cSHAKE128

cSHAKE128 is an extendable-output function (XOF) in the SHA-3 family, as specified in SP 800-185.

As a XOF, cSHAKE128 is a generalization of a cryptographic hash function. It is not limited to creating fixed-length digests (e.g., SHA-256 will always output exactly 32 bytes): it produces digests of any length, and it can be used as a Pseudo Random Generator (PRG).

Output bits do not depend on the output length.

The 128 in its name indicates its maximum security level (in bits), as described in Section 3.1 of SP 800-185.

cSHAKE128 is a customizable version of SHAKE128 and allows for additional domain separation via a customization string (custom parameter to Crypto.Hash.cSHAKE128.new()).

Hint

For instance, if you are using cSHAKE128 in two applications, by picking different customization strings you can ensure that they will never end up using the same digest in practice. The important factor is that the strings are different; what the strings say does not matter.

If the customization string is empty, cSHAKE128 defaults back to SHAKE128. See also Section 3.3 of SP 800-185.

In the following example, we extract 26 bytes (208 bits) from the XOF:

>>> from Crypto.Hash import cSHAKE128
>>>
>>> shake = cSHAKE128.new(custom=b'Email Signature')
>>> shake.update(b'Some data')
>>> print(shake.read(26).hex())
class Crypto.Hash.cSHAKE128.cSHAKE_XOF(data, custom, capacity, function)

A cSHAKE hash object. Do not instantiate directly. Use the new() function.

read(length)

Compute the next piece of XOF output.

Note

You cannot use update() anymore after the first call to read().

Parameters:

length (integer) – the amount of bytes this method must return

Returns:

the next piece of XOF output (of the given length)

Return type:

byte string

update(data)

Continue hashing of a message by consuming the next chunk of data.

Parameters:

data (byte string/byte array/memoryview) – The next chunk of the message being hashed.

Crypto.Hash.cSHAKE128.new(data=None, custom=None)

Return a fresh instance of a cSHAKE128 object.

Parameters:

  • data (bytes/bytearray/memoryview) – Optional. The very first chunk of the message to hash. It is equivalent to an early call to update().

  • custom (bytes) – Optional. A customization bytestring (S in SP 800-185).

Return:

A cSHAKE_XOF object