/**
* # UMASH: a non-cryptographic hash function with collision bounds
*
* SPDX-License-Identifier: MIT
* Copyright 2020 Backtrace I/O, Inc.
*
* UMASH is a fast (9-22 ns latency for inputs of 1-64 bytes and 22
* GB/s peak throughput, on a 2.5 GHz Intel 8175M) 64-bit hash
* function with mathematically proven collision bounds: it is
* [ceil(s / 4096) * 2^{-55}]-almost-universal for inputs of s or
* fewer bytes.
*
* When that's not enough, UMASH can also generate two independent
* 64-bit hashes in a single traversal. The resulting fingerprint
* squares the collision probability to less than
* ceil(l / 4096)^2 * 2^{-110}; the probability that two distinct
* inputs receive the same fingerprint is less than 2^{-70} as long
* as they are shorter than 7.5 GB each. This expectation is taken
* over the randomly generated `umash_params`; if an attacker can
* infer the contents of these parameters, the bounds do not apply.
*
* ## Initialisation
*
* In order to use `UMASH`, one must first generate a `struct
* umash_params`; each such param defines a distinct `UMASH` function
* (a pair of such functions, in fact). Ideally, one would fill
* a struct with random bytes and call`umash_params_prepare`.
*
* - `umash_params_prepare`: attempts to convert the contents of
* randomly filled `struct umash_params` into a valid UMASH
* parameter struct (key). When the input consists of uniformly
* generated random bytes, the probability of failure is
* astronomically small.
*
* - `umash_params_derive`: deterministically constructs a `struct
* umash_params` from a 64-bit seed and an optional 32-byte secret.
* The seed and secret are expanded into random bytes with Salsa20;
* the resulting `umash_params` should be practically random, as
* long the seed or secret are unknown.
*
* ## Batch hashing and fingerprinting
*
* Once we have a `struct umash_params`, we can use `umash_full` or
* `umash_fprint` like regular hash functions.
*
* - `umash_full` can compute either of the two UMASH functions
* described by a `struct umash_params`. Its `seed` argument will
* change the output, but is not associated with any collision
* bound.
*
* - `umash_fprint` computes both `UMASH` functions described by a
* `struct umash_params`. `umash_fp::hash[0]` corresponds to
* calling `umash_full` with the same arguments and `which = 0`;
* `umash_fp::hash[1]` corresponds to `which = 1`.
*
* ## Incremental hashing and fingerprinting
*
* We can also compute UMASH values by feeding bytes incrementally.
* The result is guaranteed to the same as if we had buffered all the
* bytes and called `umash_full` or `umash_fprint`.
*
* - `umash_init` initialises a `struct umash_state` with the same
* parameters one would pass to `umash_full`.
*
* - `umash_digest` computes the value `umash_full` would return
* were it passed the arguments that were given to `umash_init`,
* and the bytes "fed" into the `umash_state`.
*
* - `umash_fp_init` initialises a `struct umash_fp_state` with the
* same parameters one would pass to `umash_fprint`.
*
* - `umash_fp_digest` computes the value `umash_fprint` would return
* for the bytes "fed" into the `umash_fp_state`.
*
* In both cases, one passes a pointer to `struct umash_state::sink`
* or `struct umash_fp_state::sink` to callees that wish to feed bytes
* into the `umash_state` or `umash_fp_state`.
*
* - `umash_sink_update` feeds a byte range to the `umash_sink`
* initialised by calling `umash_init` or `umash_fp_init`. The sink
* does not take ownership of anything and the input bytes may be
* overwritten or freed as soon as `umash_sink_update` returns.
*/
extern "C" __cplusplus
}
/* !UMASH_H */