Hi Leonard, SHAKE128, SHAKE256, TurboSHAKE256, and TurboSHAKE128 are all there. SHAKE128 and SHAKE256 are part of the SHA-3 family.
I don’t remember the discussion, but SHAKE are the only variants of the SHA-3 family you ever needed. The fixed length SHA-3 variant are quite useless, they are slower and much less flexible. I think it would have been much better if the fixed length SHA-3 were never standardized. Unfortunately the naming often makes people miss SHAKE. Both ML-KEM and ML-DSA use SHAKE internally. So use SHAKE and TurboSHAKE. They are great, and can also be used as KDFs, PRFs, and MACs. KMAC build on SHAKE uses a single invocation of SHAKE. As a comparision HKDF uses 4 invocations of SHA-2. Cheers, John From: Leonard Rosenthol <[email protected]> Date: Thursday, 26 June 2025 at 00:07 To: [email protected] <[email protected]> Subject: [COSE] Why is SHA-3 not supported in COSE? Checking the current state of the COSE Algorithm Registry (https://www.iana.org/assignments/cose/cose.xhtml#algorithms) shows that it is not there. Is there a technical reason for this? Lack of interest by implementors? Other? I ask because we are getting requests to add it to the C2PA specification, but as we note in our spec (https://c2pa.org/specifications/specifications/2.2/specs/C2PA_Specification.html#_hashing) since the SHA-3 algorithms aren’t on the list, we don’t support it. Thanks in advance for the info. Leonard
_______________________________________________ COSE mailing list -- [email protected] To unsubscribe send an email to [email protected]
