bc-java icon indicating copy to clipboard operation
bc-java copied to clipboard
verified publisher icon bcgit

XMSS SHAKE256 not aligned with NIST

Open rosualinpetru opened this issue 2 months ago • 0 comments

Dear maintainers,

NIST has selected the following set of parameters for SHAKE256. The digest size is set to 32 (https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-208.pdf).

Image

At the moment, I expect the implementation follows RFC8391 (https://datatracker.ietf.org/doc/html/rfc8391#section-5.3) which precedes the NIST SP.

Can the code be updated to return 32 instead of 64 also for SHAKE256?

https://github.com/bcgit/bc-java/blob/126ac9e14a0f56fae088973a777f1f90a521fd82/core/src/main/java/org/bouncycastle/pqc/crypto/xmss/XMSSUtil.java#L287

rosualinpetru avatar Oct 10 '25 15:10 rosualinpetru