For a cryptographic hash function (a mathematical algorithm), a MASH-1 (Modular Arithmetic Secure Hash) is a hash function based on modular arithmetic.

Despite many proposals, few hash functions based on modular arithmetic have withstood attack, and most that have tend to be relatively inefficient. MASH-1 evolved from a long line of related proposals successively broken and repaired.

Committee Draft ISO/IEC 10118-4 (Nov 95)

MASH-1 involves use of an RSA-like modulus ${\displaystyle N}$, whose bitlength affects the security. ${\displaystyle N}$ is a product of two prime numbers and should be difficult to factor, and for ${\displaystyle N}$ of unknown factorization, the security is based in part on the difficulty of extracting modular roots.

Let ${\displaystyle L}$ be the length of a message block in bit. ${\displaystyle N}$ is chosen to have a binary representation a few bits longer than ${\displaystyle L}$, typically ${\displaystyle L<|N|\leq L+16}$.

The message is padded by appending the message length and is separated into blocks ${\displaystyle D_{1},\cdots ,D_{q}}$ of length ${\displaystyle L/2}$. From each of these blocks ${\displaystyle D_{i}}$, an enlarged block ${\displaystyle B_{i}}$ of length ${\displaystyle L}$ is created by placing four bits from ${\displaystyle D_{i}}$ in the lower half of each byte and four bits of value 1 in the higher half. These blocks are processed iteratively by a compression function:

Where ${\displaystyle E=15\cdot 2^{L-4}}$ and ${\displaystyle e=2}$. ${\displaystyle \vee }$ denotes the bitwise OR and ${\displaystyle \oplus }$ the bitwise XOR.

From ${\displaystyle H_{q}}$ are now calculated more data blocks ${\displaystyle D_{q+1},\cdots ,D_{q+8}}$ by linear operations (where ${\displaystyle \|}$ denotes concatenation):