# SMASH (hash)

SMASH
General
Designers Lars R. Knudsen
First published 2005
Detail
Digest sizes 256 or 512 bits
Best public cryptanalysis
Collision,[1] Second Preimage[2]

SMASH is a cryptographic hash function which was created by Lars R. Knudsen.[3] SMASH comes in two versions: 256-bit and 512-bit. Each version was supposed to rival SHA-256 and SHA-512, respectively, however, shortly after the SMASH presentation at FSE 2005, an attack vector against SMASH was discovered which left the hash broken.

## Specifications

The message length was limited to less than 2128 for SMASH-256 and 2256 for SMASH-512.

## Definition

Input: 256/512-bit message blocks $m_1, m_2, ... ,m_t$ and $\theta \in GF(2^n)$

• $h_0 = f(iv) \oplus iv$
• $h_i = h(h_{i-1},m_i) = f(h_{i_1}\oplus m_i) \oplus m_i \oplus \theta m_i$
• $h_{t+1} = f(h_t) \oplus h_t$

The function f is a complex compression function consisting of H-Rounds and L-Rounds using S-boxes, linear diffusion and variable rotations, details can be found here [3]

## Details

The S-boxes in SMASH are derived versions from the Serpent ones.

## References

1. ^ Pramstaller, Norbert; Rechberger, Christian; Rijmen, Vincent (2006). "Breaking a New Hash Function Design Strategy Called SMASH". Lecture Notes in Computer Science 3897: 233–244. doi:10.1007/11693383_16.
2. ^ Lamberger, Mario; Pramstaller, Norbert; Rechberger, Christian; Rijmen, Vincent (2006). "Second Preimages for SMASH". Lecture Notes in Computer Science 4377: 101–111. doi:10.1007/11967668_7.
3. ^ a b Knudsen, Lars R.: SMASH - A Cryptographic Hash Function, Accessed 23 November 2009