A universal one-way hash function (or UOWHF), also known as a target-collision-resistant (or TCR) hash function, is a randomized hash function $H_r(m)$ with the following security: If an adversary commits to a message $m$, then upon being challenged with a random $r$, the adversary cannot find a distinct message $m' \ne m$ such that $H_r(m) = H_r(m')$. (More details, background, history, and references on UOWHF/TCR, particularly in signature applications.)
Any collision-resistant hash function is obviously also TCR, but TCR is a much weaker security property—much all major ‘cryptographic hash functions’ like SHA-256 including broken ones like MD5 are generally conjectured to exhibit TCR in prefix-hash form $H(r \mathbin\| m)$ and in HMAC form $\operatorname{HMAC-\!}H_r(m)$, but in the off chance that they don't (the Merkle–Damgård construction does not necessarily preserve TCR), there's a generic construction called RMX from Halevi and Krawczyk's research program on randomized signatures, which was standardized by NIST in SP 800-106. If you like more modern flavors, you could use keyed BLAKE2 or KMAC128 too, since TCR—and the slightly stronger eTCR—was an explicit design goal for SHA-3.
If you want a smaller digest, just truncate the hash function; if you want a larger digest, the easiest way is to use an XOF like the SHA-3 function SHAKE128 or like BLAKE2x. You could also use SHA-256 in ‘CTR mode’, yielding $H(r \mathbin\| m \mathbin\| 0) \mathbin\| H(r \mathbin\| m \mathbin\| 1) \mathbin\| H(r \mathbin\| m \mathbin\| 2) \mathbin\| \dotsb$, provided you make sure to pad it unambiguously, or use a standard (if somewhat more complicated) construction like HKDF-SHA256 or MGF1 of PKCS#1.
