This article has multiple issues. Please helpimprove it or discuss these issues on thetalk page.(Learn how and when to remove these messages) This articleneeds additional citations forverification. Please helpimprove this article byadding citations to reliable sources. Unsourced material may be challenged and removed. Find sources: "MASH-1" – news ·newspapers ·books ·scholar ·JSTOR(April 2011) (Learn how and when to remove this message) This article includes a list ofgeneral references, butit lacks sufficient correspondinginline citations. Please help toimprove this article byintroducing more precise citations.(April 2011) (Learn how and when to remove this message) (Learn how and when to remove this message)

For acryptographic hash function (a mathematicalalgorithm), aMASH-1 (Modular Arithmetic Secure Hash) is ahash function based onmodular arithmetic.

Despite many proposals, few hash functions based on modular arithmetic have withstood attack, and most that have tend to be relatively inefficient. MASH-1 evolved from a long line of related proposals successively broken and repaired.

Committee Draft ISO/IEC 10118-4 (Nov 95)

MASH-1 involves use of anRSA-like modulus${\displaystyle N}$, whose bitlength affects the security.${\displaystyle N}$ is a product of twoprime numbers and should be difficult tofactor, and for${\displaystyle N}$ of unknown factorization, the security is based in part on the difficulty of extracting modular roots.

Let${\displaystyle L}$ be the length of a message block inbit.${\displaystyle N}$ is chosen to have a binary representation a few bits longer than${\displaystyle L}$, typically.

The message is padded by appending the message length and is separated into blocks${\displaystyle D_1,\cdots ,D_q}$ of length${\displaystyle L/2}$. From each of these blocks${\displaystyle D_i}$, an enlarged block${\displaystyle B_i}$ of length${\displaystyle L}$ is created by placing four bits from${\displaystyle D_i}$ in the lower half of each byte and four bits of value 1 in the higher half. These blocks are processed iteratively by a compression function:

${\displaystyle H_0=IV}$

${\displaystyle H_i=f(B_i,H_{i-1})=((((B_i\oplus H_{i-1})\vee E{)}^{e}modN){mod2}^L)\oplus H_{i-1};i=1,\cdots ,q}$

Where${\displaystyle E=15\cdot 2^{L-4}}$ and${\displaystyle e=2}$.${\displaystyle \vee }$ denotes thebitwise OR and${\displaystyle \oplus }$ thebitwise XOR.

From${\displaystyle H_q}$ are now calculated more data blocks${\displaystyle D_{q+1},\cdots ,D_{q+8}}$ by linear operations (where${\displaystyle \Vert }$ denotes concatenation):

${\displaystyle H_q=Y_1\Vert Y_3\Vert Y_0\Vert Y_2;|Y_i|=L/4}$

${\displaystyle Y_i=Y_{i-1}\oplus Y_{i-4};i=4,\cdots ,15}$

${\displaystyle D_{q+i}=Y_{2i-2}\Vert Y_{2i-1};i=1,\cdots ,8}$

These data blocks are now enlarged to${\displaystyle B_{q+1},\cdots ,B_{q+8}}$ like above, and with these the compression process continues with eight more steps:

${\displaystyle H_i=f(B_i,H_{i-1});i=q+1,\cdots ,q+8}$

Finally the hash value is${\displaystyle H_{q+8}modp}$, where${\displaystyle p}$ is a prime number with.^[1]

There is a newer version of the algorithm called MASH-2 with a different exponent. The original${\displaystyle e=2}$ is replaced by${\displaystyle e=2^8+1}$. This is the only difference between these versions.

• A. Menezes, P. van Oorschot,S. Vanstone,Handbook of Applied Cryptography,ISBN 0-8493-8523-7

• Cryptographic hash functions

• Articles with short description
• Short description matches Wikidata
• Articles needing additional references from April 2011
• All articles needing additional references
• Articles lacking in-text citations from April 2011
• All articles lacking in-text citations
• Articles with multiple maintenance issues