KMAC: KECCAK Message Authentication Code
The KECCAK Message Authentication Code (KMAC) algorithm is a variable-length keyed hash function described in NIST SP800-185 [ SP800185 ]. It is based on KECCAK, the core SHA-3 algorithm.
There are two variants, KMAC128 and KMAC256, which have expected security strengths of 128 and 256 bits, respectively. The âstandardâ output lengths for KMAC128 and KMAC256 are 256 bits (32 bytes) and 512 bits (64 bytes), respectively.
The KMAC algorithm can theoretically output an infinitely-long stream of bytes, so it can also be used as a Pseudorandom function (PRF). Note that you cannot truncate a KMAC output value when used as a message authentication code.
[New in v5.3] You can generate a fixed-length MAC of the âstandardâ length using the API_KMAC_128 or API_KMAC_256 options in the MAC functions and the MacAlgorithm.Kmac128 or MacAlgorithm.Kmac256 options in the.NET Mac Class methods. If you require different output lengths, use PRF_Bytes.
The KMAC algorithm also has an optional customization string parameter, by default the empty string ( "" ). To use a customization string with KMAC, use the PRF_Bytes function with a KMAC option.
CAUTION: the lengths of the key and customization string can theoretically be any length (including zero). To obtain the expected security strength you must use keys of length at least 128 and 256 bits respectively. There are no reliable test vectors available for KMAC using non-standard key lengths or long customization strings (AFAWK in September 2018), so be careful.
[ PREV: The Poly1305 message authentication algorithmâŠ] [ Contents ] [ Index ]
[ NEXT: XOF: eXtendable-Output FunctionâŠ]