alt Hacker NewsI was interested in something similar with Speck for obfuscating bigserial PKIDs but the shortage of cross-platform implementations - especially in pgcrypto - led to choosing base58(AES_K1(id{8} || HMAC_K2(id{8})[0..7])) instead, which we could implement in almost anything and is performant enough, albeit longer output (typically 22 characters)
For this specific use case, you don’t need anything fancy like a constant time implementation, and I found it easy enough to implement from the paper—except that, mindbogglingly, they didn’t address endianness at all, even though you have to take it into account; so you need to read https://www.spinics.net/lists/arm-kernel/msg633602.html as well.
Look at https://git.chrismorgan.info/tesid/blob/HEAD:/rust/src/fpeck..., it’s very simple.