The hashing algorithms of the MCSSHA family were developed during 2008 - 2013. The first versions of MCSSHA-3 and MCSSHA-4 were intended for the NIST-held SHA-3 competition. Later versions of MCSSHA-5 and MCSSHA-6 were developed, as well as a test program for testing the speed of hashing.




























Latest version

    The latest version of MCSSHA hash function, MCSSHA-8, was introduced in 2014 on Password Hashing Competition. The source code and description are available on the PHC website.

    This hash function can be useful for crypto currency. Why?

    1) its implementation is very simple. Program size - near 5 kb.

    2) this is a very fast algorithm.

    3) JP Aumasson on PHC conference in Las Vegas august, 5 of 2014 said that MCSSHA-8 "is more security" that previous versions of MCSSHA.


MCSSHA history            Cryptography expertise MCSSHA                    Speed of MCSSHA                           


MCSSHA-4                  SHA-3 speed tests




MCSSHA-8 (eng)

MCSSHA-8 (ru)



The history

    SHA-1 is not stable! This news flew around the cryptographic world in 2005. But SHA-1 is a hash algorithm, and there are no secret keys in the hashing algorithm, nothing is encrypted here, what is meant by its persistence? Here it should be noted that one of the main uses of the hash algorithm is an electronic signature, when for the application of the mathematical apparatus of an electronic signature the message of arbitrary length must be "compressed" into its hash function of fixed length, from which the signature is then calculated using a secret asymmetric key, and using of an open one is checked. Here the word "compressed" is intentionally put in quotation marks, since the classical compression assumes the possibility of the subsequent restoration of the original message from the compressed text, and for the hashing algorithm, on the contrary, the possibility of restoring the original message from its hash function should be practically umpossible. How difficult it is for a hash function to restore a hashed message or to get any information about it is the first criterion for estimating the persistence of a hash function.

    Messages of arbitrary length are infinitely large, and the values ​​of a fixed-length hash function are finite; therefore, there are certainly different messages that have the same hash functions. How difficult it is to find them is the second criterion for the stability of the hashing algorithm. A pair of messages with the same hash functions in cryptography is usually called a collision of hash functions, and there are two kinds of collisions: the first, when you want to select a message with the same hash function to some fixed message, and the second, when you just need to find an arbitrary pair of messages with the same hash functions.

    Let's try to imagine an ideal hash function, i.e. one for which for each of the above criteria the best of the estimates is brute force, a method of brute force. What are the brute force estimates for the hash function?

    Let's start with the first criterion. Here, like, everything is clear: we pull random messages, calculate the hash function for each of them and check it for a coincidence with the value of the hash function that we have. If we assume that the length of the hash function is 2n bits, then the most efficient method should be the choice of random messages and each of them should give a random and equiprobable vector of length n as a hash function, or, in official language, preimage resistance of approximately n bits. The same estimate will also be true for finding a collision of the first kind. But to find a collision of the second grade will require an average of 2n / 2 tests - then comes into effect the paradox of birthdays. In the official language mentioned above, this is called collision resistance of approximately n / 2 bits. This is the picture of an ideal hash function.

    What happened to SHA1? Bruce Schneier's article Cryptanalysis of SHA-1, published on February 18, 2005, states that three Chinese cryptographers were able to find a method of constructing a second-class collision for SHA1 for 269 operations. If you consider that the length of the SHA1 hash function is 20 bytes or 160 bits, then an ideal hash function of this length should require an average of 280 tests to solve a similar problem. Therefore, SHA1, as follows from this article, is not an ideal hash function. A 269 is about 1021. It's not so astronomical, but from the cryptographic point of view it's just critical. Bruce Schneier gives estimates of the time and complexity of its practical solution - 1,757 days (4.81 years) by 33,125 users.

    SHA1 is now, perhaps, the most widespread in the world of hashing algorithms. Even such purely abstract suspicions of its unreliability forced the American NIST (National Institute of Standard and Technology) to take urgent measures. On November 2, 2007, an open tender for the development of hash functions of the third generation SHA-3 was announced. Here it should be noted that the second-generation hash functions SHA-2 already exist, they were developed by the American NSA, but for some reason NIST decided to hedge and hold an open competition for SHA-3.

    The requirements for SHA-3 candidates were published on the NIST website (copy of the NIST requirements), if we took their cryptographic part, then the demand was the same: NIST needed ideal hash functions, which do not allow for the currently known methods of analysis other than brute force.