I think a draft regestring KMAC and HopMAC [1] would be useful. In addition to TurboSHAKE, I see that also KangarooTwelve (KT128 and KT256) has been registered, which is great. I welcome more Keccak and permutation-based cryptography (Ascon is another example). Makes a lot of things easier. Not just APIs but also side-channel protection.
SHAKE128 is around twice as efficient as SHA3-256 and TurboSHAKE128 is twice as efficient as SHAKE128. In addition TubroSHAKE is parallizable. cSHAKE is defined as a call to SHAKE and KMAC is defined as a call to cSHAKE KT is defined as a call to TurboSHAKE and HopMAC is defined as a call to KT https://datatracker.ietf.org/doc/draft-irtf-cfrg-kangarootwelve/ https://crypto.stackexchange.com/questions/95722/is-kmac-just-sha-3-256key-message John From: Sipos, Brian J. <[email protected]> Date: Thursday, 26 June 2025 at 14:31 To: Leonard Rosenthol <[email protected]>, [email protected] <[email protected]> Subject: [COSE] Re: Why is SHA-3 not supported in COSE? Leonard, I see that the purely hash algorithm family SHAKE is defined in RFC 9054 [1], are these what you are looking for? I had also started, but effectively abandoned, a small draft to add KMAC to COSE and JOSE [2] which is a SHA-3 derived MAC algorithm family. If this is something you are interested in, and there is WG support, the draft of just KMAC could be revived. Brian S. [1] https://datatracker.ietf.org/doc/html/rfc9054#section-3.3 [2] https://datatracker.ietf.org/doc/draft-sipos-cose-gmac-kmac/ From: Leonard Rosenthol <[email protected]> Sent: Wednesday, June 25, 2025 6:07 PM To: [email protected] Subject: [EXT] [COSE] Why is SHA-3 not supported in COSE? APL external email warning: Verify sender [email protected]<mailto:[email protected]> before clicking links or attachments Checking the current state of the COSE Algorithm Registry (https://www.iana.org/assignments/cose/cose.xhtml#algorithms) shows that it is not there. Is there a technical reason for this? Lack of interest by implementors? Other? I ask because we are getting requests to add it to the C2PA specification, but as we note in our spec (https://c2pa.org/specifications/specifications/2.2/specs/C2PA_Specification.html#_hashing) since the SHA-3 algorithms aren’t on the list, we don’t support it. Thanks in advance for the info. Leonard
_______________________________________________ COSE mailing list -- [email protected] To unsubscribe send an email to [email protected]
