It seems that RC4, or something like RC4+, would be a good bit simpler to code than Spritz. If the first bytes of output were discarded from RC4, and key+nonce lengths of 32 bytes used, do you think it would be adequate for this purpose? Reading about all the vulnerabilities of RC4, it seems a large amount of traffic has to be processed to break it, and here we would only be looking at a few update files, each with a different nonce. Isn't it really, really unlikely the encryption could be broken with any reasonably acceptable effort, particularly when, as you say, there are decapping options available? I just don't want the company to spend a lot of extra time on Spritz only to discover that the cloners got in another way. Based on my reading, it just seems RC4 or RC4+ would be really simple, and good enough for this, if encryption is going to protect them at all.