Extendable-output function 📖 Wikipedia

Extendable-output function (XOF) is a type of cryptographic hash function that allows its output to be arbitrarily long, allowing it to be used as a cryptographically secure pseudo-random number generator.^[1]

One particular hash construction, the sponge construction, makes any sponge hash a natural XOF: the squeeze operation can be repeated thus resulting in a XOF (the regular hash functions with a fixed-size result are obtained from a sponge mechanism by stopping the squeezing phase after obtaining the fixed number of bits).^[2]

A secure XOF is collision, preimage and second preimage resistant. While technically any XOF can be turned into a cryptographic hash by truncating the result to a fixed length, in the real world hashes and XOFs tend to be defined differently using domain separation.^[3]) Examples of sponge construction XOFs include the algorithms from the Keccak family: SHAKE128, SHAKE256, and a variant with higher efficiency, KangarooTwelve.^[1]

There are other XOFs which are not sponge constructions, such as Skein and RadioGatún.

XOFs are used as key derivation functions (KDFs), stream ciphers,^[1] mask generation functions.^[4]

By their nature, XOFs can produce related outputs (a longer result includes a shorter one as a prefix). The use of KDFs for key derivation can therefore cause related-output problems. As a "naïve" example, if the Triple DES keys are generated with a XOF, and there is a confusion in the implementation that causes some operations to be performed as 3TDEA (3 × 56 = 168-bit key), and some as 2TDEA (2 × 56 = 112 bit key), comparing the encryption results will lower the attack complexity to just 56 bits; similar problems can occur if hashes in the NIST SP 800-108 are naïvely replaced by the KDFs.^[5]

• Mittelbach, Arno; Fischlin, Marc (2021). "Extendable Output Functions (XOFs)". The Theory of Hash Functions and Random Oracles: An Approach to Modern Cryptography. Information Security and Cryptography. Springer International Publishing. ISBN 978-3-030-63287-8. Retrieved 2023-06-22.
• Peyrin, Thomas; Wang, Haoyang (2020). "The MALICIOUS Framework: Embedding Backdoors into Tweakable Block Ciphers" (PDF). Advances in Cryptology – CRYPTO 2020. Lecture Notes in Computer Science. Vol. 12172. Springer International Publishing. pp. 249–278. doi:10.1007/978-3-030-56877-1_9. ISBN 978-3-030-56876-4. ISSN 0302-9743. S2CID 221107066.
• Perlner, Ray (August 22, 2014). "Extendable-Output Functions (XOFs)". csrc.nist.gov. NIST. Retrieved 22 June 2023.
• Dworkin, Morris (August 22, 2014). "Domain Extensions". csrc.nist.gov. NIST. Retrieved 22 June 2023.

This cryptography-related article is a stub. You can help Wikipedia by adding missing information.

• v
• t
• e