SMASH (hash)

SMASH is a cryptographic hash function which was created by . SMASH comes in two versions: 256-bit and 512-bit. Each version was supposed to rival SHA-256 and SHA-512, respectively, however, shortly after the SMASH presentation at , an attack vector against SMASH was discovered which left the hash broken.



The message length was limited to less than 2128 for SMASH-256 and 2256 for SMASH-512.


Input: 256/512-bit message blocks m_1, m_2, ... ,m_t and theta in GF(2^n)

  •  h_0 = f(iv) oplus iv
  •  h_i = h(h_{i-1},m_i) = f(h_{i_1}oplus m_i) oplus m_i oplus theta m_i
  •  h_{t+1} = f(h_t) oplus h_t

The function f is a complex compression function consisting of H-Rounds and L-Rounds using , linear diffusion and variable rotations.


The in SMASH are derived versions from the ones.


See Also on BitcoinWiki