Defense-in-Depth Encryption · For the People
MEDINA is a defense-in-depth encryption architecture that combines two independent mechanisms — sequential key-dependent layers and blind path routing — to require attackers to break both simultaneously.
The Problem
Bitcoin, Ethereum, TLS, SSH, your bank — all rely on elliptic curve cryptography. Shor's algorithm on a fault-tolerant quantum computer recovers private keys from public keys in polynomial time. Not weakened. Broken.
Cryptographically relevant quantum computers are estimated by 2035–2050. But "harvest now, decrypt later" attacks are happening today. Adversaries are already collecting encrypted traffic to decrypt when quantum arrives.
NIST's post-quantum standards address key exchange and signatures. But symmetric encryption — the actual data protection — relies on a single layer. MEDINA adds architectural depth: two entangled secrets, sequential dependencies, and authenticated encryption.
The Architecture
MEDINA builds on proven primitives (AES-256, SHA3-256, HKDF) but combines them in a novel construction: the path key and master key are cryptographically entangled, so neither can be attacked independently. The architecture adds defense in depth — not a new primitive, but a new way of composing existing ones.
Sequential Key Dependencies
Encryption is applied in sequential, dependent layers — like Russian nesting dolls. Each layer's key is derived from the output of the previous layer.
Kn = KDF(outputn-1 || saltn || context)
Each layer's key derives from the previous layer's output. An attacker cannot skip ahead or parallelize the attack — every layer must be resolved in order. Combined with the entangled path key, the effective key space multiplies rather than adds.
Blind Path Verification
The decryption path is a binary sequence through a massive graph of indistinguishable nodes. At each node, choose 0 or 1. No node reveals whether you're on the right path.
path_key = "01101001...10" // length = N decision points
The path key routes through a SHA3-256 hash graph. With no intermediate verification possible, an attacker must complete the entire path before knowing if it was correct. Wrong paths fail silently at the authentication layer.
The master key and path key are cryptographically entangled — neither can be cracked independently. Matryoshka chains enforce sequential decryption. Blind Souk adds a second independent secret with no oracle feedback. HMAC authentication catches any tampering or wrong-key attempt. The result: defense in depth built on battle-tested primitives.
Implications
Every system that stores or transmits sensitive data relies on encryption. MEDINA adds defense in depth to the symmetric encryption layer.
HTTPS, API security, certificate authorities. Every secure connection on the internet uses key exchange algorithms that quantum computing will break. MEDINA can replace the vulnerable layer.
Interbank transfers, payment processing, card security. Financial infrastructure is built on RSA and ECC. A quantum breach here isn't theoretical — it's existential.
Classified communications, intelligence systems, diplomatic channels. Nation-states are already stockpiling encrypted traffic for future quantum decryption.
Patient records, genomic data, research IP. Medical data has a long shelf life — records encrypted today must remain private for decades.
Databases, backups, archives, cold storage. Data encrypted today must remain private for decades. Two-factor encryption adds a second independent secret.
End-to-end encrypted messaging, email, file storage. The promise of privacy means nothing if the underlying encryption has a known expiration date.
A Tribute
MEDINA is a Moroccan project. It carries the name of the ancient walled cities — the medinas — that have protected communities for over a thousand years. This project exists because of the foundations laid by Morocco's leadership in education, technology, and national development.
الحسن الثاني
Thank you for building the schools. Thank you for opening the doors. The universities, the bridges to the world, the belief that a nation's greatest resource is its people's minds. You gave us the foundation. We built on it.
محمد السادس
Thank you for the digital Morocco. The fiber optic, the tech hubs, the polytechnic university, the strategy that said "this country will not be left behind." You gave a generation the tools to create. This is one of the things we created.
Thank you both. MEDINA is Moroccan.
This is what your investment in a nation looks like when it grows.
How We Compare
MEDINA does not replace AES-256, Dilithium, or Kyber. It complements them. AES-256 already provides 128-bit post-quantum security. MEDINA's contribution is architectural: two-factor symmetric encryption with entangled keys and sequential dependencies.
Dilithium and Kyber solve asymmetric crypto (signatures and key exchange). They are essential and complementary to MEDINA. Different problems, different solutions.
A symmetric encryption construction that adds defense in depth. Two entangled secrets, sequential layer dependencies, blind path routing, and HMAC authentication. Uses AES-256 and SHA3 internally — proven, not novel primitives in a novel composition.
Standing on Giants
MEDINA exists because these came first. Every encrypted message, every secure transaction, every protected secret — traces back to these minds.
The word algorithm is his name, Latinized. Working in Baghdad's House of Wisdom around 820 AD, al-Khwarizmi wrote Kitab al-Jabr — giving us the word algebra. Every algorithm ever written, including MEDINA, descends from his work.
The idea that changed everything: two strangers can agree on a secret over a public channel. Before Diffie-Hellman, secure communication required physically exchanging keys.
The first practical public-key cryptosystem. For nearly 50 years, RSA has protected banking, government, and military communications. Its quantum vulnerability motivates strengthening all layers of encryption.
The workhorse of modern encryption. MEDINA uses AES-256 as its core cipher. We don't replace AES — we build a defense-in-depth construction around it.
Proved that cryptography can replace trust. Bitcoin showed the world that math can be money. Its success demonstrated how critical strong encryption is to digital infrastructure.
End-to-end encryption for the masses. The Signal Protocol powers WhatsApp, Signal, and Facebook Messenger — protecting billions of conversations.
From al-Khwarizmi's algebra to Signal's double ratchet —
1,200 years of building the secure world.
MEDINA builds on their work.
License
MEDINA is currently released under the MEDINA Open Audit License (MOAL v1.0). You can read it, audit it, attack it, and publish your findings. But you cannot copy the code, create derivative works, or use it commercially without permission.
We believe in Kerckhoffs's principle: a cryptographic system must be secure even if everything about the system, except the key, is public knowledge. The algorithm is transparent. The implementation is ours — for now.
Roadmap
Architecture design, threat modeling, mathematical foundations. Working reference implementation with live challenges.
Mathematical security proofs. Rust reference implementation. Independent third-party audit.
Drop-in libraries for TLS, SSH, file encryption, and web applications. Making defense in depth accessible.
Commercial licensing for enterprise integration. Compliance certification partnerships. Revenue generation.
IETF RFC submissions, NIST evaluation track, potential open-sourcing under permissive license.
Honest Assessment
Good cryptography is built on honesty, not hype. Here's what we know we need to solve.
Sequential layers mean slower encryption/decryption. We need to find the right balance between security depth and practical speed.
Large path keys are enormous. We're researching compression strategies and hierarchical path structures to make key management practical.
Security claims must hold under timing attacks, power analysis, and cache-based attacks. This requires careful constant-time implementation.
Mathematical security reduction to known hard problems. We need to prove, not just argue, that MEDINA's security guarantees hold.
MEDINA uses AES-256, SHA3-256, and HKDF — existing, proven primitives. Our contribution is the construction: how these are composed, entangled, and sequenced. We claim architectural novelty, not cryptographic novelty.
Live Challenges
We encrypted two files with MEDINA and published everything — the algorithm, the code, the encrypted output. All you need are the keys.
8 layers. 16-bit path. Deliberately weakened for humans to crack. The master key is a SHA256 of something guessable. First to decrypt and post with #MEDINAChallenge gets credited.
718 bytes · 216 paths · 8 AES layers
Take the Challenge →64 layers. 256-bit path. 256-bit random key. Full-strength MEDINA. No known classical or quantum attack can crack this by brute force.
4,334 bytes · 2256 paths · 64 AES layers
See the Forever File →MEDINA is in active development. Review the code, break our assumptions, join the mission.
Get in Touch
We welcome cryptographers, researchers, enterprises, and anyone who cares about the future of encryption.
◆ MARRAKECH ◆
مراكش
MEDINA is named for the ancient walled cities of Morocco — where the souks are labyrinths by design, where every alley looks the same to outsiders, and where the only way through is to know the path.
The Blind Souk routing algorithm is a tribute to Marrakech — the Red City, founded in 1070, approaching its thousandth year. Almost a millennium of walls that still stand.
Est. 1070 — 956 years and counting