proposal: x/crypto/sha3: add KMAC #24988
Sure. What's the proper procedure for that? Should I just add "proposal:" to the title of the issue?
Basically, the main reason is that KMAC is based on the underlying Keccak sponge implementation. If I were to create an external package, I'd have to duplicate the entire Keccak implementation from
That's a good question, apparently KMAC was proposed in a SHA-3 workshop but I did not found a rationale for it. I could only deduce that it's for providing domain separation and to avoid some weird pitfalls when using SHAKE directly such as a 16-byte MAC being the prefix of a 32-byte MAC over the same message/key, or a MAC collision of
When https://golang.org/cl/111281 is accepted I'll change this CL to use its implementation of cSHAKE.