TurboSHAKE is a family of fast and secure extendable-output functions (XOFs). In a nutshell, these are just like the SHAKE functions, but with the Keccak-p permutation reduced to 12 rounds (instead of 24), so about twice faster. Keccak has received quite a large amount of cryptanalysis since its publication, and it has sufficient safety margin so that we can confidently halve the number of rounds without compromising security.

One instance, TurboSHAKE128, is at the basis of KangarooTwelve.

Technical details

SynopsisThe TurboSHAKE sponge functions
Proposed byGuido Bertoni, Joan Daemen, Seth Hoffert, Michaël Peeters, Gilles Van Assche, Ronny Van Keer and Benoît Viguier
ImplementsA extendable-output function (XOF), i.e., the generalization of a cryptographic hash function, together with a domain separation parameter
ConstructionThe sponge construction
PrimitiveThe Keccak-p[1600, 12] permutation
Parameterized byThe capacity c
InstancesTurboSHAKE128, TurboSHAKE256 and TurboSHAKE[c] in general
StatusRelies on the same cryptanalysis track record as Keccak/SHA-3; safe if there are no attacks on Keccak/SHA-3 reduced to 12 rounds