This article is about Modular Arithmetic Secure Hash. For MASH-1 gene, see ASCL1.
This article has multiple issues. Please help or discuss these issues on the talk page. (Learn how and when to remove these template messages)
This article needs additional citations for verification. Please help by adding citations to reliable sources. Unsourced material may be challenged and removed. Find sources: – ···scholar·JSTOR(April 2011) (Learn how and when to remove this template message)
This article includes a list of general references, but it remains largely unverified because it lacks sufficient corresponding inline citations. Please help to improve this article by introducing more precise citations.(April 2011) (Learn how and when to remove this template message)
This article provides insufficient context for those unfamiliar with the subject. Please help by providing more context for the reader.(October 2009) (Learn how and when to remove this template message)
(Learn how and when to remove this template message)
Despite many proposals, few hash functions based on modular arithmetic have withstood attack, and most that have tend to be relatively inefficient. MASH-1 evolved from a long line of related proposals successively broken and repaired.
Standard[]
Committee Draft ISO/IEC 10118-4 (Nov 95)
Description[]
MASH-1 involves use of an RSA-like modulus , whose bitlength affects the security. is a product of two prime numbers and should be difficult to factor, and for of unknown factorization, the security is based in part on the difficulty of extracting modular roots.
Let be the length of a message block in bit. is chosen to have a binary representation a few bits longer than , typically .
The message is padded by appending the message length and is separated into blocks of length . From each of these blocks , an enlarged block of length is created by placing four bits from in the lower half of each byte and four bits of value 1 in the higher half. These blocks are processed iteratively by a compression function:
Where and . denotes the bitwise OR and the bitwise XOR.
From are now calculated more data blocks by linear operations (where denotes concatenation):
These data blocks are now enlarged to like above, and with these the compression process continues with eight more steps:
Finally the hash value is , where is a prime number with .[1]
MASH-2[]
There is a newer version of the algorithm called MASH-2 with a different exponent. The original is replaced by . This is the only difference between these versions.