From Wikipedia, the free encyclopedia

For a cryptographic hash function (a mathematical algorithm), a MASH-1 (Modular Arithmetic Secure Hash) is a hash function based on modular arithmetic.


Despite many proposals, few hash functions based on modular arithmetic have withstood attack, and most that have tend to be relatively inefficient. MASH-1 evolved from a long line of related proposals successively broken and repaired.


Committee Draft ISO/IEC 10118-4 (Nov 95)


MASH-1 involves use of an RSA-like modulus , whose bitlength affects the security. is a product of two prime numbers and should be difficult to factor, and for of unknown factorization, the security is based in part on the difficulty of extracting modular roots.

Let be the length of a message block in bit. is chosen to have a binary representation a few bits longer than , typically .

The message is padded by appending the message length and is separated into blocks of length . From each of these blocks , an enlarged block of length is created by placing four bits from in the lower half of each byte and four bits of value 1 in the higher half. These blocks are processed iteratively by a compression function:

Where and . denotes the bitwise OR and the bitwise XOR.

From are now calculated more data blocks by linear operations (where denotes concatenation):

These data blocks are now enlarged to like above, and with these the compression process continues with eight more steps:

Finally the hash value is , where is a prime number with .[1]


There is a newer version of the algorithm called MASH-2 with a different exponent. The original is replaced by . This is the only difference between these versions.


  • A. Menezes, P. van Oorschot, S. Vanstone, Handbook of Applied Cryptography, ISBN 0-8493-8523-7