Due to bit interleaving, repeated calls to keccak_absorb have much lower performance if they are not 64-bit aligned chunks. This suggests that it might be worth buffering between calls. The only place that this is relevant in the current codebase is in mld_H

An alternative would be to extend the keccak state to 26 64-bit integers, where s[25] is a temporary buffer, however this introduces new edge cases.

I suggest that we modify mld_H to only call absorb in 8-byte chunks.