KangarooTwelve: fast hashing based on Keccak-p

KangarooTwelve is a fast and secure extendable-output function (XOF), the generalization of hash functions to arbitrary output lengths. Derived from Keccak, it aims at higher speeds than FIPS 202's SHA-3 and SHAKE functions, while retaining their flexibility and basis of security.

On high-end platforms, it can exploit a high degree of parallelism, whether using multiple cores or the single-instruction multiple-data (SIMD) instruction set of modern processors. On Intel's® Haswell and Skylake architectures, KangarooTwelve tops at less than 1.5 cycles/byte for long messages on a single core. On low-end platforms, as wall as for short messages, it also benefits from about a factor two speed-up compared to the fastest FIPS 202 instance SHAKE128.

Technical details

SynopsisThe KangarooTwelve extendable-output function
Designed byGuido Bertoni, Joan Daemen, Michaël Peeters, Gilles Van Assche and Ronny Van Keer
ImplementsA extendable-output function (XOF), i.e., the generalization of a cryptographic hash function with arbitrary output length, with the native support of domain separation via a customization string
ConstructionA tree hash mode with kangaroo hopping on top of the sponge construction
PrimitiveThe Keccak-p[1600, 12] permutation
Parameterized byNo parameter
InstancesJust KangarooTwelve. One size fits all!
StatusRelies on the same cryptanalysis track record as Keccak/SHA-3; safe if there are no attacks on Keccak/SHA-3 reduced to 12 rounds