The GOST hash function, defined in the standards GOST R 34.11-94 and GOST 34.311-95 is a 256-bit cryptographic hash function. It was initially defined in the Russian national standard GOST R 34.11-94 Information Technology – Cryptographic Information Security – Hash Function. The equivalent standard used by other member-states of the CIS is GOST 34.311-95.

This function must not be confused with a different Streebog hash function, which is defined in the new revision of the standard GOST R 34.11-2012.^[2]

The GOST hash function is based on the GOST block cipher.

Algorithm

GOST processes a variable-length message into a fixed-length output of 256 bits. The input message is broken up into chunks of 256-bit blocks (eight 32-bit little endian integers); the message is padded by appending as many zeros to it as are required to bring the length of the message up to 256 bits. The remaining bits are filled up with a 256-bit integer arithmetic sum of all previously hashed blocks and then a 256-bit integer representing the length of the original message, in bits.

Basic notation

The algorithm descriptions uses the following notation:

• ${\displaystyle {\mathcal {f}}0{\mathcal {g}}^{j}}$ — j-bit block filled with zeroes.
• ${\displaystyle {\mathcal {j}}M{\mathcal {j}}}$ — length of the M block in bits modulo 2²⁵⁶.
• ${\displaystyle {\mathcal {k}}}$ — concatenation of two blocks.
• ${\displaystyle +}$ — arithmetic sum of two blocks modulo 2²⁵⁶.
• ${\displaystyle \oplus }$ — logical xor of two blocks.

Further we consider that the little-order bit is located at the left of a block, and the high-order bit at the right.

Description

The input message ${\displaystyle M}$ is split into 256-bit blocks ${\displaystyle m_{n},\,m_{n-1},\,m_{n-2},\,\ldots ,\,m_{1}}$. In the case the last block ${\displaystyle m_{n}}$ contains less than 256 bits, it is prepended left by zero bits to achieve the desired length.

Each block is processed by the step hash function ${\displaystyle H_{\text{out}}=f(H_{\text{in}},\,m)}$, where ${\displaystyle H_{\text{out}}}$, ${\displaystyle H_{\text{in}}}$, ${\displaystyle m}$ are a 256-bit blocks.

Each message block, starting the first one, is processed by the step hash function ${\displaystyle f}$, to calculate intermediate hash value

${\displaystyle \!H_{i+1}=f(H_{i},\,m_{i})}$

The ${\displaystyle H_{1}}$ value can be arbitrary chosen, and usually is ${\displaystyle 0^{256}}$.

After ${\displaystyle H_{n+1}}$ is calculated, the final hash value is obtained in the following way

• ${\displaystyle H_{n+2}=f(H_{n+1},\,L)}$, where L — is the length of the message M in bits modulo ${\displaystyle 2^{256}}$
• ${\displaystyle h=f(H_{n+2},\,K)}$, where K — is 256-bit control sum of M: ${\displaystyle m_{1}+m_{2}+m_{3}+\ldots +m_{n}}$

The ${\displaystyle h}$ is the desired value of the hash function of the message M.

So, the algorithm works as follows.

1. Initialization:
   1. ${\displaystyle h:={\text{initial}}}$ — Initial 256-bit value of the hash function, determined by user.
   2. ${\displaystyle \Sigma :=0}$ — Control sum
   3. ${\displaystyle L:=0}$ — Message length
2. Compression function of internal iterations: for i = 1 … n — 1 do the following (while ${\displaystyle |M|>256}$):
   1. ${\displaystyle h:=f(h,\,m_{i})}$ – apply step hash function
   2. ${\displaystyle L:=L+256}$ – recalculate message length
   3. ${\displaystyle \Sigma :=\Sigma +m_{i}}$ – calculate control sum
3. Compression function of final iteration:
   1. ${\displaystyle L:=L+{\mathcal {j}}\,m_{n}\,{\mathcal {j}}}$ – calculate the full message length in bits
   2. ${\displaystyle m_{n}:={0}^{256-{\mathcal {j}}m_{n}{\mathcal {j}}}{\mathcal {k}}m_{n}}$ – pad the last message with zeroes
   3. $$Zdroj:https://en.wikipedia.org?pojem=GOST_(hash_function)
      Text je dostupný za podmienok Creative Commons Attribution/Share-Alike License 3.0 Unported; prípadne za ďalších podmienok. Podrobnejšie informácie nájdete na stránke Podmienky použitia.

      ---