O) \not\cong \operatorname{Struct}(Y). \end{equation}\]

LSEG as a structural carrier

Language Segment Encoding (LSEG) provides a natural carrier for such a representation layer because it separates visible stream segmentation from the interpretation of segment contents [4].

A basic LSEG segment has the form

\[\begin{equation} \texttt{0x00} \Vert \texttt{LANG\_ID} \Vert \texttt{DATA}. \end{equation}\]

The visible segment boundary identifies a region of data, while LANG_ID selects an interpreter. The internal meaning and composition of DATA are determined by the selected interpretation rule rather than by the visible segment boundary alone.

In a PADC architecture, fragments belonging to one cryptographic unit may be distributed across multiple LSEG segments, while one visible sequence of segments may contain fragments from multiple cryptographic units.

Therefore,

\[\begin{equation} \text{visible LSEG segment} \neq \text{cipher block}, \end{equation}\]

and, more generally,

\[\begin{equation} \text{visible segmentation} \neq \text{cryptographic structure}. \end{equation}\]

Block ciphers provide the clearest example because their fixed blocks produce particularly visible analytical units. However, structural decoupling is not restricted to block ciphers.

Layered PADC Architecture

The complete transformation can be represented as

\[\begin{equation} M \xrightarrow{,F_{\Theta},} X \xrightarrow{,E_{K},} Y \xrightarrow{,R_{\Phi},} O. \end{equation}\]

The legitimate receiver performs

\[\begin{equation} O \xrightarrow{,R_{\Phi}^{-1},} Y \xrightarrow{,E_{K}^{-1},} X \xrightarrow{,F_{\Theta}^{-1},} M. \end{equation}\]

The security architecture therefore contains at least three distinct inverse problems:

  1. reconstruction of the internal cryptographic structure;

  2. recovery or bypass of the cryptographic transformation;

  3. reconstruction of the source alphabet-dictionary.

Successful solution of one inverse problem does not automatically solve the others.

For example, suppose an attacker recovers the key \(K\) or otherwise inverts the cryptographic layer:

\[\begin{equation} E_{K}^{-1}(Y)=X. \end{equation}\]

The result \(X\) is not necessarily the source message \(M\). It is a message expressed in an alternative alphabet-dictionary.

The attacker must still reconstruct

\[\begin{equation} F_{\Theta}^{-1}:X\rightarrow M. \end{equation}\]

If the observable distribution of \(X\) was formed independently of the source language, conventional linguistic statistics do not directly provide that inverse mapping.

This yields the general principle

\[\begin{equation} \text{compromise of cryptographic transformation} \centernot\Longrightarrow \text{recovery of source language}. \end{equation}\]

Illustrative Encoding Case

This section provides a minimal example of the complete PADC transformation

\[\begin{equation} M \xrightarrow{,F_{\Theta},} X \xrightarrow{,E_{K},} Y \xrightarrow{,R_{\Phi},} O. \end{equation}\]

The purpose of the example is not to propose a production-ready cryptographic scheme. It demonstrates how symbol identity, dictionary distribution, and cryptographic structure may be modified at distinct architectural levels.

Source message and dictionary

Consider the source message

\[\begin{equation} M= (\mathrm{A},\mathrm{A},\mathrm{A}, \mathrm{B},\mathrm{B},\mathrm{C}). \end{equation}\]

Its source dictionary is

\[\begin{equation} \mathcal{D}_{S} = {\mathrm{A},\mathrm{B},\mathrm{C}}, \end{equation}\]

with empirical distribution

\[\begin{equation} \mathbf{p} = \left( \frac{3}{6}, \frac{2}{6}, \frac{1}{6} \right). \end{equation}\]

The source units therefore have visibly different frequencies:

\[\begin{equation} P_{S}(\mathrm{A}) > P_{S}(\mathrm{B}) > P_{S}(\mathrm{C}). \end{equation}\]

Alternative dictionary formation

Let the observable code dictionary be

\[\begin{equation} \mathcal{D}*{X} = {x*{1},x_{2},x_{3},x_{4},x_{5},x_{6}}. \end{equation}\]

The source units are assigned multiple admissible representations:

\[\begin{align} \mathrm{A} &\mapsto {x_{1},x_{2},x_{3}}, \ \mathrm{B} &\mapsto {x_{4},x_{5}}, \ \mathrm{C} &\mapsto {x_{6}}. \end{align}\]

The message may then be encoded as

\[\begin{equation} X= (x_{1},x_{2},x_{3},x_{4},x_{5},x_{6}). \end{equation}\]

Although the source message contains repeated units, the observable code sequence contains no repeated unit. Its empirical distribution is uniform:

\[\begin{equation} P_{X}(x_{j}) = \frac{1}{6}, \qquad j=1,\ldots,6. \end{equation}\]

The source frequency profile has therefore not been preserved:

\[\begin{equation} \mathbf{p} \neq \mathbf{q}, \end{equation}\]

where

\[\begin{equation} \mathbf{q} = \left( \frac{1}{6}, \frac{1}{6}, \frac{1}{6}, \frac{1}{6}, \frac{1}{6}, \frac{1}{6} \right). \end{equation}\]

The legitimate decoder retains the inverse class relation

\[\begin{align} {x_{1},x_{2},x_{3}} &\mapsto \mathrm{A}, \ {x_{4},x_{5}} &\mapsto \mathrm{B}, \ {x_{6}} &\mapsto \mathrm{C}. \end{align}\]

The observer, however, sees six apparently independent code units.

Target-profile formation

Uniformity is only the simplest case. Suppose that the encoder must produce a selected target distribution

\[\begin{equation} \mathbf{q}^{*} = (0.30,0.25,0.20,0.15,0.10). \end{equation}\]

Let

\[\begin{equation} T_{ij} = P(c_{j}\mid w_{i}) \end{equation}\]

be the conditional encoding matrix between source dictionary units \(w_{i}\) and observable units \(c_{j}\).

The matrix is selected subject to

\[\begin{equation} \sum_{j}T_{ij}=1 \end{equation}\]

and

\[\begin{equation} \mathbf{p}T = \mathbf{q}^{*}. \end{equation}\]

The resulting observable distribution is therefore determined by the encoding architecture rather than by the source language:

\[\begin{equation} P_{O}(c_{j}) = q_{j}^{*}. \end{equation}\]

The target profile may be uniform, artificial, or derived from a selected natural-language corpus. In the latter case, the observer may recover a stable and plausible statistical profile that nevertheless belongs to the code dictionary rather than to the source dictionary.

Numerical Example of Distribution Shaping

Consider a source dictionary with three units and empirical distribution

\[\begin{equation} \mathbf{p} = \left( \frac{1}{2}, \frac{1}{3}, \frac{1}{6} \right). \end{equation}\]

Let the observable code dictionary contain five units:

\[\begin{equation} \mathcal{D}*{O} = {c*{1},c_{2},c_{3},c_{4},c_{5}}. \end{equation}\]

Define the conditional encoding matrix

\[\begin{equation} T = \begin{pmatrix} \frac{3}{5} & \frac{2}{5} & 0 & 0 & 0 \\ 0 & 0 & \frac{3}{5} & \frac{2}{5} & 0 \\ 0 & 0 & 0 & 0 & 1 \end{pmatrix}. \end{equation}\]

Each row describes the distribution of observable representations available for one source unit. Thus,

\[\begin{aligned} w_{1} &\mapsto {c_{1},c_{2}}, \ w_{2} &\mapsto {c_{3},c_{4}}, \ w_{3} &\mapsto {c_{5}}. \end{aligned}\]

The observable distribution is

\[\begin{equation} \mathbf{q} = \mathbf{p}T. \end{equation}\]

Direct multiplication gives

\[\mathbf{q} = \mathbf{p}T = \left( \frac{1}{2}, \frac{1}{3}, \frac{1}{6} \right) \begin{pmatrix} \frac{3}{5} & \frac{2}{5} & 0 & 0 & 0 \\ 0 & 0 & \frac{3}{5} & \frac{2}{5} & 0 \\ 0 & 0 & 0 & 0 & 1 \end{pmatrix}.\]

\[\mathbf{q} = \left( \frac{3}{10}, \frac{1}{5}, \frac{1}{5}, \frac{2}{15}, \frac{1}{6} \right).\] Therefore,

\[\begin{equation} \mathbf{q} = \left( 0.30, 0.20, 0.20, 0.133\overline{3}, 0.166\overline{6} \right). \end{equation}\]

The observable profile differs from the source profile even though the mapping remains reversibly partitioned: each observable unit belongs to exactly one source equivalence class.

The example also shows that distribution shaping is not limited to uniformization. The encoder divides the probability mass of each source unit among several observable representations and thereby constructs a new statistical profile.

For disjoint reversible representation classes, the total probability mass assigned to the class of source unit \(w_i\) must satisfy

\[\begin{equation} \sum_{c_j\in C_i} q_j = p_i. \end{equation}\]

Consequently, not every arbitrary target vector can be produced by a single fixed-length, stateless, and disjoint mapping. More general target profiles may require one or more of the following mechanisms:

  • variable-length code sequences;

  • auxiliary or null dictionary units;

  • context-dependent encoding;

  • session state;

  • overlapping observable representations resolved through additional decoder state;

  • higher-order sequence shaping.

This distinction separates simple probability-mass redistribution from the more general problem of synthesizing an arbitrary observable dictionary process.

Cryptographic transformation

The alternative dictionary message \(X\) is then transformed by a conventional cryptographic operation:

\[\begin{equation} Y = E_{K}(X). \end{equation}\]

For illustration, suppose that \(Y\) consists of three internal units:

\[\begin{equation} Y= B_{1}\Vert B_{2}\Vert B_{3}. \end{equation}\]

A conventional representation would expose the sequence of these units directly. PADC introduces an additional representation layer.

Structural decoupling

Let each internal unit be divided into fragments:

\[\begin{align} B_{1} &= f_{11}\Vert f_{12}, \ B_{2} &= f_{21}\Vert f_{22}, \ B_{3} &= f_{31}\Vert f_{32}. \end{align}\]

The representation layer may emit the fragments in a different observable organization:

\[\begin{equation} O= ( f_{21}, f_{11}, f_{31}, f_{22}, f_{12}, f_{32} ). \end{equation}\]

An LSEG-based representation may further place these fragments in independently interpreted segments:

\[\begin{equation} \begin{aligned} O={}& \texttt{0x00}\Vert\ell_{4}\Vert f_{21} \Vert \texttt{0x00}\Vert\ell_{1}\Vert f_{11} \ &\Vert \texttt{0x00}\Vert\ell_{7}\Vert f_{31} \Vert \texttt{0x00}\Vert\ell_{2}\Vert f_{22} \ &\Vert \texttt{0x00}\Vert\ell_{5}\Vert f_{12} \Vert \texttt{0x00}\Vert\ell_{3}\Vert f_{32}. \end{aligned} \end{equation}\]

The visible segmentation remains valid, but it does not directly expose the internal sequence

\[\begin{equation} B_{1}\Vert B_{2}\Vert B_{3}. \end{equation}\]

The legitimate receiver applies the inverse representation rule

\[\begin{equation} R_{\Phi}^{-1}(O) = B_{1}\Vert B_{2}\Vert B_{3}, \end{equation}\]

then the inverse cryptographic transformation

\[\begin{equation} E_{K}^{-1}(Y)=X, \end{equation}\]

and finally the inverse dictionary mapping

\[\begin{equation} F_{\Theta}^{-1}(X)=M. \end{equation}\]

The example shows that the three layers protect different relations:

\[\begin{aligned} \text{source identity} &\not\leftrightarrow \text{observable identity},\\ \ \text{source frequency} &\not\leftrightarrow \text{observable frequency},\\ \ \text{internal unit} &\not\leftrightarrow \text{observable segment}. \end{aligned}\]

Recovery of one layer does not automatically invert the other two.

Weak Algorithms in a Layered Architecture

PADC does not alter the mathematical properties of an existing cipher or hash function. A short key remains short. A known collision remains a collision. A structurally weak transformation remains structurally weak.

However, the compromise of such a transformation need no longer be equivalent to compromise of the source message.

Consider

\[\begin{equation} C = \operatorname{DES}*{K} \left( F*{\Theta}(M) \right). \end{equation}\]

Exhaustive recovery of \(K\) reveals

\[\begin{equation} F_{\Theta}(M), \end{equation}\]

not necessarily \(M\).

Similarly, consider

\[\begin{equation} H = \operatorname{MD5} \left( F_{\Theta}(w) \right). \end{equation}\]

Recovery of an encoded preimage reveals a code-dictionary unit rather than necessarily revealing the source unit \(w\).

The claim is therefore not that PADC repairs the internal mathematics of DES or MD5. The claim is that algorithmic compromise ceases to be a sufficient condition for source-message recovery.

Observer, Measurement, and Structure

An observer necessarily receives physical or digital variations. Let

\[\begin{equation} O=(o_{1},o_{2},\ldots,o_{N}) \end{equation}\]

be an observed sequence.

The representation used by the measuring apparatus is not automatically the representation used by the source.

For example,

\[\begin{equation} s(t) \xrightarrow{\text{sampling}} (0,1,0,1,\ldots) \end{equation}\]

does not demonstrate that the observed source possesses a binary alphabet.

The binary sequence belongs initially to the measurement architecture.

The interpretive chain is instead

\[\begin{aligned} \text{physical variation} &\rightarrow \text{measurement representation} \\ &\rightarrow \text{candidate units} \\ &\rightarrow \text{candidate dictionary} \\ &\rightarrow \text{candidate structure}. \end{aligned}\]

PADC acts on the conditions under which this chain stabilizes.

The objective is not necessarily to remove every regularity from the observable sequence. A target statistical profile may itself be stable. The objective is to prevent a stable inference from observable regularity to the source alphabet, source dictionary, and cryptographic architecture.

Thus,

\[\begin{equation} \operatorname{Regularity}(O) \centernot\Longrightarrow \operatorname{Structure}(M). \end{equation}\]

Security as Architectural Non-Equivalence

Traditional analysis often evaluates an encryption algorithm as the principal unit of security.

PADC instead evaluates the complete architecture:

\[\begin{equation} \mathcal{S} = \left( F_{\Theta}, E_{K}, R_{\Phi} \right). \end{equation}\]

Security depends on the relations among:

  • the source language;

  • the source dictionary;

  • the alternative code dictionary;

  • the cryptographic transformation;

  • the structural representation;

  • the observer’s reconstruction model.

The central architectural property is non-equivalence:

\[\begin{equation} O \not\cong Y \not\cong X \not\cong M. \end{equation}\]

This does not mean that no mapping exists. The legitimate receiver must possess or reconstruct the required mappings.

It means that the mappings are not supplied merely by the observable organization of the transmitted stream.

The security objective can therefore be expressed as the preservation of decodability for the intended receiver together with the non-stabilization of a unique source reconstruction for an external observer.

Non-Given Representational Spaces and Cryptographic Reconstruction

Why PADC Is Not Merely an Encoding Layer

A natural objection to the proposed framework is that the complete PADC transformation

\[\begin{equation} M \xrightarrow{,F_{\Theta},} X \xrightarrow{,E_{K},} Y \xrightarrow{,R_{\Phi},} O \end{equation}\]

may be regarded as an ordinary composition of preprocessing, encryption, and postprocessing.

If all component transformations and representational spaces are known and stable, the objection is valid. One may define a composite transformation

\[\begin{equation} \widetilde{E}*{K} = R \circ E*{K} \circ F \end{equation}\]

and write

\[\begin{equation} O = \widetilde{E}_{K}(M). \end{equation}\]

Under these conditions, \(F\) and \(R\) are merely known encoding layers around a conventional cryptographic transformation. The message space, ciphertext space, elementary units, and object boundaries remain fixed and available to the adversary.

PADC addresses a different case.

The classical assumption of given spaces

A conventional cryptosystem is commonly defined over established message and ciphertext spaces:

\[\begin{equation} E_{K}: \mathcal{M} \rightarrow \mathcal{C}. \end{equation}\]

The adversary may not know the message or the key, but the analytical domain is already specified.

In particular, the adversary is assumed to know or to be able to identify:

  • what constitutes one ciphertext object;

  • which elementary units belong to the ciphertext alphabet;

  • where the boundaries of records, blocks, or messages occur;

  • which observations are instances of the same type of unit;

  • which mathematical operations are defined over those units.

The classical cryptanalytic problem can therefore be expressed as

\[\begin{equation} \text{given } c\in\mathcal{C}, \quad \text{recover or distinguish information about } m\in\mathcal{M}. \end{equation}\]

The ciphertext object \(c\) is assumed to have already been formed as an element of a known analytical space.

Non-given representational spaces

In PADC, the external observer initially receives only an observable sequence

\[\begin{equation} O=(o_{1},o_{2},\ldots,o_{N}). \end{equation}\]

The existence of this sequence does not by itself determine:

  • the source alphabet;

  • the alternative code alphabet;

  • the source dictionary;

  • the partition of observable units into source equivalence classes;

  • the boundaries of internal cryptographic units;

  • the ciphertext space over which the cryptographic transformation is defined.

The observer must first infer a mapping

\[\begin{equation} O \longrightarrow \widehat{Y}, \end{equation}\]

where \(\widehat{Y}\) is only a candidate reconstruction of the internal cryptographic representation.

The observable stream does not necessarily determine one unique ciphertext object:

\[\begin{equation} O \centernot\Longrightarrow Y. \end{equation}\]

More generally,

\[\begin{equation} O \centernot\Longrightarrow \mathcal{C}. \end{equation}\]

The external observer may therefore lack not only the key, but also the stable representational space in which the key-recovery problem would normally be formulated.

Formation of the analytical domain

The distinction between ordinary encoding and PADC lies in what the transformations \(F_{\Theta}\) and \(R_{\Phi}\) control.

In a conventional architecture, the transformations act on elements of already established spaces:

\[\begin{equation} F: \mathcal{M} \rightarrow \mathcal{X}, \end{equation}\]

\[\begin{equation} R: \mathcal{Y} \rightarrow \mathcal{O}, \end{equation}\]

where \(\mathcal{M}\), \(\mathcal{X}\), \(\mathcal{Y}\), and \(\mathcal{O}\) are known and stable.

In PADC, the parameters \(\Theta\) and \(\Phi\) participate in the formation of the observable analytical domain itself:

\[\begin{equation} \mathcal{D}*{\Theta}, \qquad \mathcal{C}*{\Theta,\Phi}, \qquad \operatorname{Struct}_{\Phi}(O). \end{equation}\]

Here:

  • \(\mathcal{D}*{\Theta}\) is the alternative dictionary induced by the active dictionary-formation state;

  • \(\mathcal{C}*{\Theta,\Phi}\) is the candidate ciphertext space induced by dictionary formation and structural representation;

  • \(\operatorname{Struct}_{\Phi}(O)\) is the internal organization reconstructed from the observable sequence.

The unknown state therefore does not merely select a function inside a fixed domain. It participates in determining which observable units, equivalence classes, and structural relations constitute the domain.

Multiple compatible cryptographic reconstructions

A single observable sequence may admit multiple candidate internal representations:

\[\begin{equation} O = R_{\Phi_{1}}(Y_{1}) = R_{\Phi_{2}}(Y_{2}) = \cdots = R_{\Phi_{r}}(Y_{r}). \end{equation}\]

The candidate objects \(Y_{1},Y_{2},\ldots,Y_{r}\) need not share the same segmentation or even belong to the same candidate ciphertext space:

\[\begin{equation} Y_{i} \in \mathcal{C}_{i}. \end{equation}\]

Consequently,

\[\begin{equation} \mathcal{C}*{1} \neq \mathcal{C}*{2} \neq \cdots \neq \mathcal{C}_{r} \end{equation}\]

may remain observationally compatible with the same sequence \(O\).

In this case, the adversary cannot begin with the classical question

\[\begin{equation} E_{K}^{-1}(c)=? \end{equation}\]

because the object \(c\) has not yet been uniquely identified.

The preceding problem is instead

\[\begin{equation} \text{Which candidate }Y_i \text{ constitutes the cryptographic object?} \end{equation}\]

Only after a representational hypothesis has stabilized does conventional cryptanalysis become applicable.

Constructive Non-Uniqueness of Cryptographic Reconstruction

The non-uniqueness of reconstruction must be distinguished from a merely alternative description of the same object.

To demonstrate genuine structural ambiguity, it is necessary to construct an observable sequence that is simultaneously valid under two mutually incompatible cryptographic object models.

Let

\[\begin{equation} O = 000000110011 \end{equation}\]

be a twelve-bit observable sequence.

Consider first the candidate cryptographic space \(\mathcal{C}_{1}\), whose elements are sequences of three four-bit blocks:

\[\begin{equation} Y_{1} = B_{1} \Vert B_{2} \Vert B_{3}, \end{equation}\]

where

\[\begin{equation} |B_i|=4. \end{equation}\]

A block

\[\begin{equation} B_i = (b_{i1},b_{i2},b_{i3},b_{i4}) \end{equation}\]

is valid if its fourth bit satisfies the parity condition

\[\begin{equation} b_{i4} = b_{i1} \oplus b_{i2} \oplus b_{i3}. \end{equation}\]

Under this reconstruction, the observable sequence becomes

\[\begin{equation} Y_{1} = 0000 \Vert 0011 \Vert 0011. \end{equation}\]

The first block is valid because

\[\begin{equation} 0 = 0 \oplus 0 \oplus 0. \end{equation}\]

The second and third blocks are valid because

\[\begin{equation} 1 = 0 \oplus 0 \oplus 1. \end{equation}\]

Thus,

\[\begin{equation} Y_{1} \in \mathcal{C}_{1}. \end{equation}\]

Now consider a different candidate cryptographic space \(\mathcal{C}_{2}\), whose elements are sequences of four three-bit units:

\[\begin{equation} Y_{2} = S_{1} \Vert S_{2} \Vert S_{3} \Vert S_{4}, \end{equation}\]

where

\[\begin{equation} |S_i|=3. \end{equation}\]

A unit

\[\begin{equation} S_i = (s_{i1},s_{i2},s_{i3}) \end{equation}\]

is valid if its third bit satisfies

\[\begin{equation} s_{i3} = s_{i1} \oplus s_{i2}. \end{equation}\]

Under the second reconstruction, the same observable sequence becomes

\[\begin{equation} Y_{2} = 000 \Vert 000 \Vert 110 \Vert 011. \end{equation}\]

The first and second units are valid because

\[\begin{equation} 0 = 0 \oplus 0. \end{equation}\]

The third unit is valid because

\[\begin{equation} 0 = 1 \oplus 1, \end{equation}\]

and the fourth unit is valid because

\[\begin{equation} 1 = 0 \oplus 1. \end{equation}\]

Therefore,

\[\begin{equation} Y_{2} \in \mathcal{C}_{2}. \end{equation}\]

Both reconstructions generate the same observable sequence:

\[\begin{equation} R_{\Phi_{1}}(Y_{1}) = R_{\Phi_{2}}(Y_{2}) = O. \end{equation}\]

However,

\[\begin{equation} Y_{1} \neq Y_{2}. \end{equation}\]

The difference is not merely notational. The two reconstructions have different:

  • numbers of internal units;

  • unit lengths;

  • unit boundaries;

  • validation equations;

  • candidate cryptographic spaces.

In particular,

\[\begin{equation} \mathcal{C}*{1} \neq \mathcal{C}*{2}. \end{equation}\]

The observable sequence therefore belongs to the intersection

\[\begin{equation} O \in R_{\Phi_{1}}(\mathcal{C}*{1}) \cap R*{\Phi_{2}}(\mathcal{C}_{2}). \end{equation}\]

The ambiguity is not restricted to one specially selected sequence.

For twelve-bit sequences, define

\[\begin{equation} \mathcal{C}_{1}^{(12)} = \left\{ x\in\{0,1\}^{12} \;\middle|\; x \text{ satisfies the three four-bit parity constraints} \right\}, \end{equation}\]

and

\[\begin{equation} \mathcal{C}_{2}^{(12)} = \left\{ x\in\{0,1\}^{12} \;\middle|\; x \text{ satisfies the four three-bit parity constraints} \right\}. \end{equation}\]

Their intersection contains

\[\begin{equation} \left| \mathcal{C}*{1}^{(12)} \cap \mathcal{C}*{2}^{(12)} \right| = 64 \end{equation}\]

distinct observable sequences.

Thus, structural ambiguity is not an accidental property of one stream. It is a stable property of two overlapping spaces of valid internal objects.

More generally, let

\[\begin{equation} \mathfrak{R}(O) = \left\{ (\mathcal{C},\Phi,Y) \;\middle|\; Y\in\mathcal{C}, \; R_{\Phi}(Y)=O \right\}. \end{equation}\]

be the set of cryptographic reconstructions compatible with observation \(O\).

Reconstruction is unique only when

\[\begin{equation} \left| \mathfrak{R}(O) \right| = 1. \end{equation}\]

Cryptographic-object ambiguity exists when

\[\begin{equation} \left| \mathfrak{R}(O) \right| > 1. \end{equation}\]

A stronger condition holds when there exist two compatible reconstructions

\[\begin{equation} (\mathcal{C}*{i},\Phi*{i},Y_{i}), \qquad (\mathcal{C}*{j},\Phi*{j},Y_{j}) \end{equation}\]

such that

\[\begin{equation} \mathcal{C}*{i} \neq \mathcal{C}*{j} \end{equation}\]

and

\[\begin{equation} R_{\Phi_{i}}(Y_{i}) = R_{\Phi_{j}}(Y_{j}) = O. \end{equation}\]

The observer then faces not merely several descriptions of one known ciphertext object, but several mutually incompatible candidates for what the cryptographic object is.

The initial cryptanalytic problem is therefore

\[\begin{equation} \text{given }O, \quad \text{recover } (\mathcal{C},\Phi,Y), \end{equation}\]

rather than immediately

\[\begin{equation} \text{given }Y, \quad \text{recover }K \text{ or }M. \end{equation}\]

Only after the cryptographic object space, reconstruction state, and internal object have been selected does conventional key or message recovery become well-defined.

This construction establishes formal non-uniqueness of cryptographic reconstruction: the same observable sequence is a valid output of two structurally incompatible internal object models.

Protocol-Level Construction with Real Cryptographic Object Spaces

The preceding construction uses deliberately simplified parity-constrained spaces in order to establish the formal possibility of non-unique cryptographic reconstruction.

A stronger question is whether the same phenomenon can arise between object spaces associated with actual cryptographic algorithms.

AES, RSA, and LSEG do not automatically produce such ambiguity. The ambiguity must be created at the representation level by withholding or transforming the metadata that would ordinarily stabilize one unique cryptographic interpretation.

Consider an observable byte sequence

\[\begin{equation} O = Q_{1} \Vert Q_{2} \Vert \cdots \Vert Q_{m}, \end{equation}\]

where every chunk \(Q_j\) contains \(256\) bytes:

\[\begin{equation} |Q_j| = 256 \text{ bytes}. \end{equation}\]

Assume that the first byte of every \(Q_j\) is zero:

\[\begin{equation} Q_j[1] = \texttt{0x00}. \end{equation}\]

This restriction ensures that the integer represented by \(Q_j\) is less than \(2^{2040}\).

Let \(n\) be a \(2048\)-bit RSA modulus. Then

\[\begin{equation} n \geq 2^{2047}, \end{equation}\]

and therefore

\[\begin{equation} \operatorname{int}(Q_j) < 2^{2040} < n. \end{equation}\]

Each chunk \(Q_j\) is consequently a valid element of the RSA ciphertext domain

\[\begin{equation} \mathcal{C}_{\mathrm{RSA}} = \left\{ c\in\mathbb{Z} \;\middle|\; 0\leq c<n \right\}. \end{equation}\]

At the same time, every \(256\)-byte chunk can be divided into sixteen \(16\)-byte AES blocks:

\[\begin{equation} Q_j = B_{j,1} \Vert B_{j,2} \Vert \cdots \Vert B_{j,16}, \end{equation}\]

where

\[\begin{equation} |B_{j,k}| = 16 \text{ bytes}. \end{equation}\]

Each block belongs to the AES block space

\[\begin{equation} \mathcal{C}_{\mathrm{AES}} = {0,1}^{128}. \end{equation}\]

The same observable sequence therefore admits two stable reconstructions.

Under the first structural state \(\Phi_{\mathrm{AES}}\), the internal cryptographic object sequence is

\[\begin{equation} Y_{\mathrm{AES}} = \left( B_{1,1}, \ldots, B_{1,16}, B_{2,1}, \ldots, B_{m,16} \right). \end{equation}\]

It contains

\[\begin{equation} 16m \end{equation}\]

candidate AES blocks.

Under the second structural state \(\Phi_{\mathrm{RSA}}\), the internal object sequence is

\[\begin{equation} Y_{\mathrm{RSA}} = \left( Q_{1}, Q_{2}, \ldots, Q_{m} \right). \end{equation}\]

It contains

\[\begin{equation} m \end{equation}\]

candidate RSA ciphertext objects.

Both reconstructions produce the same observable byte sequence:

\[\begin{equation} R_{\Phi_{\mathrm{AES}}} \left( Y_{\mathrm{AES}} \right) = R_{\Phi_{\mathrm{RSA}}} \left( Y_{\mathrm{RSA}} \right) = O. \end{equation}\]

However,

\[\begin{equation} Y_{\mathrm{AES}} \neq Y_{\mathrm{RSA}}. \end{equation}\]

The two reconstructions differ in:

  • the number of cryptographic objects;

  • the boundaries of those objects;

  • the corresponding key spaces;

  • the applicable decryption operations;

  • the resulting plaintext spaces;

  • the interpretation of the observable byte sequence.

The ambiguity is stable for arbitrary positive \(m\). Increasing the stream length does not eliminate either reconstruction:

\[\begin{equation} O \in R_{\Phi_{\mathrm{AES}}} \left( \mathcal{C}_{\mathrm{AES}}^{16m} \right) \end{equation}\]

and simultaneously

\[\begin{equation} O \in R_{\Phi_{\mathrm{RSA}}} \left( \mathcal{C}_{\mathrm{RSA}}^{m} \right). \end{equation}\]

Hence,

\[\begin{equation} O \in R_{\Phi_{\mathrm{AES}}} \left( \mathcal{C}*{\mathrm{AES}}^{16m} \right) \cap R*{\Phi_{\mathrm{RSA}}} \left( \mathcal{C}_{\mathrm{RSA}}^{m} \right). \end{equation}\]

This ambiguity does not result from AES or RSA alone.

In an ordinary protocol, external metadata normally specifies:

  • the cryptographic algorithm;

  • the cipher suite;

  • the object type;

  • the record boundaries;

  • the block or modulus size;

  • the interpretation of each transmitted field.

Such metadata stabilizes one reconstruction:

\[\begin{equation} O + \text{protocol metadata} \longrightarrow Y. \end{equation}\]

A PADC representation instead seeks to preserve several candidate reconstructions:

\[\begin{equation} O \longrightarrow \left\{ Y_{1}, Y_{2}, \ldots, Y_{N} \right\}. \end{equation}\]

LSEG may serve as the carrier representation for this construction.

Suppose that the observable stream consists of a sequence of LSEG DATA fragments. The physical segment boundaries remain visible, but the rule that combines DATA fragments into cryptographic objects depends on the structural state \(\Phi\).

Under \(\Phi_{\mathrm{AES}}\), the DATA octets are assembled into \(16\)-byte units:

\[\begin{equation} \operatorname{Assemble}*{\Phi*{\mathrm{AES}}}(O) = Y_{\mathrm{AES}}. \end{equation}\]

Under \(\Phi_{\mathrm{RSA}}\), the same DATA octets are assembled into \(256\)-byte units:

\[\begin{equation} \operatorname{Assemble}*{\Phi*{\mathrm{RSA}}}(O) = Y_{\mathrm{RSA}}. \end{equation}\]

The observable LSEG sequence is unchanged:

\[\begin{equation} O_{\mathrm{LSEG}} = R_{\Phi_{\mathrm{AES}}} \left( Y_{\mathrm{AES}} \right) = R_{\Phi_{\mathrm{RSA}}} \left( Y_{\mathrm{RSA}} \right). \end{equation}\]

The representation layer therefore does not conceal the existence of bytes or segments. It conceals which higher-level grouping of those segments constitutes the cryptographic object.

The result establishes a protocol-level form of reconstruction non-uniqueness involving real cryptographic object spaces:

\[\begin{equation} \mathcal{C}*{\mathrm{AES}}^{16m} \neq \mathcal{C}*{\mathrm{RSA}}^{m}, \end{equation}\]

while both remain compatible with the same observation \(O\).

This construction must not be interpreted as a claim that every AES, RSA, LSEG, or PADC implementation automatically possesses this property.

The claim is conditional:

A PADC system creates cryptographic-object ambiguity when its representation function deliberately preserves compatibility between two or more stable and mutually incompatible cryptographic reconstructions.

The technical design problem is therefore to construct a family of representation functions satisfying

\[\begin{equation} R_{\Phi_i}(\mathcal{C}*i) \cap R*{\Phi_j}(\mathcal{C}_j) \neq \varnothing \end{equation}\]

for real cryptographic object spaces \(\mathcal{C}_i\) and \(\mathcal{C}_j\), while preserving deterministic reconstruction for the authorized receiver.

LSEG as a Carrier of Structural Ambiguity

Within the PADC architecture, LSEG should not be understood primarily as an alternative network protocol.

Its more fundamental role is to provide a candidate implementation of the structural representation function

\[\begin{equation} R_{\Phi}: Y \longrightarrow O. \end{equation}\]

The purpose of this function is not merely to serialize an already identified cryptographic object. Its purpose is to produce an observable stream whose physical segmentation does not uniquely determine the higher-level cryptographic structure from which it was formed.

An LSEG segment has the general form

\[\begin{equation} \texttt{0x00} \Vert \texttt{LANG\_ID} \Vert \texttt{DATA}. \end{equation}\]

The marker and language identifier make the observable stream self-synchronizing at the segment level. However, segment-level synchronization does not imply unique reconstruction of the higher-level object architecture.

The observer may identify a sequence of physical segments

\[\begin{equation} O = (s_{1},s_{2},\ldots,s_{n}), \end{equation}\]

while remaining unable to determine which subsets of those segments form the internal cryptographic units.

The distinction is therefore between

\[\begin{equation} \operatorname{Seg}(O), \end{equation}\]

the observable segmentation of the carrier stream, and

\[\begin{equation} \operatorname{Obj}_{\Phi}(O), \end{equation}\]

the state-dependent reconstruction of cryptographic objects.

The first may be visible, while the second remains dependent on the structural state \(\Phi\).

For example, under one admissible structural state,

\[\begin{equation} \Phi_{1}, \end{equation}\]

the DATA fields of successive LSEG segments may be assembled into \(16\)-byte units:

\[\begin{equation} \operatorname{Obj}*{\Phi*{1}}(O) = \left( B_{1}, B_{2}, \ldots, B_{r} \right), \end{equation}\]

where

\[\begin{equation} |B_i| = 16 \text{ bytes}. \end{equation}\]

These units may be interpreted as candidate AES blocks.

Under another admissible structural state,

\[\begin{equation} \Phi_{2}, \end{equation}\]

the same DATA fields may be assembled into \(256\)-byte units:

\[\begin{equation} \operatorname{Obj}*{\Phi*{2}}(O) = \left( C_{1}, C_{2}, \ldots, C_{q} \right), \end{equation}\]

where

\[\begin{equation} |C_j| = 256 \text{ bytes}. \end{equation}\]

These units may be interpreted as candidate RSA ciphertext objects.

The observable LSEG stream remains identical:

\[\begin{equation} O = R_{\Phi_{1}} \left( Y_{1} \right) = R_{\Phi_{2}} \left( Y_{2} \right), \end{equation}\]

while

\[\begin{equation} Y_{1} \neq Y_{2}. \end{equation}\]

Thus, the visible LSEG segments are not themselves the hidden cryptographic objects.

They are carrier units from which different higher-level object spaces may be reconstructed.

This distinction is essential. The visibility of bytes, segment markers, or DATA-field boundaries does not reveal:

  • which segments belong to the same cryptographic object;

  • whether one object spans several segments;

  • whether one segment contains fragments of several objects;

  • which interpreter applies to a reconstructed object;

  • which internal object boundaries are cryptographically significant;

  • which candidate cryptographic space is active.

Accordingly,

\[\begin{equation} \operatorname{Seg}(O) \centernot\Longrightarrow \operatorname{Obj}_{\Phi}(O). \end{equation}\]

LSEG therefore separates two forms of structure:

  1. observable carrier structure;

  2. state-dependent cryptographic object structure.

The first provides synchronization and transport recovery. The second determines the analytical units relevant to cryptanalysis.

This makes LSEG particularly suitable for PADC. A fully unstructured byte stream may conceal boundaries, but it also creates synchronization and recovery problems for the authorized receiver. A rigid conventional protocol solves synchronization by exposing the object architecture.

LSEG permits an intermediate construction:

\[\begin{equation} \text{recoverable carrier segmentation} \quad+\quad \text{non-unique object reconstruction}. \end{equation}\]

The authorized receiver, possessing \(\Phi\), can reconstruct the intended cryptographic object sequence:

\[\begin{equation} \operatorname{Obj}_{\Phi}(O) = Y. \end{equation}\]

An external observer without \(\Phi\) instead obtains a set of compatible reconstructions:

\[\begin{equation} \mathcal{Y}_{\mathrm{LSEG}}(O) = \left\{ Y \;\middle|\; \exists\,\Phi: R_{\Phi}(Y)=O \right\}. \end{equation}\]

The PADC objective is to maintain

\[\begin{equation} \left| \mathcal{Y}_{\mathrm{LSEG}}(O) \right| > 1 \end{equation}\]

while preserving deterministic reconstruction for the authorized receiver.

LSEG is therefore not introduced here as a claim that a segment format alone provides cryptographic security.

The claim is narrower and more precise:

LSEG is a candidate carrier architecture for constructing observable streams in which transport-level segmentation remains recoverable while cryptographic-object reconstruction remains dependent on a hidden structural state.

Under this interpretation, LSEG is not an external addition to PADC. It is the first concrete candidate for the representation layer \(R_{\Phi}\).

Its relevant security contribution is not encryption of DATA fields, but the controlled separation between the structure that must remain visible for reliable transmission and the structure that must remain ambiguous for cryptanalytic reconstruction.

Cross-Session Alphabet Rotation and the Failure of Statistical Accumulation

A central objection to representational ambiguity is that an adversary may accumulate observations across multiple sessions.

In a conventional cryptographic setting, this objection is well founded because the observable alphabet normally remains stable.

Let

\[\begin{equation} O^{(1)}, O^{(2)}, \ldots, O^{(t)} \end{equation}\]

be observable streams collected from \(t\) sessions.

Conventional accumulation assumes that all streams belong to the same observable alphabet:

\[\begin{equation} O^{(s)} \in \left( \mathcal{A}_{O} \right)^{*}, \qquad s=1,\ldots,t. \end{equation}\]

The observer may therefore concatenate the sessions into a common corpus:

\[\begin{equation} O^{(1)} \Vert O^{(2)} \Vert \cdots \Vert O^{(t)}, \end{equation}\]

and estimate increasingly accurate frequencies, transition probabilities, recurrent sequences, and structural relations.

This procedure contains an assumption that is normally left implicit:

An observable unit identified in one session remains the same analytical unit in every other session.

PADC does not preserve this assumption.

For session \(s\), let the active alphabet-dictionary state be

\[\begin{equation} \Theta_{s}, \end{equation}\]

and let the corresponding observable alphabet be

\[\begin{equation} \mathcal{A}_{O}^{(s)}. \end{equation}\]

The observable streams then satisfy

\[\begin{equation} O^{(s)} \in \left( \mathcal{A}_{O}^{(s)} \right)^{*}, \end{equation}\]

rather than belonging to one fixed alphabet shared by all sessions.

Thus,

\[\begin{equation} \mathcal{A}{O}^{(1)}, \mathcal{A}{O}^{(2)}, \ldots, \mathcal{A}_{O}^{(t)} \end{equation}\]

need not possess a known common identity relation.

An observable unit

\[\begin{equation} o_{i}^{(r)} \in \mathcal{A}_{O}^{(r)} \end{equation}\]

cannot be combined statistically with

\[\begin{equation} o_{j}^{(s)} \in \mathcal{A}_{O}^{(s)} \end{equation}\]

unless the observer first establishes that both units represent the same cross-session analytical class:

\[\begin{equation} o_{i}^{(r)} \sim o_{j}^{(s)}. \end{equation}\]

Without this relation, the operation

\[\begin{equation} \operatorname{Count} \left( o_{i}^{(r)}, o_{j}^{(s)} \right) \end{equation}\]

does not estimate the frequency of one stable unit. It combines occurrences whose common identity has not been established.

Accordingly, the obstacle to cross-session accumulation is not merely noise in the estimated distribution.

The obstacle is the absence of a common statistical domain.

Session-specific formation

Let the session-specific PADC transformation be

\[\begin{equation} O^{(s)} = R_{\Phi_{s}} \left( E_{K_{s}} \left( F_{\Theta_{s}} \left( M^{(s)} \right) \right) \right). \end{equation}\]

The states

\[\begin{equation} \Theta_{s}, \qquad \Phi_{s}, \qquad K_{s} \end{equation}\]

may evolve independently or be derived from a synchronized session state.

The relevant requirement is not simply that different visible labels are used in different sessions.

A substitution of identifiers alone would leave the underlying statistical structure recoverable through frequency alignment.

Instead, the session state may modify:

  • the observable alphabet;

  • the partition of observable units into decoding classes;

  • the number of representations assigned to each source unit;

  • the conditional encoding matrix \(T_{s}\);

  • the target distribution \(\mathbf{q}{s}^{*}\);

  • higher-order transition rules;

  • auxiliary and null units;

  • the segmentation and assembly state \(\Phi{s}\);

  • the candidate cryptographic object spaces compatible with the observation.

Thus, the relation between sessions is not necessarily a simple permutation

\[\begin{equation} \pi_{s}: \mathcal{A}{O}^{(1)} \rightarrow \mathcal{A}{O}^{(s)}. \end{equation}\]

The alphabets may differ in cardinality, equivalence classes, distributions, transition models, and structural use.

The cross-session identification problem

For two sessions \(r\) and \(s\), define a candidate cross-session identification map as

\[\begin{equation} J_{r,s}: \mathcal{A}{O}^{(r)} \rightarrow \mathcal{A}{O}^{(s)}. \end{equation}\]

Conventional statistical accumulation presupposes that \(J_{r,s}\) is known, trivial, or efficiently recoverable.

PADC seeks to prevent this stabilization.

Let

\[\begin{equation} \mathcal{J}_{r,s} = \left\{ J \;\middle|\; J \text{ is compatible with the observations from sessions } r \text{ and } s \right\}. \end{equation}\]

be the set of cross-session identification maps compatible with the available data.

Cross-session alignment is unique only if

\[\begin{equation} \left| \mathcal{J}_{r,s} \right| = 1. \end{equation}\]

Cross-session alphabet ambiguity exists when

\[\begin{equation} \left| \mathcal{J}_{r,s} \right| > 1. \end{equation}\]

In that case, the observer cannot determine which units from different sessions should be counted as occurrences of the same analytical object.

The conventional accumulated corpus

\[\begin{equation} O^{(1)} \Vert O^{(2)} \Vert \cdots \Vert O^{(t)} \end{equation}\]

therefore does not automatically define one enlarged statistical sample.

It defines a collection of samples over potentially different and non-aligned alphabets.

Failure of direct distribution pooling

Let

\[\begin{equation} \mathbf{q}^{(s)} \end{equation}\]

be the observable distribution in session \(s\).

In a fixed-alphabet system, an accumulated estimator may be formed as

\[\begin{equation} \widehat{\mathbf{q}}{t} = \frac{ \sum{s=1}^{t} n_{s} \mathbf{q}^{(s)} }{ \sum_{s=1}^{t} n_{s} }, \end{equation}\]

where \(n_s\) is the number of observations in session \(s\).

This expression is meaningful only if all vectors \(\mathbf{q}^{(s)}\) refer to the same ordered system of observable units.

Under session-specific alphabet formation, one instead has

\[\begin{equation} \mathbf{q}^{(s)} \in \Delta \left( \mathcal{A}_{O}^{(s)} \right), \end{equation}\]

where

\[\begin{equation} \Delta \left( \mathcal{A}_{O}^{(s)} \right) \end{equation}\]

is the probability simplex over the alphabet of session \(s\).

Unless a valid identification map \(J_{r,s}\) has been recovered, the vectors belong to different coordinate systems.

Consequently,

\[\begin{equation} \mathbf{q}^{(r)} + \mathbf{q}^{(s)} \end{equation}\]

is not an invariantly defined statistical operation.

The attacker must solve the alphabet-alignment problem before statistical accumulation becomes possible.

Why symbol relabeling alone is insufficient

The use of different visible symbols in each session does not by itself guarantee protection.

Suppose that every session preserves the same source-to-observable probability structure up to a permutation:

\[\begin{equation} \mathbf{q}^{(s)} = \mathbf{q}^{(1)} P_{s}, \end{equation}\]

where \(P_s\) is a permutation matrix.

If the entries of \(\mathbf{q}^{(1)}\) are sufficiently distinct, the observer may recover the permutation by ranking frequencies.

Likewise, stable higher-order transitions, fixed unit lengths, recurring positions, persistent LSEG identifiers, constant fragment sizes, or unchanged cryptographic boundaries may supply cross-session alignment invariants.

Therefore,

\[\begin{equation} \mathcal{A}{O}^{(r)} \neq \mathcal{A}{O}^{(s)} \end{equation}\]

is necessary but not sufficient.

The stronger requirement is

\[\begin{equation} \text{no efficiently recoverable } J_{r,s} \end{equation}\]

from the observable data available to the adversary.

Session rotation must therefore alter not only unit labels but also the observable relations by which those labels could be aligned.

Session independence of representational state

A strong session-rotation condition may be expressed as

\[\begin{equation} \Theta_{s+1} = G_{\Theta} \left( Z_{s+1} \right), \end{equation}\]

and

\[\begin{equation} \Phi_{s+1} = G_{\Phi} \left( Z_{s+1} \right), \end{equation}\]

where \(Z_{s+1}\) is a fresh synchronized session state.

The observable architecture of session \(s+1\) should not be derivable from that of session \(s\) without knowledge of \(Z_{s+1}\):

\[\begin{equation} \left( \mathcal{A}{O}^{(s)}, T_s, \Phi_s \right) \centernot\Longrightarrow \left( \mathcal{A}{O}^{(s+1)}, T_{s+1}, \Phi_{s+1} \right). \end{equation}\]

The authorized receiver reconstructs the active session state through the shared derivation mechanism.

The external observer receives only the resulting sequence \(O^{(s)}\).

Cross-session accumulation as a prior reconstruction problem

Under PADC, the attacker cannot begin by accumulating symbol statistics across sessions.

The analytical sequence is instead

\[\begin{aligned} \text{multiple observed sessions} &\rightarrow \text{candidate session alphabets}\\ \ &\rightarrow \text{candidate cross-session identification maps}\\ \ &\rightarrow \text{candidate common dictionary}\\ \ &\rightarrow \text{accumulated statistical model}\\ \ &\rightarrow \text{source reconstruction}. \end{aligned}\]

Thus, cross-session accumulation is not an operation available before alphabet reconstruction.

It is a result that becomes available only after successful cross-session alphabet alignment.

This reverses the conventional assumption.

The conventional model states:

\[\begin{equation} \text{more sessions} \longrightarrow \text{better statistics}. \end{equation}\]

The PADC model states:

\[\begin{equation} \text{more non-aligned sessions} \centernot\Longrightarrow \text{one larger statistical sample}. \end{equation}\]

The observations become cumulatively useful only if the adversary can recover the hidden relations among their session-specific alphabets, dictionaries, and structural states.

Cross-session PADC condition

Let

\[\begin{equation} \mathfrak{G}_{t} \end{equation}\]

denote the set of global reconstructions compatible with the first \(t\) sessions:

\[\begin{equation} \mathfrak{G}_{t} = \left\{ \mathcal{G} \;\middle|\; \mathcal{G} \text{ jointly explains } O^{(1)}, \ldots, O^{(t)} \right\}. \end{equation}\]

A global reconstruction includes:

  • one candidate alphabet-dictionary state for each session;

  • candidate structural states;

  • candidate cross-session identification maps;

  • a candidate common source interpretation.

Long-term ambiguity is not measured by the number of independent per-session descriptions alone.

It requires multiple inequivalent global reconstructions:

\[\begin{equation} \left| \mathfrak{G}_{t} /!\sim \right| > 1, \end{equation}\]

where \(\sim\) removes reconstructions that differ only by irrelevant renaming or notation.

The PADC objective is therefore not merely to preserve ambiguity inside one session.

It is to prevent the stabilization of one unique family of cross-session identification maps.

This condition can be stated as follows:

A session-rotating PADC system resists statistical accumulation when observations from different sessions cannot be efficiently embedded into one common and correctly aligned alphabet-dictionary space without the authorized session state.

Under this condition, the conventional growth of statistical confidence with corpus size does not directly apply, because the corpus itself has not yet been constructed as one coherent analytical object.

A Distinct Class of Cryptanalytic Problems

PADC therefore introduces a class of problems that can be described as

cryptanalysis under non-given representational spaces.

The complete analytical sequence becomes

\[\begin{aligned} \text{observable sequence} &\rightarrow \text{candidate units}\\ \ &\rightarrow \text{candidate alphabet}\\ \ &\rightarrow \text{candidate dictionary}\\ \ &\rightarrow \text{candidate cryptographic structure}\\ \ &\rightarrow \text{cipher or key analysis}\\ \ &\rightarrow \text{source-message reconstruction}. \end{aligned}\]

Conventional cryptography typically begins after the first four stages have already been resolved or fixed by the protocol specification.

PADC moves the security boundary to those earlier stages.

The adversary must solve not only

\[\begin{equation*} \text{key recovery} \end{equation*}\]

or

\[\begin{equation*} \text{message recovery}, \end{equation*}\]

but also

\[\begin{equation*} \text{representation recovery}, \end{equation*}\]

\[\begin{equation*} \text{dictionary recovery}, \end{equation*}\]

and

\[\begin{equation*} \text{cryptographic-object recovery}. \end{equation*}\]

Criterion of reduction to a classical cryptosystem

A PADC construction is reducible to an ordinary classical cryptosystem when the following conditions hold for the adversary:

  1. the transformations \(F_{\Theta}\) and \(R_{\Phi}\) are known or effectively fixed;

  2. their active states \(\Theta\) and \(\Phi\) are known or directly recoverable;

  3. the induced message and ciphertext spaces are stable;

  4. observable segmentation uniquely determines internal cryptographic units;

  5. the alternative dictionary is known or uniquely recoverable.

Under these conditions, one may define

\[\begin{equation} \widetilde{E} = R_{\Phi} \circ E_{K} \circ F_{\Theta} \end{equation}\]

and treat the complete architecture as one conventional keyed transformation.

The reduction is not justified when the observable sequence remains compatible with multiple alphabets, dictionaries, segmentations, or ciphertext spaces.

This criterion may be summarized as follows:

PADC is reducible to a classical cryptosystem only when its alphabet-dictionary formation and structural representation induce a known and stable cryptographic object space for the adversary.

Encoding secrecy and architectural secrecy

The distinction does not depend on keeping the general design secret.

The adversary may know that the system uses:

  • symbol identity diversification;

  • target-profile dictionary shaping;

  • a conventional cipher;

  • LSEG-based structural representation.

Knowledge of these principles does not necessarily reveal:

  • the active equivalence classes \(C_i\);

  • the active matrix \(T\);

  • the session-specific dictionary state \(\Theta\);

  • the structural reconstruction state \(\Phi\);

  • the internal cryptographic units represented by the observable segments.

The relevant security property is therefore not obscurity of the general algorithm, but uncertainty of the active representational architecture.

The distinction is

\[\begin{equation} \text{knowledge of construction principles} \centernot\Longrightarrow \text{recovery of active representational spaces}. \end{equation}\]

Consequences for the definition of cryptography

If cryptography is defined narrowly as the study of keyed transformations between fixed message and ciphertext spaces, PADC may appear to be an external encoding architecture.

If cryptography is defined as the construction of communication systems that prevent unauthorized source-message recovery, then the formation of the analytical spaces available to the adversary is itself cryptographically relevant.

PADC adopts the latter position.

Its object of protection is not only the value of the source message inside a known symbolic system. It also includes the correspondence between:

\[\begin{aligned} \text{physical observations} &\leftrightarrow \text{symbolic units}, \ \text{symbolic units} &\leftrightarrow \text{dictionary structures}, \ \text{observable segments} &\leftrightarrow \text{cryptographic units}, \ \text{alternative dictionary} &\leftrightarrow \text{source language}. \end{aligned}\]

Accordingly, the defining PADC problem is not merely

\[\begin{equation} M \rightarrow C, \end{equation}\]

but

\[\begin{aligned} O &\longrightarrow \left\{ \mathcal{A}, \mathcal{D}, \mathcal{C}, \right. \\ &\qquad\left. F_{\Theta}, E_{K}, R_{\Phi}, M \right\}. \end{aligned}\]

Preventing the unique stabilization of this reconstruction is not an external convenience added to cryptography. It is the principal security objective of the PADC architecture.

Computational and Storage Complexity

Let the source message contain \(n\) dictionary units, and let the source dictionary contain \(d\) distinct units.

For each source unit \(w_i\), let

\[\begin{equation} C_i = {c_{i1},c_{i2},\ldots,c_{ir_i}} \end{equation}\]

be the set of admissible observable representations.

If the encoder selects one representation through a direct lookup table, the encoding cost per source unit is

\[\begin{equation} O(1), \end{equation}\]

and the complete symbol- or word-level transformation requires

\[\begin{equation} O(n) \end{equation}\]

operations.

The storage cost of the representation classes is

\[\begin{equation} O \left( \sum_{i=1}^{d} r_i \right). \end{equation}\]

If every source unit has at most \(r\) admissible representations, this becomes

\[\begin{equation} O(dr). \end{equation}\]

For a dense conditional encoding matrix

\[\begin{equation} T \in \mathbb{R}^{d\times m}, \end{equation}\]

where \(m\) is the size of the observable dictionary, the storage cost is

\[\begin{equation} O(dm). \end{equation}\]

In practical implementations, \(T\) may be sparse because each source unit normally maps only to a limited subset of observable units. If each row contains at most \(r\) non-zero values, the storage cost is reduced to

\[\begin{equation} O(dr). \end{equation}\]

The computational cost of sampling from a row of \(T\) depends on the representation used. With cumulative probability tables, selection requires

\[\begin{equation} O(\log r) \end{equation}\]

operations. With precomputed alias tables, the expected selection cost may be reduced to

\[\begin{equation} O(1). \end{equation}\]

Higher-order shaping introduces additional state. If the observable dictionary contains \(m\) units and the encoder reproduces a context of order \(k\), a dense model may contain up to

\[\begin{equation} O(m^k) \end{equation}\]

contexts.

This exponential growth is the principal theoretical cost of direct higher-order shaping. In practice, sparse transition tables, bounded context models, finite-state encoders, and corpus-specific pruning can substantially reduce the effective state space.

Let

\[\begin{equation} \rho_F = \frac{|X|}{|M|} \end{equation}\]

denote the expansion introduced by alphabet-dictionary formation, and let

\[\begin{equation} \rho_R = \frac{|O|}{|Y|} \end{equation}\]

denote the expansion introduced by structural representation.

The total representation expansion, excluding the internal expansion of the cryptographic algorithm, is

\[\begin{equation} \rho_{\mathrm{PADC}} = \rho_F\rho_R. \end{equation}\]

Thus, the main practical trade-off is not necessarily asymptotic processing time, which may remain linear, but the balance among:

\[\begin{aligned} &\text{the number of admissible representations},\\ \ &\text{the order of the shaped dictionary process},\\ \ &\text{the amount of encoder and decoder state},\\ \ &\text{the expansion of the transmitted stream},\\ \ &\text{the remaining reconstructability for an observer}. \end{aligned}\]

For bounded representation classes and bounded-order models, the complete PADC transformation can remain linear in the length of the source message:

\[\begin{equation} T_{\mathrm{PADC}}(n) = O(n) + T_E(n), \end{equation}\]

where \(T_E(n)\) is the complexity of the underlying cryptographic transformation.

Adversarial Knowledge Model

The strength of a PADC construction depends not only on the observable stream, but also on which architectural components are known to the adversary.

Let the complete transformation be

\[\begin{equation} O = R_{\Phi} \left( E_K \left( F_{\Theta}(M) \right) \right). \end{equation}\]

The adversary may possess knowledge of some or all of the following components:

  1. the target observable distribution \(\mathbf{q}^{*}\);

  2. the observable dictionary \(\mathcal{D}*{O}\);

  3. the general form of the dictionary transformation \(F*{\Theta}\);

  4. the conditional encoding matrix \(T\);

  5. the underlying cryptographic algorithm \(E\);

  6. the cryptographic key \(K\);

  7. the structural representation mechanism \(R_{\Phi}\);

  8. the exact representation state \(\Phi\);

  9. one or more source-message fragments;

  10. multiple streams generated under the same dictionary or structural state.

These knowledge levels must be distinguished.

Knowledge of the target distribution

\[\begin{equation} \mathbf{q}^{*} \end{equation}\]

does not by itself reveal the source distribution

\[\begin{equation} \mathbf{p}, \end{equation}\]

because the relation

\[\begin{equation} \mathbf{p}T = \mathbf{q}^{*} \end{equation}\]

may admit multiple combinations of \(\mathbf{p}\) and \(T\).

Likewise, knowledge of the observable dictionary

\[\begin{equation} \mathcal{D}_{O} \end{equation}\]

does not necessarily reveal its partition into source equivalence classes:

\[\begin{equation} \mathcal{D}_{O} = C_1 \cup C_2 \cup \cdots \cup C_d. \end{equation}\]

An adversary may know the general mechanism of \(F_{\Theta}\) while lacking the actual session-specific mapping between observable units and source units.

Similarly, knowledge of the structural representation algorithm \(R_{\Phi}\) does not necessarily imply knowledge of the state \(\Phi\) used to assemble internal cryptographic units from observable segments.

The adversarial model can therefore be divided into several cases.

Observable-only adversary

The adversary receives only the observable stream \(O\) and may estimate:

  • frequencies of observable units;

  • higher-order transition statistics;

  • physical segmentation;

  • stream length and timing;

  • cross-stream correlations.

The adversary does not know \(F_{\Theta}\), \(K\), or \(\Phi\).

Target-profile-aware adversary

The adversary knows \(\mathbf{q}^{*}\) and may know which language, corpus, or artificial process the observable distribution is intended to imitate.

This knowledge identifies the target profile, but not necessarily the source dictionary or the inverse mapping.

Encoding-aware adversary

The adversary knows the architecture of \(F_{\Theta}\) and may know the family of admissible matrices \(T\), but not the actual matrix or session-specific dictionary partition.

This corresponds to the usual cryptographic principle that the system architecture may be public while its state remains secret.

Cipher-compromise adversary

The adversary knows or recovers the key \(K\) and obtains

\[\begin{equation} X = E_K^{-1}(Y). \end{equation}\]

The recovered object is the alternative dictionary representation \(X\), not necessarily the source message \(M\).

The remaining problem is

\[\begin{equation} F_{\Theta}^{-1}(X) = M. \end{equation}\]

Thus,

\[\begin{equation} \text{recovery of }K \centernot\Longrightarrow \text{recovery of }M. \end{equation}\]

Representation-aware adversary

The adversary knows the general form of \(R_{\Phi}\) but not the active state \(\Phi\).

The visible segmentation of \(O\) may therefore remain insufficient to reconstruct the internal organization of \(Y\).

Full-architecture adversary

The strongest adversary knows:

\[\begin{equation} \mathbf{q}^{*}, \quad \mathcal{D}*{O}, \quad F*{\Theta}, \quad T, \quad E, \quad K, \quad R_{\Phi}, \quad \Phi. \end{equation}\]

Under this condition, the architecture is fully compromised and source recovery is expected.

PADC therefore does not claim security against disclosure of every mapping and state. Its claim is that compromise of one layer does not automatically compromise the remaining layers.

The relevant implication chain is

\[\begin{aligned} \text{knowledge of }\mathbf{q}^{*} &\centernot\Longrightarrow \text{knowledge of }T, \ \text{knowledge of }T &\centernot\Longrightarrow \text{knowledge of }\Phi, \ \text{knowledge of }\Phi &\centernot\Longrightarrow \text{knowledge of }K, \ \text{knowledge of }K &\centernot\Longrightarrow \text{knowledge of }F_{\Theta}^{-1}. \end{aligned}\]

Accordingly, PADC security must be evaluated relative to an explicitly declared adversarial knowledge set:

\[\begin{equation} \mathcal{K}*{\mathcal{A}} \subseteq { \mathbf{q}^{*}, \mathcal{D}*{O}, F_{\Theta}, T, E, K, R_{\Phi}, \Phi }. \end{equation}\]

A security statement without such a declaration is incomplete because different knowledge sets correspond to different reconstruction problems.

Research Questions

The present paper establishes the architectural basis of PADC, including symbol-identity diversification, dictionary-distribution shaping, cryptographic-object ambiguity, LSEG-based structural representation, and session-specific alphabet rotation.

Several technical questions nevertheless remain open.

  1. Under what necessary and sufficient conditions does a target observable distribution \(\mathbf{q}^{*}\) admit a reversible encoding process with bounded expansion?

  2. Which classes of target distributions can be realized by fixed-length disjoint mappings, and which require variable-length, stateful, overlapping, or auxiliary-unit constructions?

  3. How can higher-order dictionary distributions be shaped without exponential growth of the encoder and decoder state?

  4. What is the minimum secret session state required to reconstruct the intended alphabet, dictionary, and cryptographic-object structure?

  5. Which session-state derivation and rotation mechanisms prevent efficient recovery of cross-session identification maps while preserving deterministic synchronization for the authorized receiver?

  6. Which observable invariants remain usable for aligning independently formed session alphabets despite symbol, dictionary, and structural rotation?

  7. Under what conditions can an LSEG-based representation preserve multiple stable cryptographic-object reconstructions without exposing the active assembly state \(\Phi\)?

  8. How should the ambiguity of competing cryptographic-object spaces be measured after quotienting out reconstructions that differ only by renaming, permutation, or other analytically irrelevant transformations?

  9. How rapidly does the set of compatible global reconstructions shrink as the adversary accumulates sessions, timing information, known-message fragments, or active probes?

  10. Which formal adversarial model best captures architectural reconstruction, including alphabet alignment, dictionary recovery, object-space identification, and conventional key recovery?

  11. How should alphabet stabilization, dictionary stabilization, cross-session alignment, and cryptographic-object stabilization be measured experimentally?

  12. What computational, storage, bandwidth, and synchronization costs arise in practical implementations of session-rotating PADC and LSEG-based structural representation?

Conclusion

Modern cryptography normally begins after the analytical object has already been formed.

The plaintext alphabet, the ciphertext alphabet, the boundaries of cryptographic objects, and the relation between observable units are usually treated as established before cryptanalysis begins. The attacker may not know the message or the key, but the spaces in which those unknowns are defined are assumed to be stable.

Post-Alphabet-Dictionary Cryptography moves the security boundary to an earlier stage.

It treats the formation of observable symbols, dictionaries, distributions, segment relations, and cryptographic-object boundaries as part of the cryptographic architecture itself.

The resulting transformation is

\[\begin{equation} M \xrightarrow{F_{\Theta}} X \xrightarrow{E_{K}} Y \xrightarrow{R_{\Phi}} O. \end{equation}\]

Here, \(F_{\Theta}\) does not merely replace one known symbol by another. It forms an alternative alphabet-dictionary representation whose observable identity and statistical organization need not preserve those of the source.

Likewise, \(R_{\Phi}\) does not merely serialize an already established ciphertext object. It forms the observable carrier representation from which the internal cryptographic structure must be reconstructed.

Three distinct levels of controlled non-equivalence have been identified.

First, symbol identity diversification removes the requirement that repeated source units produce repeated observable units:

\[\begin{equation} a_i=a_j \centernot\Longrightarrow \operatorname{Enc}(a_i) = \operatorname{Enc}(a_j). \end{equation}\]

Second, dictionary-distribution shaping separates the source distribution from the observable distribution:

\[\begin{equation} \mathbf{p} \centernot\Longrightarrow \mathbf{q}. \end{equation}\]

The observable stream may exhibit a uniform, artificial, technical, or language-like statistical profile even when that profile is unrelated to the source dictionary.

Third, cryptographic-structure decoupling separates visible carrier segmentation from the internal organization of cryptographic objects:

\[\begin{equation} \operatorname{Seg}(O) \centernot\Longrightarrow \operatorname{Obj}_{\Phi}(O). \end{equation}\]

This third result is essential.

The observable stream does not necessarily identify one unique ciphertext object or even one unique ciphertext space. A single observation may remain compatible with several mutually incompatible reconstructions:

\[\begin{equation} R_{\Phi_{1}}(Y_{1}) = R_{\Phi_{2}}(Y_{2}) = O, \end{equation}\]

while

\[\begin{equation} Y_{1} \neq Y_{2} \end{equation}\]

and

\[\begin{equation} \mathcal{C}*{1} \neq \mathcal{C}*{2}. \end{equation}\]

The attacker therefore faces a problem that precedes conventional key recovery:

\[\begin{equation} \text{given }O, \quad \text{recover } \left( \mathcal{C}, \Phi, Y \right). \end{equation}\]

Only after the cryptographic-object space, the structural state, and the internal object have been stabilized does the conventional problem

\[\begin{equation} \text{given }Y, \quad \text{recover }K \text{ or }M \end{equation}\]

become well-defined.

This establishes the central distinction between PADC and an ordinary encoding layer.

If \(F_{\Theta}\) and \(R_{\Phi}\) act between known, stable, and externally recoverable spaces, then the complete architecture may be reduced to a single composite transformation:

\[\begin{equation} \widetilde{E}*{K} = R*{\Phi} \circ E_{K} \circ F_{\Theta}. \end{equation}\]

Under those conditions, PADC reduces to conventional preprocessing, encryption, and postprocessing.

The reduction is not justified when the active alphabet, dictionary, cross-session identity relations, object boundaries, and ciphertext space remain dependent on hidden representational states.

PADC is therefore not defined merely by the presence of additional transformations. It is defined by the absence of a uniquely given analytical domain for the external observer.

LSEG acquires a precise role within this architecture.

It is not used merely as an alternative transport protocol. It provides the first concrete candidate for the representation function \(R_{\Phi}\).

Its visible segments support synchronization and recovery at the carrier level, while the assembly of those segments into cryptographic objects remains dependent on the hidden structural state:

\[\begin{equation*} \text{recoverable carrier segmentation} \quad+\quad \text{non-unique cryptographic-object reconstruction}. \end{equation*}\]

Thus, the security contribution of LSEG is not the concealment of bytes or physical segments. It is the controlled separation between the structure that must remain visible for reliable transmission and the structure that must remain unavailable for unique cryptanalytic reconstruction.

The same reasoning applies across sessions.

Conventional statistical accumulation assumes that observations from different sessions belong to one stable alphabet:

\[\begin{equation} O^{(s)} \in \mathcal{A}_{O}^{*}. \end{equation}\]

Under session-specific PADC formation, one instead has

\[\begin{equation} O^{(s)} \in \left( \mathcal{A}_{O}^{(s)} \right)^{*}. \end{equation}\]

Statistics from different sessions cannot be pooled as observations of the same units unless the adversary first reconstructs cross-session identification maps:

\[\begin{equation} J_{r,s}: \mathcal{A}*{O}^{(r)} \rightarrow \mathcal{A}*{O}^{(s)}. \end{equation}\]

Consequently,

\[\begin{equation} \text{more observed sessions} \centernot\Longrightarrow \text{one larger statistical sample}. \end{equation}\]

The attacker must first establish that units observed in different sessions belong to the same analytical classes.

If the alphabet, dictionary partition, target distribution, transition model, auxiliary units, and structural state change between sessions, then cross-session accumulation becomes a prior reconstruction problem rather than an immediately available analytical operation.

The compromise of the conventional cryptographic transformation therefore does not necessarily recover the source message.

If

\[\begin{equation} E_{K}^{-1}(Y) = X, \end{equation}\]

the attacker has recovered an alternative dictionary stream, not necessarily the source message.

The remaining inverse problem is

\[\begin{equation} F_{\Theta}^{-1}(X) = M. \end{equation}\]

Likewise, recovery of visible carrier segmentation does not necessarily recover \(Y\), and recovery of one session alphabet does not necessarily identify the alphabets of later sessions.

The security architecture is therefore layered:

\[\begin{aligned} \text{carrier reconstruction} &\rightarrow \text{cryptographic-object reconstruction}\\ \ &\rightarrow \text{cryptographic transformation recovery}\\ \ &\rightarrow \text{alternative dictionary reconstruction}\\ \ &\rightarrow \text{source-message recovery}. \end{aligned}\]

Success at one stage does not automatically imply success at the next.

The central conclusion of this paper is therefore:

Cryptographic security is not only the difficulty of inverting a transformation inside a predefined symbolic space. It is also the difficulty of stabilizing the alphabet, dictionary, cross-session identity relations, and cryptographic-object structure required to form that space as an object of analysis.

PADC does not replace conventional encryption.

It extends the domain of cryptography from keyed transformations within predefined message and ciphertext spaces to the controlled formation of the symbolic, dictionary, statistical, and structural spaces available to an external observer.

Its principal security objective is not the elimination of all observable regularity.

It is the prevention of a unique and unauthorized stabilization of the relations

\[\begin{aligned} \text{observation} &\leftrightarrow \text{symbol},\\ \ \text{symbol} &\leftrightarrow \text{dictionary unit},\\ \ \text{session unit} &\leftrightarrow \text{cross-session identity},\\ \ \text{carrier segment} &\leftrightarrow \text{cryptographic object},\\ \ \text{alternative dictionary} &\leftrightarrow \text{source message}. \end{aligned}\]

Under this formulation, the formation of the analytical object is not an external preliminary to cryptography.

It is itself a cryptographic problem.

Architectural Security Properties of PADC

The preceding sections introduced Post-Alphabet-Dictionary Cryptography as an architecture in which the alphabet, dictionary, statistical domain, cryptographic-object structure, and cross-session identity relations available to an observer need not be given in advance.

This appendix summarizes the corresponding architectural security properties.

These properties do not replace conventional security properties of the internal cryptographic transformation \(E_{K}\). A block cipher, stream cipher, hash function, signature scheme, or other cryptographic primitive must still be evaluated according to the security criteria appropriate to that primitive.

The properties introduced here concern a prior analytical level:

Can the observer uniquely stabilize the alphabet, dictionary, message space, cryptographic-object space, and representational mappings required to formulate the conventional cryptanalytic problem?

Let

\[\begin{equation} \Omega \end{equation}\]

denote a declared class of admissible PADC architectures.

Let

\[\begin{equation} O \end{equation}\]

be an observable sequence.

A complete reconstruction is represented by

\[\begin{equation} \rho = \left( \mathcal{A}, \mathcal{D}, \mathcal{M}, \mathcal{X}, \mathcal{C}, F, E, R, M, X, Y \right), \end{equation}\]

subject to

\[\begin{equation} M\in\mathcal{M}, \end{equation}\]

\[\begin{equation} X\in\mathcal{X}, \end{equation}\]

\[\begin{equation} Y\in\mathcal{C}, \end{equation}\]

and

\[\begin{equation} X=F(M), \end{equation}\]

\[\begin{equation} Y=E(X), \end{equation}\]

\[\begin{equation} O=R(Y). \end{equation}\]

The reconstruction may additionally include hidden dictionary, distribution, segmentation, and session states such as

\[\begin{equation} \Theta, \qquad \Phi, \qquad K. \end{equation}\]

Define the set of reconstructions compatible with observation \(O\) as

\[\begin{equation} \mathfrak{R}_{\Omega}(O) = \left\{ \rho\in\Omega ;\middle|; \rho \text{ generates or explains } O \right\}. \end{equation}\]

Not every difference between two reconstructions is analytically significant.

Two reconstructions may differ only by:

  • renaming of symbols;

  • permutation of identifiers;

  • reordering of equivalent internal labels;

  • another transformation that preserves all relevant analytical relations.

Such reconstructions are treated as equivalent under a relation

\[\begin{equation} \sim. \end{equation}\]

The relevant object is therefore the quotient set

\[\begin{equation} \mathfrak{R}_{\Omega}(O)/{\sim}. \end{equation}\]

Representational Space Non-Uniqueness

A PADC architecture possesses Representational Space Non-Uniqueness (RSNU) relative to \(\Omega\) and observation \(O\) if

\[\begin{equation} \left| \mathfrak{R}_{\Omega}(O)/{\sim} \right| \geq 2. \end{equation}\]

RSNU requires that at least two analytically inequivalent reconstructions remain compatible with the same observation.

The competing reconstructions may differ in one or more of the following:

  • observable alphabet;

  • source alphabet;

  • observable dictionary;

  • source dictionary;

  • partition of observable units into equivalence classes;

  • source-message space;

  • intermediate representation space;

  • cryptographic-object space;

  • segmentation and assembly rules;

  • relation between the observable stream and the source message.

RSNU therefore concerns a multiplicity of compatible analytical worlds, rather than several notational descriptions of one already established cryptographic object.

The property may be summarized as

\[\begin{equation} O \centernot\Longrightarrow \text{one unique representational space}. \end{equation}\]

Structural Ambiguity Preservation

Let

\[\begin{equation} \operatorname{Struct}_{\Omega}(O) \end{equation}\]

denote the set of cryptographic-object reconstructions compatible with \(O\):

\[\begin{equation} \operatorname{Struct}*{\Omega}(O) = \left\{ \left( \mathcal{C}, \Phi, Y \right) ;\middle|; Y\in\mathcal{C}, ; R*{\Phi}(Y)=O \right\}. \end{equation}\]

A PADC representation possesses Structural Ambiguity Preservation (SAP) if

\[\begin{equation} \left| \operatorname{Struct}_{\Omega}(O)/{\sim} \right| \geq 2. \end{equation}\]

SAP is a structural specialization of RSNU.

It requires that the observable sequence remain compatible with at least two inequivalent cryptographic-object reconstructions.

A stronger form holds when there exist

\[\begin{equation} \left( \mathcal{C}*{1}, \Phi*{1}, Y_{1} \right) \end{equation}\]

and

\[\begin{equation} \left( \mathcal{C}*{2}, \Phi*{2}, Y_{2} \right) \end{equation}\]

such that

\[\begin{equation} \mathcal{C}*{1} \neq \mathcal{C}*{2}, \end{equation}\]

\[\begin{equation} Y_{1} \neq Y_{2}, \end{equation}\]

and

\[\begin{equation} R_{\Phi_{1}}(Y_{1}) = R_{\Phi_{2}}(Y_{2}) = O. \end{equation}\]

In this case, the ambiguity concerns not merely the boundaries of one known object type, but the identity of the cryptographic-object space itself.

Thus,

\[\begin{equation} \operatorname{Seg}(O) \centernot\Longrightarrow \operatorname{Obj}_{\Phi}(O). \end{equation}\]

The visible carrier structure may remain recoverable while the higher-level cryptographic-object structure remains non-unique.

Architectural Non-Stabilizability

Logical non-uniqueness alone is insufficient as a security criterion.

For a finite observation, several artificial reconstructions can often be constructed even for conventional systems. The stronger PADC property concerns whether one reconstruction can be selected as uniquely supported by the available observation.

A PADC architecture possesses Architectural Non-Stabilizability (ANS) relative to an adversary \(\mathcal{A}\) and an admissible architecture class \(\Omega\) if the observable data do not permit \(\mathcal{A}\) to efficiently select one canonical equivalence class

\[\begin{equation} [\rho] \in \mathfrak{R}_{\Omega}(O)/{\sim} \end{equation}\]

as the uniquely supported architecture.

ANS requires both:

  1. representational non-uniqueness;

  2. absence of an efficiently recoverable rule that selects the intended reconstruction without the hidden representational state.

Informally,

\[\begin{equation} \mathrm{ANS} = \mathrm{RSNU} + \text{non-selectability of one intended reconstruction}. \end{equation}\]

The hidden object in ANS is not only a cryptographic key.

It may include:

  • the active alphabet state;

  • the active dictionary partition;

  • the distribution-formation state;

  • the conditional encoding matrix;

  • the structural assembly state;

  • the cryptographic-object space;

  • the cross-session identification state;

  • the mappings connecting observation to source interpretation.

Accordingly, the protected uncertainty is not merely

\[\begin{equation} K\in\mathcal{K}, \end{equation}\]

inside a known cryptographic domain.

The protected uncertainty includes the domain itself:

\[\begin{equation} \left( \mathcal{A}, \mathcal{D}, \mathcal{M}, \mathcal{C}, F, R \right). \end{equation}\]

The PADC security problem is therefore not merely

\[\begin{equation} \text{recover }K \text{ inside a known space}, \end{equation}\]

but

\[\begin{equation} \text{stabilize the space in which } K \text{ and its associated operations are defined}. \end{equation}\]

ANS may be expressed informally as

\[\begin{equation} O \centernot\Longrightarrow \text{one uniquely stabilized architecture}. \end{equation}\]

Cross-Session Analytical Decorrelation

Let

\[\begin{equation} O^{(1)}, O^{(2)}, \ldots, O^{(t)} \end{equation}\]

be observations collected from different sessions.

Let the corresponding observable alphabets and dictionaries be

\[\begin{equation} \mathcal{A}^{(s)}*{O}, \qquad \mathcal{D}^{(s)}*{O}, \qquad s=1,\ldots,t. \end{equation}\]

A cross-session alphabet alignment consists of mappings

\[\begin{equation} J^{A}*{s}: \mathcal{A}^{(s)}*{O} \rightarrow \mathcal{A}^{*}, \end{equation}\]

where \(\mathcal{A}^{*}\) is a candidate common alphabet.

A cross-session dictionary alignment consists of mappings

\[\begin{equation} J^{D}*{s}: \mathcal{D}^{(s)}*{O} \rightarrow \mathcal{D}^{*}, \end{equation}\]

where \(\mathcal{D}^{*}\) is a candidate common dictionary.

A session-rotating PADC architecture possesses Cross-Session Analytical Decorrelation (CSAD) if an observer without the authorized session state cannot efficiently recover a unique family of alignment maps

\[\begin{equation} \left\{ J^{A}_{s}, J^{D}_{s} \right\}_{s=1}^{t}. \end{equation}\]

that embeds the observed sessions into one correctly aligned alphabet and dictionary space.

Under CSAD, the formal concatenation

\[\begin{equation} O^{(1)} \Vert O^{(2)} \Vert \cdots \Vert O^{(t)} \end{equation}\]

does not automatically constitute one enlarged statistical sample.

The observations become jointly usable only after the cross-session identity relations have been reconstructed.

CSAD does not require the absence of statistics within individual sessions.

Each session may possess a stable and measurable local distribution

\[\begin{equation} \mathbf{q}^{(s)} \in \Delta \left( \mathcal{A}^{(s)}_{O} \right). \end{equation}\]

However, two distributions

\[\begin{equation} \mathbf{q}^{(r)} \end{equation}\]

and

\[\begin{equation} \mathbf{q}^{(s)} \end{equation}\]

belong to different coordinate systems unless a valid cross-session alignment has been established.

Consequently,

\[\begin{equation} \mathbf{q}^{(r)} + \mathbf{q}^{(s)} \end{equation}\]

is not an invariantly defined statistical operation before alignment.

The relevant condition is therefore not the elimination of local statistics, but the prevention of their canonical cross-session pooling.

This may be summarized as

\[\begin{equation} \text{more non-aligned sessions} \centernot\Longrightarrow \text{one larger statistical sample}. \end{equation}\]

Why Symbol Relabeling Alone Does Not Establish CSAD

Different visible labels in different sessions are insufficient to establish CSAD.

Suppose that session alphabets differ only by a permutation

\[\begin{equation} \pi_{s}: \mathcal{A}^{(1)}*{O} \rightarrow \mathcal{A}^{(s)}*{O}. \end{equation}\]

Suppose further that the observable distributions satisfy

\[\begin{equation} \mathbf{q}^{(s)} = \mathbf{q}^{(1)}P_{s}, \end{equation}\]

where \(P_{s}\) is the permutation matrix induced by \(\pi_s\).

If the entries of \(\mathbf{q}^{(1)}\) are sufficiently distinct, the permutation may be reconstructed by frequency ranking.

Likewise, cross-session alignment may be supported by persistent invariants such as:

  • stable higher-order transitions;

  • fixed unit lengths;

  • recurring positions;

  • persistent LSEG identifiers;

  • constant fragment sizes;

  • stable timing relations;

  • unchanged cryptographic-object boundaries;

  • repeated auxiliary structures.

Therefore,

\[\begin{equation} \mathcal{A}^{(r)}*{O} \neq \mathcal{A}^{(s)}*{O} \end{equation}\]

is necessary but not sufficient.

The stronger condition is

\[\begin{equation} \text{no efficiently recoverable } J_{r,s} \end{equation}\]

from the observable data available to the adversary.

Session rotation must alter not only visible labels, but also the relations by which those labels could be aligned.

The session state may therefore modify:

  • alphabet cardinality;

  • symbol-equivalence classes;

  • dictionary partition;

  • conditional encoding matrix;

  • target distribution;

  • higher-order transition model;

  • auxiliary and null units;

  • segment assembly rules;

  • cryptographic-object hypotheses compatible with observation.

Long-Term Architectural Non-Stabilizability

Let

\[\begin{equation} \mathfrak{G}_{t} \end{equation}\]

denote the set of global reconstructions compatible with the first \(t\) sessions:

\[\begin{equation} \mathfrak{G}_{t} = \left\{ \mathcal{G} \;\middle|\; \mathcal{G} \text{ jointly explains } O^{(1)}, \ldots, O^{(t)} \right\}. \end{equation}\]

A global reconstruction includes:

  • one candidate alphabet state for each session;

  • one candidate dictionary state for each session;

  • candidate structural states;

  • candidate cryptographic-object spaces;

  • candidate cross-session identification maps;

  • a candidate common source interpretation.

Long-term ANS requires

\[\begin{equation} \left| \mathfrak{G}_{t}/{\sim} \right| \geq 2 \end{equation}\]

and the absence of an efficient canonical selector for the intended global reconstruction.

The condition is not satisfied merely because each session independently admits several descriptions.

It requires multiple inequivalent explanations of the entire sequence of sessions.

CSAD is therefore a cross-session mechanism supporting long-term ANS:

\[\begin{equation} \mathrm{ANS}*{1} + \mathrm{CSAD} \longrightarrow \mathrm{ANS}*{t}, \end{equation}\]

provided that no persistent observable invariant independently identifies the session-specific representational states.

Relation Among the Architectural Properties

The proposed properties form a hierarchy.

SAP concerns non-uniqueness at the level of cryptographic-object structure.

RSNU concerns non-uniqueness of the broader representational space.

ANS strengthens RSNU by requiring that the intended reconstruction cannot be efficiently and canonically selected from the compatible alternatives.

CSAD extends this condition across sessions by preventing the immediate formation of one shared alphabet-dictionary space.

Thus,

\[\begin{equation} \mathrm{SAP} \subseteq \mathrm{RSNU} \subseteq \mathrm{ANS}, \end{equation}\]

while

\[\begin{equation} \mathrm{CSAD} \end{equation}\]

is a temporal condition intended to preserve ANS under repeated observation.

The relations should not be interpreted as claims that every instance of RSNU automatically satisfies ANS, or that every session-rotating system automatically satisfies CSAD.

They identify progressively stronger architectural requirements.

Why Conventional Security Games Presuppose the Protected Object

Conventional cryptographic games are formulated over a common analytical domain.

For example, message-indistinguishability games assume that

\[\begin{equation} m_{0},m_{1}\in\mathcal{M}, \end{equation}\]

where \(\mathcal{M}\) is one established message space.

The competing messages are therefore already comparable as objects of the same type.

This assumption extends beyond the message set.

A conventional security game normally presupposes a shared:

  • alphabet;

  • dictionary;

  • message space;

  • ciphertext space;

  • cryptographic-object type;

  • interpretation of the challenge interface;

  • relation of identity among the objects being compared.

The game varies a message, key, nonce, challenge bit, or oracle response inside this common domain.

It does not normally test whether the domain itself can be formed uniquely from observation.

PADC addresses the prior case in which competing reconstructions may belong to different dictionaries and different representational spaces:

\[\begin{equation} M_{0}\in\mathcal{M}_{0}, \end{equation}\]

\[\begin{equation} M_{1}\in\mathcal{M}_{1}, \end{equation}\]

with

\[\begin{equation} \mathcal{D}*{0} \neq \mathcal{D}*{1}, \end{equation}\]

and potentially

\[\begin{equation} \mathcal{M}*{0} \neq \mathcal{M}*{1}. \end{equation}\]

Without a shared dictionary, the objects are not yet established as two alternatives inside one analytical space.

To place such reconstructions into one conventional challenge game, one must first introduce a common metarepresentational space

\[\begin{equation} \mathcal{U} \end{equation}\]

and embeddings

\[\begin{equation} \iota_{0}: \mathcal{M}_{0} \rightarrow \mathcal{U}, \end{equation}\]

\[\begin{equation} \iota_{1}: \mathcal{M}_{1} \rightarrow \mathcal{U}. \end{equation}\]

These embeddings establish which objects from the different dictionaries are to be treated as comparable alternatives.

However, the construction of such a common space already performs an analytical stabilization:

\[\begin{equation} \mathcal{D}*{0}, \mathcal{D}*{1} \longrightarrow \mathcal{D}^{*}. \end{equation}\]

It establishes a common dictionary in which the challenge alternatives can be identified and compared.

This is precisely the operation whose unique recoverability PADC places under protection.

Consequently, a conventional game cannot be treated as a neutral foundational definition of PADC security when the game presupposes a common dictionary that is not available to the external observer.

The prior PADC question is not

\[\begin{equation} \text{which of two messages in } \mathcal{M} \text{ was selected?} \end{equation}\]

It is

\[\begin{equation} \text{which alphabet, dictionary, message space, and object structure make the observation a message at all?} \end{equation}\]

Only after these spaces have been stabilized does a conventional indistinguishability game become well-defined.

Thus,

\[\begin{equation} \text{standard game-based security} \end{equation}\]

begins after the central PADC reconstruction problem has already been resolved.

Why a Metatheoretical Hypothesis Set Does Not Supply the Observer’s Dictionary

An analyst may define a metatheoretical class

\[\begin{equation} \Omega \end{equation}\]

containing several candidate architectures.

The existence of this class for the author of the model does not imply that the external observer possesses a shared dictionary in which all members of \(\Omega\) are already aligned.

The model author may write

\[\begin{equation} \rho_{0}, \rho_{1} \in \Omega, \end{equation}\]

because both reconstructions are represented in the author’s metatheoretical language.

The observer, however, receives only

\[\begin{equation} O. \end{equation}\]

The observer is not automatically given:

  • the correspondence between the alphabets of \(\rho_{0}\) and \(\rho_{1}\);

  • the correspondence between their dictionaries;

  • the relation between their message spaces;

  • the equivalence relation under which their objects become comparable;

  • the intended embedding into the author’s metatheoretical space.

Therefore,

\[\begin{equation} \rho_{0}, \rho_{1} \in \Omega \end{equation}\]

does not imply

\[\begin{equation} \text{the observer can formulate } \rho_{0} \text{ and } \rho_{1} \text{ as two alternatives of one type}. \end{equation}\]

The metatheoretical hypothesis set belongs to the description of the security problem.

It does not automatically belong to the adversary’s stabilized analytical domain.

PADC as a Different Epistemic Starting Point

Classical cryptography normally assumes that the following are given:

  • the message space;

  • the ciphertext space;

  • the alphabet;

  • the dictionary;

  • the cryptographic-object type;

  • the object boundaries;

  • the relation of identity across observations;

  • the relation of identity across sessions.

The remaining central uncertainty is usually the key, the message, or a random choice made inside those established spaces.

PADC begins from a different condition.

For the external observer, the following may remain non-given:

  • the source-message space;

  • the intermediate representation space;

  • the ciphertext space;

  • the source alphabet;

  • the observable alphabet;

  • the source dictionary;

  • the observable dictionary;

  • the partition into equivalence classes;

  • the cryptographic-object structure;

  • the cross-session identity relations;

  • the mappings connecting observation to source interpretation.

The cryptographic key is therefore only one component of a broader hidden architectural state.

The difference may be summarized as follows.

In conventional cryptography,

\[\begin{equation*} \text{analytical space} + \text{unknown key} \longrightarrow \text{cryptanalytic problem}. \end{equation*}\]

In PADC,

\[\begin{equation*} \text{observation} \longrightarrow \text{candidate analytical spaces} \longrightarrow \text{candidate cryptographic problems}. \end{equation*}\]

The security objective is therefore not only to prevent inversion inside one established space.

It is to prevent the unique unauthorized stabilization of the space in which inversion would be defined.

Architectural Security Before Algorithmic Security

The architectural properties introduced in this appendix operate before conventional algorithm-level security properties.

They can be ordered as follows:

\[\begin{aligned} \text{observation} &\rightarrow \text{alphabet stabilization}\\ \ &\rightarrow \text{dictionary stabilization}\\ \ &\rightarrow \text{cross-session alignment}\\ \ &\rightarrow \text{cryptographic-object stabilization}\\ \ &\rightarrow \text{message-space stabilization}\\ \ &\rightarrow \text{conventional cryptographic analysis}. \end{aligned}\]

RSNU, SAP, ANS, and CSAD concern the earlier stages of this sequence.

Conventional cryptographic definitions concern the later stage, after the analytical domain has already been established.

The two levels are therefore complementary but not interchangeable.

A PADC architecture may preserve ANS while using an internally weak cryptographic primitive.

Conversely, an internally strong cryptographic primitive may operate inside a representation that exposes a unique and stable analytical architecture.

A complete security evaluation must therefore distinguish:

  1. algorithmic security of \(E_{K}\);

  2. architectural non-stabilizability of \(\left(F_{\Theta},R_{\Phi}\right)\);

  3. cross-session preservation of that non-stabilizability.

The central architectural principle is:

Before an observer can attack a key, message, or cryptographic transformation, the observer must possess a stable alphabet, dictionary, message space, and cryptographic-object space in which those objects can be identified.

PADC places the formation of that analytical space within the protected architecture.

References

[1]
A. A. Nekludoff, “Alphabet formation and the epistemic limits of cryptographic analysis,” AstraVerge Research, Research Paper, Dec. 2025. doi: 10.5281/zenodo.18126229.
[2]
A. A. Nekludoff, “Before information: Languages, dictionaries, alphabets, and messages,” AstraVerge Research, Research Paper, 2026. doi: 10.5281/zenodo.20771404.
[3]
A. A. Nekludoff, “Dynamics of linguistic constructions: Coordination, canonization, and divergence of dictionaries,” AstraVerge Research, Research Paper, 2026. doi: 10.5281/zenodo.20727647.
[4]
A. A. Nekludoff, “LSEG: A segment-based protocol for data interpretation,” AstraVerge Research Lab, Research Paper, 2025. doi: 10.5281/zenodo.17786342.