KangarooTwelve is a fast and secure extendable-output function (XOF), the generalization of hash functions to arbitrary output lengths. Derived from Keccak, it aims at higher speeds than FIPS 202's SHA-3 and SHAKE functions, while retaining their flexibility and basis of security.
On high-end platforms, it can exploit a high degree of parallelism, whether using multiple cores or the single-instruction multiple-data (SIMD) instruction set of modern processors. On Intel's® Haswell and Skylake architectures, KangarooTwelve tops at less than 1.5 cycles/byte for long messages on a single core, and at 0.55 cycles/byte on the SkylakeX architecture. On low-end platforms, as well as for short messages, it also benefits from about a factor two speed-up compared to the fastest FIPS 202 instance SHAKE128.
|Synopsis||The KangarooTwelve extendable-output function|
|Designed by||Guido Bertoni, Joan Daemen, Michaël Peeters, Gilles Van Assche, Ronny Van Keer and Benoît Viguier|
|Implements||A extendable-output function (XOF), i.e., the generalization of a cryptographic hash function with arbitrary output length, with the native support of domain separation via a customization string|
|Construction||A tree hash mode with kangaroo hopping on top of the sponge construction|
|Primitive||The Keccak-p[1600, 12] permutation|
|Parameterized by||No parameter|
|Instances||Just KangarooTwelve. One size fits all!|
|Status||Relies on the same cryptanalysis track record as Keccak/SHA-3; safe if there are no attacks on Keccak/SHA-3 reduced to 12 rounds|