list - 使用 Cryptollist 问题实现 GIFT-COFB 算法

Cryptol 的类型系统旨在使您在加密算法中发现的这些类型的位拆分几乎可以轻松表达。事实上，一旦你习惯了这种风格，没有循环是一个好处，而不是坏处。

可能有多种方法来编写“初始化”代码。但我会这样做：

load : {a} [128][a] -> [4][32][a]
load(elts) = reverse (transpose cols)
  where cols : [32][4][a]
        cols = split elts

请注意，此处的类型比您需要的更通用，但它允许更轻松的测试。这是我在密码提示符下得到的：

Main> :set base=10
Main> load [127, 126 .. 0]
Showing a specific instance of polymorphic result:
  * Using '7' for type argument 'a' of 'Main::load'
[[124, 120, 116, 112, 108, 104, 100, 96, 92, 88, 84, 80, 76, 72,
  68, 64, 60, 56, 52, 48, 44, 40, 36, 32, 28, 24, 20, 16, 12, 8, 4,
  0],
 [125, 121, 117, 113, 109, 105, 101, 97, 93, 89, 85, 81, 77, 73, 69,
  65, 61, 57, 53, 49, 45, 41, 37, 33, 29, 25, 21, 17, 13, 9, 5, 1],
 [126, 122, 118, 114, 110, 106, 102, 98, 94, 90, 86, 82, 78, 74, 70,
  66, 62, 58, 54, 50, 46, 42, 38, 34, 30, 26, 22, 18, 14, 10, 6, 2],
 [127, 123, 119, 115, 111, 107, 103, 99, 95, 91, 87, 83, 79, 75, 71,
  67, 63, 59, 55, 51, 47, 43, 39, 35, 31, 27, 23, 19, 15, 11, 7, 3]]

这有点难以阅读，所以这里是格式化的：

[[124, 120, 116, 112, 108, 104, 100, 96, 92, 88, 84, 80, 76, 72, 68, 64, 60, 56, 52, 48, 44, 40, 36, 32, 28, 24, 20, 16, 12, 8, 4,  0],
 [125, 121, 117, 113, 109, 105, 101, 97, 93, 89, 85, 81, 77, 73, 69, 65, 61, 57, 53, 49, 45, 41, 37, 33, 29, 25, 21, 17, 13, 9, 5, 1],
 [126, 122, 118, 114, 110, 106, 102, 98, 94, 90, 86, 82, 78, 74, 70, 66, 62, 58, 54, 50, 46, 42, 38, 34, 30, 26, 22, 18, 14, 10, 6, 2],
 [127, 123, 119, 115, 111, 107, 103, 99, 95, 91, 87, 83, 79, 75, 71,  67, 63, 59, 55, 51, 47, 43, 39, 35, 31, 27, 23, 19, 15, 11, 7, 3]]

这正是您想要的结构。现在我们可以专攻：

loadBits : [128] -> [4][32]
loadBits(vector) = reverse (transpose cols)
  where cols : [32][4]
        cols = split vector

请注意，代码与之前完全相同，我们只是将其特定于您想要的类型。

希望这能让你开始！