MASH-1

Last updated January 09, 2024

For a cryptographic hash function (a mathematical algorithm), a MASH-1 (Modular Arithmetic Secure Hash) is a hash function based on modular arithmetic.

History

Despite many proposals, few hash functions based on modular arithmetic have withstood attack, and most that have tend to be relatively inefficient. MASH-1 evolved from a long line of related proposals successively broken and repaired.

Standard

Committee Draft ISO/IEC 10118-4 (Nov 95)

Description

MASH-1 involves use of an RSA-like modulus $N$ , whose bitlength affects the security. $N$ is a product of two prime numbers and should be difficult to factor, and for $N$ of unknown factorization, the security is based in part on the difficulty of extracting modular roots.

Let $L$ be the length of a message block in bit. $N$ is chosen to have a binary representation a few bits longer than $L$ , typically $L<|N|\leq L+16$ .

The message is padded by appending the message length and is separated into blocks $D_{1},\cdots ,D_{q}$ of length $L/2$ . From each of these blocks $D_{i}$ , an enlarged block $B_{i}$ of length $L$ is created by placing four bits from $D_{i}$ in the lower half of each byte and four bits of value 1 in the higher half. These blocks are processed iteratively by a compression function:

H_{0}=IV

H_{i}=f(B_{i},H_{i-1})=((((B_{i}\oplus H_{i-1})\vee E)^{e}{\bmod {N}}){\bmod {2}}^{L})\oplus H_{i-1};\quad i=1,\cdots ,q

Where $E=15\cdot 2^{L-4}$ and $e=2$ . $\vee$ denotes the bitwise OR and $\oplus$ the bitwise XOR.

From $H_{q}$ are now calculated more data blocks $D_{q+1},\cdots ,D_{q+8}$ by linear operations (where $\|$ denotes concatenation):

H_{q}=Y_{1}\,\|\,Y_{3}\,\|\,Y_{0}\,\|\,Y_{2};\quad |Y_{i}|=L/4

Y_{i}=Y_{i-1}\oplus Y_{i-4};\quad i=4,\cdots ,15

D_{q+i}=Y_{2i-2}\,\|\,Y_{2i-1};\quad i=1,\cdots ,8

These data blocks are now enlarged to $B_{q+1},\cdots ,B_{q+8}$ like above, and with these the compression process continues with eight more steps:

H_{i}=f(B_{i},H_{i-1});\quad i=q+1,\cdots ,q+8

Finally the hash value is $H_{q+8}{\bmod {p}}$ , where $p$ is a prime number with $7\cdot 2^{L/2-3}<p<2^{L/2}$ .^[1]

MASH-2

There is a newer version of the algorithm called MASH-2 with a different exponent. The original $e=2$ is replaced by $e=2^{8}+1$ . This is the only difference between these versions.

Related Research Articles

<span class="mw-page-title-main">Quadratic reciprocity</span> Gives conditions for the solvability of quadratic equations modulo prime numbers

In number theory, the law of quadratic reciprocity is a theorem about modular arithmetic that gives conditions for the solvability of quadratic equations modulo prime numbers. Due to its subtlety, it has many formulations, but the most standard statement is:

The Digital Signature Algorithm (DSA) is a public-key cryptosystem and Federal Information Processing Standard for digital signatures, based on the mathematical concept of modular exponentiation and the discrete logarithm problem. DSA is a variant of the Schnorr and ElGamal signature schemes.

In computer programming, a bitwise operation operates on a bit string, a bit array or a binary numeral at the level of its individual bits. It is a fast and simple action, basic to the higher-level arithmetic operations and directly supported by the processor. Most bitwise operations are presented as two-operand instructions where the result replaces one of the input operands.

The Rabin cryptosystem is a family of public-key encryption schemes based on a trapdoor function whose security, like that of RSA, is related to the difficulty of integer factorization.

The Paillier cryptosystem, invented by and named after Pascal Paillier in 1999, is a probabilistic asymmetric algorithm for public key cryptography. The problem of computing n-th residue classes is believed to be computationally difficult. The decisional composite residuosity assumption is the intractability hypothesis upon which this cryptosystem is based.

KCDSA is a digital signature algorithm created by a team led by the Korea Internet & Security Agency (KISA). It is an ElGamal variant, similar to the Digital Signature Algorithm and GOST R 34.10-94. The standard algorithm is implemented over $, but an elliptic curve variant (EC-KCDSA) is also specified.$

The Ramanujan tau function, studied by Ramanujan (1916), is the function $:\mathbb {N} \rightarrow \mathbb {Z} }$ defined by the following identity:

In mathematics, Hensel's lemma, also known as Hensel's lifting lemma, named after Kurt Hensel, is a result in modular arithmetic, stating that if a univariate polynomial has a simple root modulo a prime number $p$ , then this root can be lifted to a unique root modulo any higher power of $p$ . More generally, if a polynomial factors modulo $p$ into two coprime polynomials, this factorization can be lifted to a factorization modulo any higher power of $p$ .

Poly1305 is a universal hash family designed by Daniel J. Bernstein for use in cryptography.

The ElGamal signature scheme is a digital signature scheme which is based on the difficulty of computing discrete logarithms. It was described by Taher Elgamal in 1985.

The GOST hash function, defined in the standards GOST R 34.11-94 and GOST 34.311-95 is a 256-bit cryptographic hash function. It was initially defined in the Russian national standard GOST R 34.11-94 Information Technology – Cryptographic Information Security – Hash Function. The equivalent standard used by other member-states of the CIS is GOST 34.311-95.

The Blum–Goldwasser (BG) cryptosystem is an asymmetric key encryption algorithm proposed by Manuel Blum and Shafi Goldwasser in 1984. Blum–Goldwasser is a probabilistic, semantically secure cryptosystem with a constant-size ciphertext expansion. The encryption algorithm implements an XOR-based stream cipher using the Blum-Blum-Shub (BBS) pseudo-random number generator to generate the keystream. Decryption is accomplished by manipulating the final state of the BBS generator using the private key, in order to find the initial seed and reconstruct the keystream.

The Tonelli–Shanks algorithm is used in modular arithmetic to solve for r in a congruence of the form r² ≡ n, where p is a prime: that is, to find a square root of n modulo p.

In mathematics and computing, universal hashing refers to selecting a hash function at random from a family of hash functions with a certain mathematical property. This guarantees a low number of collisions in expectation, even if the data is chosen by an adversary. Many universal families are known, and their evaluation is often very efficient. Universal hashing has numerous uses in computer science, for example in implementations of hash tables, randomized algorithms, and cryptography.

A rolling hash is a hash function where the input is hashed in a window that moves through the input.

Homomorphic encryption is a form of encryption that allows computations to be performed on encrypted data without first having to decrypt it. The resulting computations are left in an encrypted form which, when decrypted, result in an output that is identical to that produced had the operations been performed on the unencrypted data. Homomorphic encryption can be used for privacy-preserving outsourced storage and computation. This allows data to be encrypted and out-sourced to commercial cloud environments for processing, all while encrypted.

Threefish is a symmetric-key tweakable block cipher designed as part of the Skein hash function, an entry in the NIST hash function competition. Threefish uses no S-boxes or other table lookups in order to avoid cache timing attacks; its nonlinearity comes from alternating additions with exclusive ORs. In that respect, it is similar to Salsa20, TEA, and the SHA-3 candidates CubeHash and BLAKE.

In cryptography, Very Smooth Hash (VSH) is a provably secure cryptographic hash function invented in 2005 by Scott Contini, Arjen Lenstra and Ron Steinfeld. Provably secure means that finding collisions is as difficult as some known hard mathematical problem. Unlike other provably secure collision-resistant hashes, VSH is efficient and usable in practice. Asymptotically, it only requires a single multiplication per log(n) message-bits and uses RSA-type arithmetic. Therefore, VSH can be useful in embedded environments where code space is limited.

In discrete mathematics, ideal lattices are a special class of lattices and a generalization of cyclic lattices. Ideal lattices naturally occur in many parts of number theory, but also in other areas. In particular, they have a significant place in cryptography. Micciancio defined a generalization of cyclic lattices as ideal lattices. They can be used in cryptosystems to decrease by a square root the number of parameters necessary to describe a lattice, making them more efficient. Ideal lattices are a new concept, but similar lattice classes have been used for a long time. For example, cyclic lattices, a special case of ideal lattices, are used in NTRUEncrypt and NTRUSign.

Badger is a Message Authentication Code (MAC) based on the idea of universal hashing and was developed by Boesgaard, Scavenius, Pedersen, Christensen, and Zenner. It is constructed by strengthening the ∆-universal hash family MMH using an ϵ-almost strongly universal (ASU) hash function family after the application of ENH, where the value of ϵ is $. Since Badger is a MAC function based on the universal hash function approach, the conditions needed for the security of Badger are the same as those for other universal hash functions such as UMAC.$

References

↑ Smashing MASH-1, Vladimir Antipkin

A. Menezes, P. van Oorschot, S. Vanstone, Handbook of Applied Cryptography, ISBN 0-8493-8523-7

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Smashing MASH-1, Vladimir Antipkin

[1]