Expand description
SHAKE-based tweakable hash function wrappers (H_msg, PRF, PRF_msg, T_l, H, F). SHAKE-based tweakable hash function wrappers for SLH-DSA (FIPS 205, Section 11.1).
All hash functions in the SHAKE instantiation of SLH-DSA are built on top of SHAKE256.
The address structure (Adrs) is included in each hash call to provide domain separation.
The _into variants write output to a caller-provided buffer (zero heap allocation).
The standard variants return Vec<u8> for convenience.
Functions§
- f_hash
F— convenience wrapper returning Vec.- f_
hash_ into F(PK.seed, ADRS, M1)— single-input chain hash. Output toout(n bytes).- h_msg
H_msg— convenience wrapper returning Vec.- h_
msg_ into H_msg(R, PK.seed, PK.root, M)— message hash. Output written toout(m bytes).- hash_h
H— convenience wrapper returning Vec.- hash_
h_ into H(PK.seed, ADRS, M1 || M2)— two-input Merkle node hash. Output toout(n bytes).- prf
PRF— convenience wrapper returning Vec.- prf_
into PRF(PK.seed, SK.seed, ADRS)— secret value derivation. Output toout(n bytes).- prf_msg
PRF_msg— convenience wrapper returning Vec.- prf_
msg_ into PRF_msg(SK.prf, opt_rand, M)— message randomizer. Output toout(n bytes).- t_l
T_l— convenience wrapper returning Vec.- t_
l_ into T_l(PK.seed, ADRS, M)— multi-input compression. Output toout(n bytes).