- CSRC Home
- Projects / Research
- news & events
Try the new CSRC.nist.gov and let us know what you think!
(Note: Beta site content may not be complete.)
In addition to four fixed-length hash functions, FIPS 202 also defines two eXtendable Output Functions, SHAKE128 and SHAKE256. Unlike the fixed-length hash functions, these SHAKE functions support variable-length outputs, and are named for their expected security level.
FIPS 202 also supports a flexible scheme for domain separation between different functions derived from Keccak, ensuring that different named functions will produce unrelated outputs. NIST extends this flexibility further to allow users to customize their use of the functions by defining a customizable version of SHAKE, called cSHAKE.
December 23, 2016: NIST Releaased Special Publication (SP) 800-185, SHA-3 Derived Functions: cSHAKE, KMAC, TupleHash, and ParallelHash
NIST SP 800-185 specifies four types of SHA-3-derived functions: cSHAKE, KMAC, TupleHash, and ParallelHash, each defined for a 128- and 256-bit security strength. cSHAKE is a customizable variant of the SHAKE function, as defined in FIPS 202. KMAC (for KECCAK Message Authentication Code) is a pseudorandom function and keyed hash function based on KECCAK. TupleHash is a variable-length hash function designed to hash tuples of input strings without trivial collisions. ParallelHash is a variable-length hash function that can hash very long messages in parallel.
Comments received on Draft NIST SP 800-185 (September 2016)
August 2016: In DRAFT SP 800-185, SHA-3 Derived Functions: cSHAKE, KMAC, TupleHash and ParallelHash published in August 2016, NIST defines two cSHAKE variants, cSHAKE128 and cSHAKE256, and three additional SHA-3-derived functions to provide new functionalities. They are:
The public comment period of DRAFT SP 800-185 runs from August 4, 2016 through September 30, 2016; comments should be sent to: SP800email@example.com.