Module sha3 

SHA-3 and SHAKE hash function primitives (FIPS 202). SHA-3 / SHAKE high-level wrappers used by ML-KEM (FIPS 203).

This module no longer carries its own copy of the Keccak permutation: it builds on top of the shared sponge core in crate::sha3. The ML-KEM-specific surface is unchanged:

Function	Primitive	Usage in FIPS 203
h	SHA3-256	H — hash encapsulation key, dk integrity
g	SHA3-512	G — derive shared key and encryption randomness
j	SHAKE-256	J — implicit rejection key derivation
prf	SHAKE-256	PRF — CBD sampling randomness
Xof	SHAKE-128	XOF — matrix sampling via super::sample::sample_ntt

Structs

Xof

Extendable Output Function (XOF) context wrapping SHAKE-128.

Functions

g

G(c) — SHA3-512 hash returning two 32-byte values.

h

H(s) — SHA3-256 hash returning 32 bytes.

j

J(s) — SHAKE-256 producing 32 bytes of output.

prf

PRF_eta(s, b) — SHAKE-256 pseudo-random function producing 64 * eta bytes.