ASCON Suite
Keyed Message Authentication Code (KMAC) mode for ASCON

Table of Contents

Introduction

The KMAC mode provides a method to authenticate a sequence of bytes under a key using ASCON in hashing mode. The input is essentially equivalent to hashing the key followed by the data without the double layers of hashing that are needed for HMAC.

In this library, KMAC is defined in terms of ASCON-cXOF customizable hashing.

Note: Other hash algorithms like SHA-256 use HMAC instead of KMAC. The HMAC construction is not necessary for sponge-based hash algorithms like ASCON, so the simpler KMAC is preferable.

Using ASCON-KMAC

Given a key and an input buffer containing data to authenticate, the output KMAC value can be computed as follows:

#include <ascon/kmac.h>
unsigned char out[ASCON_KMAC_SIZE];
ascon_kmac(key, key_len, input, input_len, 0, 0, out, sizeof(out));
kmac.h
Keyed Message Authentication Code (KMAC) based on ASCON-XOF.
ASCON_KMAC_SIZE
#define ASCON_KMAC_SIZE
Default size of the output for ASCON-KMAC.
Definition: kmac.h:53
ascon_kmac
void ascon_kmac(const unsigned char *key, size_t keylen, const unsigned char *in, size_t inlen, const unsigned char *custom, size_t customlen, unsigned char *out, size_t outlen)
Computes a KMAC value using ASCON-XOF.
Definition: ascon-kmac.c:71

This uses the default output length of ASCON_KMAC_SIZE (32) and a zero-length customization string. Customization strings can provide domain separation between two different uses of the same input.

As an example of customization, say we wanted to derive two different session keys from the same input; one for encrypting data from party A to party B and the other for encrypting data from party B back to party A. We can use KMAC as a key derivation function (KDF) with different customization strings in each direction:

unsigned char atob_key[ASCON128_KEY_SIZE];
unsigned char btoa_key[ASCON128_KEY_SIZE];
ascon_kmac(key, key_len, salt, salt_len, "A2B", 3, atob_key, sizeof(atob_key));
ascon_kmac(key, key_len, salt, salt_len, "B2A", 3, btoa_key, sizeof(btoa_key));
ASCON128_KEY_SIZE
#define ASCON128_KEY_SIZE
Size of the key for ASCON-128 and ASCON-128a.
Definition: aead.h:55

The two outputs are related to each other but will be completely different due to the different customization strings (A2B and B2A).

ASCON-KMAC can process arbitrary amounts of input and generate arbitrary amounts of output using the incremental API:

ascon_kmac_state_t kmac;
ascon_kmac_init(&kmac, key, key_len, "A2B", 3, 0);
ascon_kmac_absorb(&kmac, input1, sizeof(input1));
ascon_kmac_absorb(&kmac, input2, sizeof(input2));
...;
ascon_kmac_absorb(&kmac, inputN, sizeof(inputN));
ascon_kmac_squeeze(&kmac, out1, sizeof(out1));
ascon_kmac_squeeze(&kmac, out2, sizeof(out2));
ascon_kmac_absorb
void ascon_kmac_absorb(ascon_kmac_state_t *state, const unsigned char *in, size_t inlen)
Absorbs more input data into an incremental ASCON-KMAC state.
Definition: ascon-kmac.c:111
ascon_kmac_squeeze
void ascon_kmac_squeeze(ascon_kmac_state_t *state, unsigned char *out, size_t outlen)
Squeezes output data from an incremental ASCON-KMAC state.
Definition: ascon-kmac.c:117
ascon_kmac_init
void ascon_kmac_init(ascon_kmac_state_t *state, const unsigned char *key, size_t keylen, const unsigned char *custom, size_t customlen, size_t outlen)
Initializes an incremental KMAC state using ASCON-XOF.
Definition: ascon-kmac.c:84
ascon_kmac_state_t
State information for the ASCON-KMAC incremental mode.
Definition: kmac.h:64

ASCON-KMACA has a similar API, but uses ASCON-XOFA internally instead of ASCON-XOF.

Generated on Sun Mar 19 2023 13:56:57 for ASCON Suite by doxygen 1.9.1