Copyright  (C) 2014 Ricky Elrod 

License  BSD2 (see LICENSE file) 
Maintainer  Ricky Elrod <ricky@elrod.me> 
Stability  experimental 
Portability  lens 
Safe Haskell  None 
Language  Haskell2010 
The original paper for the Spritz cipher can be found here:
https://people.csail.mit.edu/rivest/pubs/RS14.pdf
This package provides a Haskell implementation of the pseudocode in the paper listed above. It intends to be a direct implementation of the cipher, so we rely heavily on use of the State monad. We also make heavy use of the lens library's combinators, internally, to ease our use of State.
Lastly, I must give a shoutout to spritzjs for the bitmasking parts and for existing so that I had something to test against when I was done.
 data SpritzState = SpritzState {}
 i :: Lens' SpritzState Int
 j :: Lens' SpritzState Int
 k :: Lens' SpritzState Int
 z :: Lens' SpritzState Int
 w :: Lens' SpritzState Int
 a :: Lens' SpritzState Int
 s :: Lens' SpritzState (Vector Int)
 n :: Lens' SpritzState Int
 initializeState :: Int > SpritzState
 absorb :: Vector Int > State SpritzState ()
 absorbByte :: Int > State SpritzState ()
 absorbNibble :: Int > State SpritzState ()
 absorbStop :: State SpritzState ()
 shuffle :: State SpritzState ()
 whip :: Int > State SpritzState ()
 crush :: State SpritzState ()
 squeeze :: Int > State SpritzState (Vector Int)
 drip :: State SpritzState Int
 update :: State SpritzState ()
 output :: State SpritzState Int
 low :: (Bits a, Num a, Show a) => a > a
 high :: (Bits a, Num a, Show a) => a > a
 plusmod :: Integral a => a > a > a > a
 submod :: Integral a => a > a > a > a
 swap :: Int > Int > State SpritzState ()
 encrypt :: Vector Int > Vector Int > SpritzState > Vector Int
 decrypt :: Vector Int > Vector Int > SpritzState > Vector Int
 keySetup :: Int > Vector Int > State SpritzState ()
 hash :: Vector Int > Int > SpritzState > Vector Int
 mac :: Vector Int > Vector Int > Int > SpritzState > Vector Int
State/Lenses
data SpritzState
Register values and s
. As a difference to the paper, we also include
n
in the state, for easy access to it within the various functions.
See §3.1 State.
SpritzState  

i :: Lens' SpritzState Int
j :: Lens' SpritzState Int
k :: Lens' SpritzState Int
z :: Lens' SpritzState Int
w :: Lens' SpritzState Int
a :: Lens' SpritzState Int
s :: Lens' SpritzState (Vector Int)
n :: Lens' SpritzState Int
Spritz basic functions
:: Int  The 
> SpritzState  The initial state. 
Returns the standard initial state. See §3.2 InitializeState.
absorb :: Vector Int > State SpritzState ()
absorbByte :: Int > State SpritzState ()
Splits the given input byte into two nibbles and updates state based on each nibble, loworder nibble first. See §3.2 AbsorbByte.
absorbNibble :: Int > State SpritzState ()
TODO: Write documentation. See §3.2 AbsorbNibble.
absorbStop :: State SpritzState ()
Equivalent to absorbing a special "stop" symbol outside of the oridnary input alphabet. The intent is to provide a clean way to separate different inputs being absorbed. See §2.1.
shuffle :: State SpritzState ()
:: Int 

> State SpritzState () 
crush :: State SpritzState ()
squeeze :: Int > State SpritzState (Vector Int)
drip :: State SpritzState Int
update :: State SpritzState ()
output :: State SpritzState Int
Helper functions
submod :: Integral a => a > a > a > a
See plusmod
. This is very similar except it subtracts the first two
arguments instead of adding them.
swap :: Int > Int > State SpritzState ()
Swap two elements given indices of S.
Making use of everything
Encyrption
:: Vector Int  The key. 
> Vector Int  The decrypted message. 
> SpritzState  Starting state. 
> Vector Int 
:: Vector Int  The key. 
> Vector Int  The encrypted message. 
> SpritzState  Starting state. 
> Vector Int 
:: Int  Our N value. 256 in the paper. 
> Vector Int  The key. 
> State SpritzState () 
Hashing
:: Vector Int  The message. 
> Int  r (number of bytes). 
> SpritzState  Initial state. 
> Vector Int 
Produces an r
byte hash of the input message.
hash
absorbs the input message, calls absorbStop
to signal the end of the
input message, then absorbs the desired hash length (r
).
The given r
is absorbed for functional separation.
See §2.3.