I think a draft regestring KMAC and HopMAC [1] would be useful. In addition to TurboSHAKE, I see that also KangarooTwelve (KT128 and KT256) has been registered, which is great. I welcome more Keccak and permutation-based cryptography (Ascon is another example). Makes a lot of things easier. Not just APIs but also side-channel protection.
SHAKE128 is around twice as efficient as SHA3-256 and TurboSHAKE128 is twice as efficient as SHAKE128. In addition TubroSHAKE is parallizable. cSHAKE is defined as a call to SHAKE and KMAC is defined as a call to cSHAKE KT is defined as a call to TurboSHAKE and HopMAC is defined as a call to KT https://datatracker.ietf.org/doc/draft-irtf-cfrg-kangarootwelve/ https://crypto.stackexchange.com/questions/95722/is-kmac-just-sha-3-256key-message John From: Sipos, Brian J. <brian.si...@jhuapl.edu> Date: Thursday, 26 June 2025 at 14:31 To: Leonard Rosenthol <lrosenth=40adobe....@dmarc.ietf.org>, cose@ietf.org <cose@ietf.org> Subject: [COSE] Re: Why is SHA-3 not supported in COSE? Leonard, I see that the purely hash algorithm family SHAKE is defined in RFC 9054 [1], are these what you are looking for? I had also started, but effectively abandoned, a small draft to add KMAC to COSE and JOSE [2] which is a SHA-3 derived MAC algorithm family. If this is something you are interested in, and there is WG support, the draft of just KMAC could be revived. Brian S. [1] https://datatracker.ietf.org/doc/html/rfc9054#section-3.3 [2] https://datatracker.ietf.org/doc/draft-sipos-cose-gmac-kmac/ From: Leonard Rosenthol <lrosenth=40adobe....@dmarc.ietf.org> Sent: Wednesday, June 25, 2025 6:07 PM To: cose@ietf.org Subject: [EXT] [COSE] Why is SHA-3 not supported in COSE? APL external email warning: Verify sender forwardingalgori...@ietf.org<mailto:forwardingalgori...@ietf.org> before clicking links or attachments Checking the current state of the COSE Algorithm Registry (https://www.iana.org/assignments/cose/cose.xhtml#algorithms) shows that it is not there. Is there a technical reason for this? Lack of interest by implementors? Other? I ask because we are getting requests to add it to the C2PA specification, but as we note in our spec (https://c2pa.org/specifications/specifications/2.2/specs/C2PA_Specification.html#_hashing) since the SHA-3 algorithms aren’t on the list, we don’t support it. Thanks in advance for the info. Leonard
_______________________________________________ COSE mailing list -- cose@ietf.org To unsubscribe send an email to cose-le...@ietf.org
