Can anyone recommend cipher for Solidity encryption?

At SKALE we need to implement a Hash(Keccack) based-cipher - the reason is we need to be able to decrypt in Solidity smart contract as a part of a fraud claim.

t the moment we are using an ad-hock counter-based CIPHER that I cooked up - essentially XORING plaintext with consequitive hashes of COUNTER | KEY

Can anyone point to a spec on a simple HASH-based cipher that is cheap and easy to do in Solidity?

Just implement one outside EVM and wrap it as a solidty smart contract, deploy it at a special address, intercept and redirect calls made to the smart contract to the hasher outside EVM.

It worked well for us and it is very simple, 2 weeks, 1 guy enough

Well … We need to do it on main net

Could you use something like RC4? Not sure how much stuff your are decrypting, but using my hacked together contract with a 32 byte key, 32 bytes of ciphertext takes about 200,000 gas, while 1KB of text takes about 1 million.

Edit: Published new version of contract that actually passes the test vectors on Wikipedia. Also, I realize that RC4 is rather old, but maybe it is still useful for your purposes.