Search code examples
javascriptfunctional-programmingpure-function

What strategy to turn non-pure functions into a pure functions in JavaScript


I'm starting to learn functional programming in javascript. This might be a silly question but what I'm trying to solve a non-pure function written in a functional way.

My question is what strategy should be used to accomplish this in a functional programming paradigm.

const crypto = require('crypto');

const encrypt = (data, publicKey) => {
    if (publicKey === undefined ) throw 'Missing public key.';

    const bufferToEncrypt = Buffer.from(data);
    const encrypted = crypto.publicEncrypt({
        key: publicKey
    }, bufferToEncrypt);

    return encrypted;

};

Solution

  • There's two criteria for being a pure function.

    Pure function criterion 1: Calling the function with the same values must always yield the same return value

    This is impossible when doing asymmetric encryption because a random session key is generated for each operation. The session key is encrypted with the public key, and then the session key is used to encrypt the payload. The returned value is usually just an encoded version of two values: (1) the pubkey-encrypted session key, and (2) the session key -encrypted payload.

    Both of these values are going to be different each time you call the function because the session key is going to be different each time.

    However, despite the return values not comparing as equal, I would argue that they are semantically equal -- that is, if you decrypt each value with the matching private key, the decrypted values will compare as equal.

    The encryption is effectively obfuscating that the values are equal, and for encryption that's a good thing. We don't want two encrypted messages generated at different times to be compared without having the decryption key. That would be a security risk.

    Therefore, I argue that this function semantically meets this criterion but we can't tell without the public key.

    Pure function criterion 2: The function has no observable side-effects

    This point should be fairly obvious: writing to a disk is a side-effect, writing to a global variable is a side-effect, etc. We should not be able to distinguish any differences in state before and after calling the function.

    Technically, generation of the session key is going to require using the system's secure random number generator. This is going to consume some entropy. After running the function, less entropy will be available and this can be measured.

    However, I would argue that this side-effect can be disregarded as anything that requires a secure random number is going to have the same problem, and this is more an implementation detail of the secure random number generator.

    It would be like claiming that a function that requires a lot of CPU time has a side-effect because running it increases the CPU time counter for the process. Is it a side-effect? Technically... maybe? But no reasonable person would consider that to be a side effect.

    Conclusion

    I would call this function "semantically pure." If you asked me if this was a pure function and only accepted a yes/no answer with no qualification, I'd tell you "yes."