SMASH (hash)

From Wikipedia, the free encyclopedia
Jump to: navigation, search
SMASH
General
Designers Lars R. Knudsen
First published 2005
Detail
Digest sizes 256 or 512 bits
Best public cryptanalysis
Collision,[1] Second Preimage[2]

SMASH is a cryptographic hash function which was created by Lars R. Knudsen.[3] SMASH comes in two versions: 256-bit and 512-bit. Each version was supposed to rival SHA-256 and SHA-512, respectively, however, shortly after the SMASH presentation at FSE 2005, an attack vector against SMASH was discovered which left the hash broken.

Specifications[edit]

The message length was limited to less than 2128 for SMASH-256 and 2256 for SMASH-512.

Definition[edit]

Input: 256/512-bit message blocks m_1, m_2, ... ,m_t and \theta \in GF(2^n)

  •  h_0 = f(iv) \oplus iv
  •  h_i = h(h_{i-1},m_i) = f(h_{i_1}\oplus m_i)  \oplus m_i \oplus \theta m_i
  •  h_{t+1} = f(h_t) \oplus h_t

The function f is a complex compression function consisting of H-Rounds and L-Rounds using S-boxes, linear diffusion and variable rotations, details can be found here [3]

Details[edit]

The S-boxes in SMASH are derived versions from the Serpent ones.

References[edit]

  1. ^ Pramstaller, Norbert; Rechberger, Christian; Rijmen, Vincent (2006). "Breaking a New Hash Function Design Strategy Called SMASH". Lecture Notes in Computer Science 3897: 233–244. doi:10.1007/11693383_16. 
  2. ^ Lamberger, Mario; Pramstaller, Norbert; Rechberger, Christian; Rijmen, Vincent (2006). "Second Preimages for SMASH". Lecture Notes in Computer Science 4377: 101–111. doi:10.1007/11967668_7. 
  3. ^ a b Knudsen, Lars R.: SMASH - A Cryptographic Hash Function, Accessed 23 November 2009