1 files changed, 14 insertions, 26 deletions

diff --git a/src/ref/cipher.c b/src/ref/cipher.c
index 5f26cc9..5822575 100644
--- a/src/ref/cipher.c
+++ b/src/ref/cipher.c
@@ -83,44 +83,32 @@ static void _compute_round_tweakeys(
 }
 
 
+static uint8_t _Fj(uint8_t Xj, uint8_t RTKj)
+{
+    return S[Xj] ^ RTK[j];
+}
+
 static void _nonlinear_layer(uint8_t X[BLOCK_BYTES], const uint8_t RTK[ROUND_TWEAKEY_BYTES])
 {
-    uint8_t F[ROUND_TWEAKEY_BYTES];
-    for (size_t j=0; j<ROUND_TWEAKEY_BYTES; j++)
+    for (size_t j=0; j<8; j++)
     {
-        F[j] = X[j] ^ RTK[j];
+        X[15-j] ^= _Fj(X[j], RTK[j]);
     }
+}
 
-    for (size_t j=0; j<ROUND_TWEAKEY_BYTES; j++)
+static void _linear_layer(uint8_t X[BLOCK_BYTES])
+{
+    for (size_t j=1; j<8; j++)
     {
-        F[j] = S[F[j]];
+        X[15] ^= X[j];
     }
 
-    for (size_t j=0; j<8; j++)
+    for (size_t j=9; j<15; j++)
     {
-        size_t dest_j = 15-j;
-        X[dest_j] ^= F[j];
+        X[j] ^= X[7];
     }
 }
 
-static void _linear_layer(uint8_t X[BLOCK_BYTES])
-{
-    X[15] ^= X[1];
-    X[15] ^= X[2];
-    X[15] ^= X[3];
-    X[15] ^= X[4];
-    X[15] ^= X[5];
-    X[15] ^= X[6];
-    X[15] ^= X[7];
-
-    X[14] ^= X[7];
-    X[13] ^= X[7];
-    X[12] ^= X[7];
-    X[11] ^= X[7];
-    X[10] ^= X[7];
-    X[9]  ^= X[7];
-}
-
 static void _permutation_layer(uint8_t X[BLOCK_BYTES], permutation p)
 {
     if (p == PERMUTATION_NONE)