SHA-3 Derived Functions: cSHAKE, KMAC, TupleHash and ParallelHash

Published: December 22, 2016


John M. Kelsey, Shu-jen H. Chang, Ray A. Perlner


This Recommendation specifies four types of SHA-3-derived functions: cSHAKE, KMAC, TupleHash, and ParallelHash, each defined for a 128- and 256-bit security strength. cSHAKE is a customizable variant of the SHAKE function, as defined in FIPS 202. KMAC (for KECCAK Message Authentication Code) is a variable-length message authentication code algorithm based on KECCAK; it can also be used as a pseudorandom function. TupleHash is a variable-length hash function designed to hash tuples of input strings without trivial collisions. ParallelHash is a variable-length hash function that can hash very long messages in parallel.
Citation: Special Publication (NIST SP) - 800-185
Report Number:
Pub Type: NIST Pubs


authentication, cryptography, cSHAKE, customizable SHAKE function, hash function, information security, integrity, KECCAK, KMAC, message authentication code, parallel hashing, ParallelHash, PRF, pseudorandom function, SHA-3, SHAKE, tuple hashing, TupleHash.
Created December 22, 2016, Updated November 10, 2018