Cryptology ePrint Archive: Report 2009/232


Björn Fay

Abstract: This specification describes a modification of a candidate for SHA-3, named MeshHash. The first version had a flaw in it, it was possible to mount a second preimage attack [Tho08]. So MeshHash has not fulfilled the requirements for SHA-3 anymore and hence was conceded broken. Furthermore there was a bug in the reference implementation: The macro for rotation of a word computed an undefined value if it should rotate a word by 0 bit.

But since the flaw can be easily fixed, which was already implemented in a preliminary version, it seems to be a good idea to publish MeshHash2 as a patch and see if it might be useful for further research or even usage. The patch uses a feedback, which increases the memory usage, but doesn't give more security against a straight forward collision attack, which was the reason it has been dropped from the preliminary version of MeshHash.

This specification is the patched version of MeshHash, named MashHash2. It is a very flexible but conservative design with primarily security in mind and only secondarily speed. But it achieves about the same speed as the SHA-2 family and security up to 16320 bit. It can also be used in a keyed version as PRF or PRG and hence build a stream-cipher of it.

Category / Keywords: implementation / hash functions

Publication Info: Source code and further information is available at

Date: received 24 May 2009, last revised 31 May 2009

Contact author: mail at bfay de

Available format(s): PDF | BibTeX Citation

Note: There is also a version in US Letter available.

Version: 20090531:174222 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]