KMAC or Keccak Message Authentication Code is a proposed MAC based on the SHA-3 hash.
KMAC or Keccak Message Authentication Code is a proposed MAC based on the SHA-3 hash.
It is specified in the currently draft SP 800-185 (pdf).
Questions tagged [kmac]
8 questions
12
votes
2 answers
Should I use HMAC or KMAC for SHA-3?
I am planning to implement a MAC function for the SHA-3. I read that its latest variant is KMAC. I am confused by the comments on the Keccak website.
It says:
Unlike SHA-1 and SHA-2, Keccak does not have the length-extension weakness, hence does…
ajith
- 121
- 1
- 3
5
votes
1 answer
Equivalent security of KMAC and different HMAC instances?
In the August 2016 draft of SP 800-185, SHA-3 Derived Functions (pdf) there is a table for equivalent security settings for KMAC, the MAC derived from SHA-3, and some previous MACs (Table 1 on pages 19-20). According to that table, both HMAC-SHA256…
otus
- 32,462
- 5
- 75
- 167
4
votes
1 answer
Is KMAC just SHA-3-256(KEY || message)
According to keccak strengths you have:
Unlike SHA-1 and SHA-2, Keccak does not have the length-extension weakness, hence does not need the HMAC nested construction. Instead, MAC computation can be performed by simply prepending the message with…
Finlay Weber
- 504
- 1
- 3
- 12
2
votes
1 answer
Can you use a dynamic key and data size for KMAC?
I've asked before if some kind of canonical encoding should be used on the input parameters of SHA-3 before it could be used as replacement for HMAC.
However, if I read the current NIST specifications in NIST SP 800-185 correctly, there is no…
Maarten Bodewes
- 96,351
- 14
- 169
- 323
2
votes
0 answers
Using NIST constructions based on Keccak like cSHAKE128 for other sponges
NIST defines a lot of interesting applications of sponges in FIPS 202 and NIST SP 800-185 like the XOF cSHAKE128 or the MAC scheme KMAC.
All this schemes come with a security guarantee and are explicitly based on a sponge using Keccak as its…
mat
- 2,558
- 1
- 14
- 28
1
vote
1 answer
Recommended Shake256 digest size for KMAC based HKDF
On the wiki page for HKDF, in the Python Implementation, there is a hash_length variable for the sha256 digest length, used in the hmac in the hmac_sha256 function.
However, if I wanted to replace the hmac with a kmac, I would have to change the…
SamG101
- 633
- 4
- 12
1
vote
0 answers
Parallel MAC vs doubled rounds for SipHash, KMAC and others
SipHash 4-8 is documented by the authors as being about half the speed of SipHash 2-4 and is obviously the more conservative option.
I was wondering from a security perspective how this would compare with performing SipHash 2-4 with two different…
MotiNK
- 334
- 1
- 12
0
votes
0 answers
What is the difference between HMAC-SHA3-512 and KMAC?
Reading through the wikipedia entry for HMAC I see that SHA-3 can be used with the HMAC algorithm to give HMAC-SHA3-512.
I also know that there is KMAC, which from my understanding is a MAC construction designed specifically for KECCAK, basically…
dade
- 133
- 5