Home

KMACXOF

KMACXOF is an extendable-output keyed cryptographic function derived from the KMAC family and based on the Keccak (SHA-3) sponge construction. It provides a keyed, domain-separated input and yields an arbitrarily long output, enabling applications such as key derivation, pseudorandom number generation, and extensible message authentication codes.

The function takes a secret key, a message, and a customization or domain-separation parameter, and produces

Construction and parameters are based on the Keccak sponge function. The process involves absorbing the key

Security considerations for KMACXOF depend on the underlying sponge security and the chosen capacity corresponding to

See also: KMAC, Keccak, SHA-3, SP 800-185.

an
output
of
user-specified
length.
Because
the
output
length
is
not
fixed,
KMACXOF
can
be
used
to
derive
keys
of
arbitrary
sizes
or
to
generate
pseudorandom
bytes
on
demand.
Implementations
often
refer
to
variants
such
as
KMACXOF128
and
KMACXOF256,
which
indicate
different
security
levels
and
sponge
parameter
choices.
and
message
with
a
domain-separation
customization,
applying
the
Keccak
permutation,
and
then
squeezing
out
the
requested
number
of
output
bits.
The
customization
string
(or
domain
separator)
ensures
that
KMACXOF
outputs
remain
distinct
from
other
uses
of
the
same
sponge
state
and
helps
prevent
cross-use
collisions
with
non-XOF
variants.
the
intended
security
level.
When
properly
parameterized
and
implemented,
KMACXOF
aims
to
provide
strong
resistance
to
standard
cryptographic
attacks
at
the
designated
security
level.
It
is
defined
in
NIST
SP
800-185
and
is
used
in
contexts
requiring
flexible
output
lengths
and
robust
keyed
derivations,
often
alongside
or
as
an
alternative
to
fixed-length
MACs
or
hash
functions.