Highest Voted 'shake' Questions - Cryptography Stack Exchange

12

votes

2 answers

Should I use HMAC or KMAC for SHA-3?

I am planning to implement a MAC function for the SHA-3. I read that its latest variant is KMAC. I am confused by the comments on the Keccak website. It says: Unlike SHA-1 and SHA-2, Keccak does not have the length-extension weakness, hence does…

asked Jan 03 '17 at 23:51

ajith

121
1
3

3

votes

1 answer

Implementing SHAKE using SHA3

I have a implementation of SHA3-256 and SHA3-512 in C as API's below sha3_256(output, input, inputlen) sha3_512(output, input, inputlen) I want to now implement SHAKE128 and SHAKE256 using these API's. Is that possible and if so, how ? I don't have…

hash sha-3 shake

asked Aug 26 '24 at 06:42

Gappu

81
4

3

votes

2 answers

Can data be preprocessed when using EdDSA with a hash (SHA or SHAKE)?

According to this comment on a GitHub request for a streaming implementation for digests, ciphers and signature algorithms it is seemingly not possible to start hashing the data before the signature can be generated. Is it possible to preprocess…

implementation eddsa cryptoapi shake

asked Aug 20 '24 at 11:20

Maarten Bodewes

96,351
14
169
323

3

votes

1 answer

SHA3-256 vs SHAKE256_256 in XMSS and SPHINCS

By SHAKE256_256, I mean taking first 256 bits of the output of SHAKE256 i.e. SHAKE256_256(M) = SHAKE256(M,256) What is the motivation of choosing SHAKE256_256 instead of SHA3-256 in XMSS and SPHINCS. Are there any advantages of SHAKE256_256 over…

hash preimage-resistance sha-3 hash-based shake

asked Nov 09 '23 at 10:11

user

313
2
8

2

votes

1 answer

As long as the first 256 bits of the SHAKE256 output are identical, the remaining bits must also be identical？

According to the official Keccak data, the second preimage resistance of SHAKE256 is given as min(d, 256), where d is the output length. Based on the definition of second preimage resistance, consider the following cases: Given an input m₁ that…

hash sha-3 keccak 2nd-preimage-resistance shake

asked Feb 12 '25 at 03:21

tianlong yan

21
1

2

votes

0 answers

Source/derivation for incremental SHAKE function parameters

I was reading an open access paper on incremental hashing functions, which provides definitions for iSHAKE128 and iSHAKE256, respectively. I understood the high-level concepts presented in the paper, but couldn't quite grasp where the seemingly…

keccak shake

asked Jun 30 '24 at 20:42

Wouter

21
2

2

votes

1 answer

SHAKE256 XOF: Absorb incrementally vs all at once

I'm diving into SHAKE256's XOF (Extendable Output Function), and I've got a bit of a head-scratcher. I'm wondering if there's any difference between incrementally absorbing bytes and absorbing everything in one go when it comes to generating the…

hash sha-3 xof shake

asked Sep 16 '23 at 20:18

Rui

31
4

2

votes

1 answer

What does the 256 in SHA3-256 and SHAKE256 refer to?

I am simply wondering what the bit-length in the algorithm variant in the table below refers to? For the hash functions I assume that this refers to the ouput length in bits. For instance for SHA3-256 this means the hash will be of 256 bits in…

hash collision-resistance sha-256 sha-3 shake

asked May 02 '23 at 13:14

Rory

353
2
12

2

votes

2 answers

Matrix parsing in Kyber

In the Kyber specification the parse function (algorithm 1 on page 6) takes as input a non-terminating byte stream. Although unlikely, an unlimited number of bytes from this stream can be used in this function. In Kyber.CPAPKE.KeyGen (algorithm 4 on…

kyber xof shake

asked Apr 06 '23 at 11:04

Daniel S

29,316
1
33
73

1

vote

2 answers

NIST Keccak test vectors confusion

I was looking at the test vectors of keccak provided by NIST here https://csrc.nist.gov/projects/cryptographic-standards-and-guidelines/example-values and specifically for these example inputs of SHAKE-128…

padding sha-3 keccak shake

asked Apr 17 '24 at 11:22

pro orp

11
1

0

votes

1 answer

Dynamic Hash Size in SHAKE256: Pros, Cons, and Security of the Structure

The concept involves the first round of SHAKE256 generating a hash of dynamic length (ranging from 256 to 512 bits). The length is determined based on certain parameters, such as a combination of nonce and timestamp. As an example, let's consider a…

proof-of-work blockchain shake

asked Jan 04 '25 at 21:06

blockchainman

33
3

0

votes

0 answers

Keccak implementation confusion

I am implementing a Keccak core in VHDL and I am currently almost done yet I am still facing some problems and would appreciate your insight. First of all I wanna ask about the padding, I know that we use the pad10*1 rule where we take the input, we…

encryption sha-3 keccak shake

asked Apr 15 '24 at 21:58

pro orp

11
1

0

votes

1 answer

Set with probability of SHA-3 collisions lower than for a random oracle?

Can we define one finite set of input strings for a SHA-3 hash (or SHAKE XOF) function so that the collision probability is arguably lower than for a random oracle, with a definition of the set making no reference to the function? If so, what's an…

collision-resistance sha-3 shake

asked Dec 14 '23 at 09:50

fgrieu

149,326
13
324
622

Questions tagged [shake]