|
|
|---|
|
|
|
|---|
Squeeze one element from the sponge.
(squeeze1 sponge param) → (mv output new-sponge)
This is quite analogous to absorb1 (see that function's documentation), with the roles of the modes swapped. The main difference is that the state vector is unchanged, and instead we return the element of the state pointed to by the index.
Function:
(defun squeeze1 (sponge param) (declare (xargs :guard (and (spongep sponge) (paramp param)))) (declare (xargs :guard (sponge-validp sponge param))) (let ((__function__ 'squeeze1)) (declare (ignorable __function__)) (b* (((sponge sponge) sponge) ((param param) param) ((mv stat index) (if (or (equal sponge.index param.rate) (mode-case sponge.mode :absorb)) (mv (permute sponge.stat param) 0) (mv sponge.stat sponge.index))) (list-index-in-rate (if param.ascending-p index (- (1- param.rate) index))) (list-index-in-stat (if param.rate-then-capacity-p list-index-in-rate (+ param.capacity list-index-in-rate))) (output (nth list-index-in-stat stat))) (mv output (make-sponge :stat stat :mode (mode-squeeze) :index (1+ index))))))
Theorem:
(defthm fep-of-squeeze1.output (implies (sponge-validp sponge param) (b* (((mv ?output ?new-sponge) (squeeze1 sponge param))) (fep output (param->prime param)))) :rule-classes :rewrite)
Theorem:
(defthm spongep-of-squeeze1.new-sponge (b* (((mv ?output ?new-sponge) (squeeze1 sponge param))) (spongep new-sponge)) :rule-classes :rewrite)
Theorem:
(defthm sponge-validp-of-squeeze1 (implies (sponge-validp sponge param) (b* (((mv ?output ?new-sponge) (squeeze1 sponge param))) (sponge-validp new-sponge param))) :rule-classes :rewrite)