Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

SP 800-185(Draft)

SHA-3 Derived Functions: cSHAKE, KMAC, TupleHash, and ParallelHash

Date Published: August 2016
Comments Due: September 30, 2016 (public comment period is CLOSED)
Email Questions to:


John Kelsey (NIST), Shu-jen Chang (NIST), Ray Perlner (NIST)


NIST SP 800-185 specifies four types of SHA-3-derived functions: cSHAKE, KMAC, TupleHash, and ParallelHash, each defined for a 128- and 256-bit security level. cSHAKE is a customizable variant of the SHAKE function, as defined in FIPS 202. KMAC (for KECCAK Message Authentication Code) is a pseudorandom function and keyed hash function based on KECCAK. TupleHash is a variable-length hash function designed to hash tuples of input strings without trivial collisions. ParallelHash is a variable-length hash function that can hash very long messages in parallel.



cryptography; cSHAKE; customizable SHAKE function; hash function; information security; integrity; KECCAK; KMAC; message authentication code; parallel hashing; ParallelHash; PRF; pseudorandom function; SHA-3; SHAKE; tuple hashing; authentication; TupleHash
Control Families

System and Information Integrity; Identification and Authentication;


Draft SP 800-185

Supplemental Material:
Comments received on Draft SP 800-185 (pdf)


Security and Privacy
authentication; cryptography

Laws and Regulations
E-Government Act