SMASH (hash)

SMASH is a cryptographic hash function which was created by Lars R. Knudsen.^[3] SMASH comes in two versions: 256-bit and 512-bit. Each version was supposed to rival SHA-256 and SHA-512, respectively, however, shortly after the SMASH presentation at FSE 2005, an attack vector against SMASH was discovered which left the hash broken.

SMASH

General
Designers	Lars R. Knudsen
First published	2005
Detail
Digest sizes	256 or 512 bits
Best public cryptanalysis
Collision,[1] Second Preimage[2]

Specifications

The message length was limited to less than 2¹²⁸ for SMASH-256 and 2²⁵⁶ for SMASH-512.

Definition

Input: 256/512-bit message blocks ${\displaystyle m_{1},m_{2},...,m_{t}}$ and ${\displaystyle \theta \in GF(2^{n})}$

• ${\displaystyle h_{0}=f(iv)\oplus iv}$
• ${\displaystyle h_{i}=h(h_{i-1},m_{i})=f(h_{i_{1}}\oplus m_{i})\oplus m_{i}\oplus \theta m_{i}}$
• ${\displaystyle h_{t+1}=f(h_{t})\oplus h_{t}}$

The function f is a complex compression function consisting of H-Rounds and L-Rounds using S-boxes, linear diffusion and variable rotations, details can be found here ^[3]

Details

The S-boxes in SMASH are derived versions from the Serpent ones.

References

1. Pramstaller, Norbert; Rechberger, Christian; Rijmen, Vincent (2006). "Breaking a New Hash Function Design Strategy Called SMASH". Selected Areas in Cryptography. Lecture Notes in Computer Science. Vol. 3897. pp. 233–244. doi:10.1007/11693383_16. ISBN 978-3-540-33108-7.
2. Lamberger, Mario; Pramstaller, Norbert; Rechberger, Christian; Rijmen, Vincent (2006). "Second Preimages for SMASH". Topics in Cryptology – CT-RSA 2007. Lecture Notes in Computer Science. Vol. 4377. pp. 101–111. doi:10.1007/11967668_7. ISBN 978-3-540-69327-7.
3. Knudsen, Lars R.: SMASH - A Cryptographic Hash Function, Accessed 23 November 2009