Documentation and improved bit-order treatment

AsconHash.cry

@@ -5,13 +5,13 @@ import Ascon
 // 5. Hash and eXtendable-Output Functions (XOFs)
 
 Ascon_Digest : {n} (fin n) => [64] -> [n][64] -> [inf]
-Ascon_Digest IV Ms = join [reverse (head S) | S <- iterate Ascon_p`{12} Sn]
+Ascon_Digest IV Ms = wordsToBits [head S | S <- iterate Ascon_p`{12} Sn]
     where
     S0 = Ascon_p`{12} [IV, 0, 0, 0, 0]
     Sn = foldl AbsorbBlock S0 Ms
 
 AbsorbBlock : State -> [64] -> State
-AbsorbBlock [s0, s1, s2, s3, s4] X = Ascon_p`{12} [reverse X ^ s0, s1, s2, s3, s4]
+AbsorbBlock [s0, s1, s2, s3, s4] X = Ascon_p`{12} [X ^ s0, s1, s2, s3, s4]
 
 /// 5.1. Specification of Ascon-Hash256
 Ascon_Hash256 : {n} (fin n) => [n] -> [256]
@@ -21,7 +21,7 @@ Ascon_Hash256_IV : [64]
 Ascon_Hash256_IV = 0x0000080100cc0002
 
 Ascon_Hash256_bytes : {n} (fin n) => [n][8] -> [32][8]
-Ascon_Hash256_bytes M = map reverse (split (Ascon_Hash256 (join (map reverse M))))
+Ascon_Hash256_bytes M = bitsToWords (Ascon_Hash256 (wordsToBits M))
 
 property
   initial_value_works =
@@ -38,19 +38,19 @@ Ascon_XOF128_IV : [64]
 Ascon_XOF128_IV = 0x0000080000cc0003
 
 Ascon_XOF128_bytes : {r, n} (fin n, fin r) => [n][8] -> [r][8]
-Ascon_XOF128_bytes M = map reverse (split (Ascon_XOF128 (join (map reverse M))))
+Ascon_XOF128_bytes M = bitsToWords (Ascon_XOF128 (wordsToBits M))
 
 // 5.3. Specification of Ascon-CXOF128
 
 Ascon_CXOF128 : {r, c, n} (fin n, fin r, fin c, 64 >= width c) => [c] -> [n] -> [r]
 Ascon_CXOF128 Z M = take (Ascon_Digest Ascon_CXOF128_IV Ms)
   where
-    Ms = [reverse `c]
+    Ms = [`c]
        # toBlocks Z
        # toBlocks M
 
 Ascon_CXOF128_bytes : {r, z, n} (fin n, fin r, 61 >= width z) => [z][8] -> [n][8] -> [r][8]
-Ascon_CXOF128_bytes Z M = map reverse (split (Ascon_CXOF128 (join (map reverse Z)) (join (map reverse M))))
+Ascon_CXOF128_bytes Z M = bitsToWords (Ascon_CXOF128 (wordsToBits Z) (wordsToBits M))
 
 Ascon_CXOF128_IV : [64]
 Ascon_CXOF128_IV = 0x0000080000cc0004