Christophe Parisel

Christophe Parisel

Cloud permission governance implicitly treats permission equivalence as a static relation. We show that for non-human identities (NHIs), equivalence has two irreducible components: structural equivalence, capturing identical permission profiles at a snapshot via graph fibration, and temporal equivalence, capturing recurring permission states via strongly connected components (SCCs) in a fiber transition graph. We call the equivalence classes under temporal equivalence privilege circuits. We formalize a three-layer framework: (1) a spatial quotient of the permission graph via fibration, (2) a lineage partition organizing stable transition compartments, (3) windowed SCC analysis as a temporal quotient within lineages. Empirical evaluation on a large Azure tenant supports the framework. Backtesting demonstrates that early observation of ratchet-type privilege circuits predicts long-term structural stability.

Christophe Parisel

We present a quantitative analysis of character-pair substitution ratios in the Voynich manuscript, testing whether Currier's A/B language distinction (1976) reflects a genuine structural property of the text. A Beta-Binomial mixture model applied to raw character counts without access to labels recovers the Currier split with ARI = 0.383. A supervised Beta-Binomial classifier trained on a subset of folios predicts the A/B identity of held-out folios at 89.2% accuracy. The character pairs separate into three functional regimes that constrain any theory of the Voynich writing system.

Christophe Parisel

The Voynich Manuscript (VMS) exhibits a script of uncertain origin whose grapheme sequences have resisted linguistic analysis. We present a systematic analysis of its grapheme sequences, revealing two complementary structural layers: a character-level right-to-left optimization in word-internal sequences and a left-to-right dependency at word boundaries, a directional dissociation not observed in any of our four comparison languages (English, French, Hebrew, Arabic). We further evaluate two classes of structured generator against a four-signature joint criterion: a parametric slot-based generator and a Cardan grille implementing Rugg's (2004) gibberish hypothesis. Across their full tested parameter spaces, neither class reproduces all four signatures simultaneously. While these results do not rule out generator classes we have not tested, they provide the first quantitative benchmarks against which any future generative or cryptanalytic model of the VMS can be evaluated, and they suggest that the VMS exhibits cipher-like structural constraints that are difficult to reproduce from simple positional or frequency-based mechanisms alone.

Christophe Parisel

In a companion paper, we prove that the Burau-Lyapunov exponent LE discriminates focused from dispersed privilege escalation ratchets in cloud IAM graphs, and that no abelian statistic can replicate this discrimination. To strengthen this claim beyond its synthetic validation corpus, we apply the identical pipeline, with zero parameter retuning, to solar coronal magnetic fields: a physical system with no connection to cloud identity and access management, whose binary eruptive/confined outcome is independently established by decades of astrophysical observation.

Christophe Parisel

Within the Strongly Connected Components (SCCs) formed during the temporal evolution of a Cloud permission graph, we use the Burau Lyapunov exponent LE as an algebraic probe to locate the boundary between two risks regimes. We prove that no Abelian statistic (edge counts, net privilege flow, gate-firing rates) can determine LE. The non-commutation advantage is small, but actionable: we show how to leverage it to discriminate the two outstanding risk regimes, that we call dispersed and focused, for automating classification and governing remediation of risky Cloud permission flows.