[Resource Topic] 2009/232: MeshHash2

Welcome to the resource topic for 2009/232

Title:
MeshHash2

Authors: Björn Fay

Abstract:

This specification describes a modification of a candidate for SHA-3, named MeshHash. The first version had a flaw in it, it was possible to mount a second preimage attack [Tho08]. So MeshHash has not fulfilled the requirements for SHA-3 anymore and hence was conceded broken. Furthermore there was a bug in the reference implementation: The macro for rotation of a word computed an undefined value if it should rotate a word by 0 bit. But since the flaw can be easily fixed, which was already implemented in a preliminary version, it seems to be a good idea to publish MeshHash2 as a patch and see if it might be useful for further research or even usage. The patch uses a feedback, which increases the memory usage, but doesn’t give more security against a straight forward collision attack, which was the reason it has been dropped from the preliminary version of MeshHash. This specification is the patched version of MeshHash, named MashHash2. It is a very flexible but conservative design with primarily security in mind and only secondarily speed. But it achieves about the same speed as the SHA-2 family and security up to 16320 bit. It can also be used in a keyed version as PRF or PRG and hence build a stream-cipher of it.

ePrint: https://eprint.iacr.org/2009/232

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .