Paper 2009/232
MeshHash2
Björn Fay
Abstract
This specification describes a modification of a candidate for SHA-3, named MeshHash. The first version had a flaw in it, it was possible to mount a second preimage attack [Tho08]. So MeshHash has not fulfilled the requirements for SHA-3 anymore and hence was conceded broken. Furthermore there was a bug in the reference implementation: The macro for rotation of a word computed an undefined value if it should rotate a word by 0 bit. But since the flaw can be easily fixed, which was already implemented in a preliminary version, it seems to be a good idea to publish MeshHash2 as a patch and see if it might be useful for further research or even usage. The patch uses a feedback, which increases the memory usage, but doesn't give more security against a straight forward collision attack, which was the reason it has been dropped from the preliminary version of MeshHash. This specification is the patched version of MeshHash, named MashHash2. It is a very flexible but conservative design with primarily security in mind and only secondarily speed. But it achieves about the same speed as the SHA-2 family and security up to 16320 bit. It can also be used in a keyed version as PRF or PRG and hence build a stream-cipher of it.
Note: There is also a version in US Letter available.
Metadata
- Available format(s)
-
PDF
- Category
- Implementation
- Publication info
- Published elsewhere. Source code and further information is available at www.bfay.de.
- Keywords
- hash functions
- Contact author(s)
- mail @ bfay de
- History
- 2009-05-31: revised
- 2009-05-30: received
- See all versions
- Short URL
- https://ia.cr/2009/232
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2009/232,
author = {Björn Fay},
title = {MeshHash2},
howpublished = {Cryptology ePrint Archive, Paper 2009/232},
year = {2009},
note = {\url{https://eprint.iacr.org/2009/232}},
url = {https://eprint.iacr.org/2009/232}
}
