Guido Bertoni3, Joan Daemen2, Seth Hoffert, Michaël Peeters1, Gilles Van Assche1 and Ronny Van Keer1
1STMicroelectronics - 2Radboud University - 3Security Pattern
TurboSHAKE is a family of fast and secure extendable-output functions (XOFs). In a nutshell, these are just like the SHAKE functions, but with the Keccak-p permutation reduced to 12 rounds (instead of 24), so about twice faster. Keccak has received quite a large amount of cryptanalysis since its publication, and it has sufficient safety margin so that we can confidently halve the number of rounds without compromising security.
One instance, TurboSHAKE128, is at the basis of KangarooTwelve.
| Synopsis | The TurboSHAKE sponge functions |
|---|---|
| Proposed by | Guido Bertoni, Joan Daemen, Seth Hoffert, Michaël Peeters, Gilles Van Assche, Ronny Van Keer and Benoît Viguier |
| Implements | A extendable-output function (XOF), i.e., the generalization of a cryptographic hash function, together with a domain separation parameter |
| Construction | The sponge construction |
| Primitive | The Keccak-p[1600, 12] permutation |
| Parameterized by | The capacity c |
| Instances | TurboSHAKE128, TurboSHAKE256 and TurboSHAKE[c] in general |
| Status | Relies on the same cryptanalysis track record as Keccak/SHA-3; safe if there are no attacks on Keccak/SHA-3 reduced to 12 rounds |
Resources: