Skip to main content
Cryptography

Questions tagged [xof]

Ask Question

An extendable-output function (XOF) is similar to a hash function, but uses the internal state to output a stream of bits instead of a fixed-length octet string.

27 questions
Newest Active Bountied Unanswered
2 votes
1 answer
86 views

There is ParallelHash, a derived function part of SHA-3. It acts like an Extendable-output function (XOF) that can use multiple threads in multi-core CPUs. I can generate an (maybe) infinite keystream ...
przemyslawo's user avatar
  • 55
7 votes
3 answers
1k views

I'm working on a programming language that's intended to compile to retro hardware, and I want to add a PRNG to the specification. Ideally, this would be both standard (easy to find specifications for)...
Draconis's user avatar
  • 261
1 vote
1 answer
180 views

Could someone explain the security implication of using XOF functions for larger output length? I have seen a few algorithms using fixed 32 bytes output length for SHAKE256. Does this have anything to ...
Count Dracula's user avatar
  • 11
1 vote
1 answer
125 views

I'm paranoid about new storage devices, since it's a common scam to reprogram a device to lie and report a much larger capacity than it actually has. I know that there are testing programs ...
kwan3217's user avatar
  • 113
1 vote
1 answer
155 views

I'm working on a program that requires multiple key pairs from multiple algorithms to be derived from a single 128-byte master seed. However, I couldn't find an implementation for Falcon512 that ...
Zola Gonano's user avatar
  • 59
2 votes
1 answer
491 views

I'm diving into SHAKE256's XOF (Extendable Output Function), and I've got a bit of a head-scratcher. I'm wondering if there's any difference between incrementally absorbing bytes and absorbing ...
Rui 's user avatar
  • 31
2 votes
2 answers
804 views

Suppose I have some ZK proofs that were turned non-interactive using Fiat-Shamir heuristic. So I need to generate the challenge value deterministically using some data shared between the prover and ...
fjarri's user avatar
  • 299
2 votes
2 answers
273 views

In the Kyber specification the parse function (algorithm 1 on page 6) takes as input a non-terminating byte stream. Although unlikely, an unlimited number of bytes ...
Daniel S's user avatar
  • 30.9k
0 votes
0 answers
30 views

I'm new to crypto, and I've got an idea and I want to get some feedback if it's even a right direction. Let's say that I create a symmetric cipher by using an XOF with a salt and a secret key. ...
Likepineapple's user avatar
  • 101
1 vote
0 answers
92 views

Let's suppose I have a 1MB high-resolution photo and I want to hash and create a 1536-bits key. I know that I could just use SHAKE-256 as its a pre-enginered way for doing that. There is also Skein ...
phantomcraft's user avatar
  • 887
1 vote
1 answer
240 views

On first glance, the optional customization string for cSHAKE resembles the optional salt input to HKDF-Extract. Indeed, the Noise Protocol Framework initially uses a protocol identifier string as its ...
Neil Madden's user avatar
  • 567
3 votes
1 answer
261 views

Let's suppose I want to use a cipher with a large key size, such as ISAAC that supports 8192 bits ogf key. I can hash with sha-256 or sha-512 and iterate until reaches the key size but I won't get ...
phantomcraft's user avatar
  • 887
2 votes
0 answers
148 views

In the FIPS202 document "SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions" an extendable-output functions is defined as: An extendable-output function (XOF) is a ...
cryptobeginner's user avatar
  • 357
2 votes
1 answer
248 views

We compute hash $H(M_0\mathbin\|M_1)$ of size $d\ge1$ for some constant header $M_0$ of size $m_0$, and $\nu\ge1$ messages $M_1$ of random content and size $m_1$. For Merkle-Damgård hashes, a simple ...
fgrieu's user avatar
  • 151k
2 votes
1 answer
501 views

In this answer, it is mentioned that Easier instantiation of random oracles. Some security proofs rely on the so-called random oracle model to prove the security of a given scheme. Normally you'd ...
kelalaka's user avatar
  • 50.2k

15 30 50 per page
1
2