SMASH (hash)

From BitcoinWiki
This is the approved revision of this page, as well as being the most recent.
Jump to: navigation, search

SMASH is a cryptographic hash function which was created by Lars R. Knudsen. SMASH comes in two versions: 256-bit and 512-bit. Each version was supposed to rival SHA-256 and SHA-512, respectively, however, shortly after the SMASH presentation at FSE 2005, an attack vector against SMASH was discovered which left the hash broken.


The message length was limited to less than 2128 for SMASH-256 and 2256 for SMASH-512.


Input: 256/512-bit message blocks m_1, m_2, ... ,m_t and \theta \in GF(2^n)

  •  h_0 = f(iv) \oplus iv
  •  h_i = h(h_{i-1},m_i) = f(h_{i_1}\oplus m_i) \oplus m_i \oplus \theta m_i
  •  h_{t+1} = f(h_t) \oplus h_t

The function f is a complex compression function consisting of H-Rounds and L-Rounds using S-boxes, linear diffusion and variable rotations.


The S-boxes in SMASH are derived versions from the Serpent ones.


See Also on BitcoinWiki[edit]