SMASH – A Cryptographic Hash Function

  • Lars R. Knudsen
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3557)


This paper presents a new hash function design, which is different from the popular designs of the MD4-family. Seen in the light of recent attacks on MD4, MD5, SHA-0, SHA-1, and on RIPEMD, there is a need to consider other hash function design strategies. The paper presents also a concrete hash function design named SMASH. One version has a hash code of 256 bits and appears to be at least as fast as SHA-256.


Hash Function Block Cipher Advance Encryption Standard Bijective Mapping Compression Function 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Clausen, M.: An implementation of SMASH-256. Private communicationsGoogle Scholar
  2. 2.
    Biham, E., Chen, R.: Near-collisions of SHA-0. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 290–305. Springer, Heidelberg (2004)Google Scholar
  3. 3.
    Anderson, R.J., Biham, E., Knudsen, L.R.: SERPENT - a 128-bit block cipher. A candidate for the Advanced Encryption Standard. Documentation, available at
  4. 4.
    Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1–15. Springer, Heidelberg (1996)Google Scholar
  5. 5.
    Daemen, J.: A new approach to block cipher design. In: Anderson, R. (ed.) FSE 1993. LNCS, vol. 809, pp. 18–32. Springer, Heidelberg (1994)Google Scholar
  6. 6.
    Damgård, I.B.: A design principle for hash functions. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 416–427. Springer, Heidelberg (1990)Google Scholar
  7. 7.
    Dobbertin, H., Bosselaers, A., Preneel, B.: RIPEMD-160: A strenghened version of RIPEMD. In: Gollmann, D. (ed.) FSE 1996. LNCS, vol. 1039, pp. 71–82. Springer, Heidelberg (1996)Google Scholar
  8. 8.
  9. 9.
    Lai, X.: On the design and security of block ciphers. In: Massey, J.L. (ed.) ETH Series in Information Processing, vol. 1, Hartung-Gorre Verlag, Konstanz (1992)Google Scholar
  10. 10.
    Lai, X., Massey, J.L.: Hash functions based on block ciphers. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 55–70. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  11. 11.
    Merkle, R.: One way hash functions and DES. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 428–446. Springer, Heidelberg (1990)Google Scholar
  12. 12.
    Osvik, D.A.: Speeding Up Serpent. In: Third Advanced Encryption Standard Candidate Conference, New York, USA, April 13–14, pp. 317–329. NIST (2000)Google Scholar
  13. 13.
    NIST. Secure hash standard. FIPS 180-1, US Department of Commerce, Washington D.C. (April 1995)Google Scholar
  14. 14.
    NIST. Secure hash standard. FIPS 180-2, US Department of Commerce, Washington D.C. (August 2002)Google Scholar
  15. 15.
    Pramstaller, N., Rechberger, C., Rijmen, V.: Smashing SMASH. The IACR Eprint Archive, 2005/081Google Scholar
  16. 16.
    Preneel, B.: Analysis and Design of Cryptographic Hash Functions. PhD thesis, Katholieke Universiteit Leuven (January 1993)Google Scholar
  17. 17.
    Preneel, B., Govaerts, R., Vandewalle, J.: On the power of memory in the design of collision resistant hash functions. In: Zheng, Y., Seberry, J. (eds.) AUSCRYPT 1992. LNCS, vol. 718, pp. 105–121. Springer, Heidelberg (1993)Google Scholar
  18. 18.
    Rijmen, V., Oswald, E.: Update on SHA-1. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 58–71. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  19. 19.
    Rivest, R.L.: The MD4 message digest algorithm. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 303–311. Springer, Heidelberg (1991)Google Scholar
  20. 20.
    Rivest, R.L.: The MD5 message-digest algorithm. Request for Comments (RFC) 1321, Internet Activities Board, Internet Privacy Task Force (April 1992)Google Scholar
  21. 21.
    Wang, X., Feng, D., Lai, X., Yu, H.: Collisions for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD. Cryptology ePrint Archive, Report 2004/199. Available at

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Lars R. Knudsen
    • 1
  1. 1.Department of MathematicsTechnical University of Denmark 

Personalised recommendations