Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

SHA-3 Derived Functions: cSHAKE, KMAC, TupleHash and ParallelHash



John M. Kelsey, Shu-jen H. Chang, Ray Perlner


This Recommendation specifies four types of SHA-3-derived functions: cSHAKE, KMAC, TupleHash, and ParallelHash, each defined for a 128- and 256-bit security strength. cSHAKE is a customizable variant of the SHAKE function, as defined in FIPS 202. KMAC (for KECCAK Message Authentication Code) is a variable-length message authentication code algorithm based on KECCAK; it can also be used as a pseudorandom function. TupleHash is a variable-length hash function designed to hash tuples of input strings without trivial collisions. ParallelHash is a variable-length hash function that can hash very long messages in parallel.
Special Publication (NIST SP) - 800-185
Report Number


authentication, cryptography, cSHAKE, customizable SHAKE function, hash function, information security, integrity, KECCAK, KMAC, message authentication code, parallel hashing, ParallelHash, PRF, pseudorandom function, SHA-3, SHAKE, tuple hashing, TupleHash.


Kelsey, J. , Chang, S. and Perlner, R. (2016), SHA-3 Derived Functions: cSHAKE, KMAC, TupleHash and ParallelHash, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online],, (Accessed June 21, 2024)


If you have any questions about this publication or are having problems accessing it, please contact

Created December 21, 2016, Updated October 14, 2021