SMASH (hash)
| General | |
|---|---|
| Designers | Lars R. Knudsen |
| First published | 2005 |
| Detail | |
| Digest sizes | 256 or 512 bits |
| Best public cryptanalysis | |
| Collision,[1] Second Preimage[2] | |
SMASH is a cryptographic hash function which was created by Lars R. Knudsen.[3] SMASH comes in two versions: 256-bit and 512-bit. Each version was supposed to rival SHA-256 and SHA-512, respectively, however, shortly after the SMASH presentation at FSE 2005, an attack vector against SMASH was discovered which left the hash broken.
Specifications
The message length was limited to less than 2128 for SMASH-256 and 2256 for SMASH-512.
Definition
Input: 256/512-bit message blocks [math]\displaystyle{ m_1, m_2, ... ,m_t }[/math] and [math]\displaystyle{ \theta \in GF(2^n) }[/math]
- [math]\displaystyle{ h_0 = f(iv) \oplus iv }[/math]
- [math]\displaystyle{ h_i = h(h_{i-1},m_i) = f(h_{i_1}\oplus m_i) \oplus m_i \oplus \theta m_i }[/math]
- [math]\displaystyle{ h_{t+1} = f(h_t) \oplus h_t }[/math]
The function f is a complex compression function consisting of H-Rounds and L-Rounds using S-boxes, linear diffusion and variable rotations, details can be found here [3]
Details
The S-boxes in SMASH are derived versions from the Serpent ones.
References
- ↑ Pramstaller, Norbert; Rechberger, Christian; Rijmen, Vincent (2006). "Breaking a New Hash Function Design Strategy Called SMASH". Selected Areas in Cryptography. Lecture Notes in Computer Science. 3897. pp. 233–244. doi:10.1007/11693383_16. ISBN 978-3-540-33108-7.
- ↑ Lamberger, Mario; Pramstaller, Norbert; Rechberger, Christian; Rijmen, Vincent (2006). "Second Preimages for SMASH". Topics in Cryptology – CT-RSA 2007. Lecture Notes in Computer Science. 4377. pp. 101–111. doi:10.1007/11967668_7. ISBN 978-3-540-69327-7.
- ↑ 3.0 3.1 Knudsen, Lars R.: SMASH - A Cryptographic Hash Function, Accessed 23 November 2009
| |||||||||||||||||||||||||||
 |  |
