Is SipHash cryptographically secure?

Question

I'm evaluating different hash algorithms for use in my application. One of the kind of algorithms I am looking at are cryptographically secure ones to protect against DOS attacks.

SipHash seems pretty great, but the creators seem very careful to not call it "cryptographically secure".

In the SipHash paper (PDF), they call it “cryptographically strong”, but not secure. Is there any reason to trust SipHash over SpookyHash if both have no known DOS attacks and neither is “cryptographically secure”?

Answer 1

A fast 64-bit hash cannot be completely secure, since a $2^{32}$ brute force collision search is completely doable, and even a $2^{64}$ preimage attack could be feasible.

As a MAC used for hash table keying, that doesn't really matter (unless you leak the key). Finding just a few collisions isn't a problem and gathering statistics for an attack would probably already constitute a DOS attack.

That is to say, SipHash isn't a secure hash function, but should be a strong PRF and thus a secure MAC.

Answer 2

This may just be a matter of terminology.

A claim that an algorithm is "secure" is meaningless without qualifying/quantifying what it is secure against. Conventionally, the security/strength of cryptographic primitives is described and analysed in terms of computational and memory cost (i.e. secure against an attacker capable of performing a certain number of computations and using a certain amount of memory).

The SipHash authors argue that SipHash is a strong PRF, and make claims/arguments for the level of strength, and later in the SipHash specification the authors equate strength to "level of security".

SipHash-c-d with c ≥ 2 and d ≥ 4 is expected to provide the maximum PRF security possible (and therefore also the maximum MAC security possible). Our fast proposal is thus SipHash-2-4. SipHash-2-4.

We define SipHash-c-d for larger c and d to provide a higher security margin: our conservative proposal is SipHash-4-8, which is about half the speed of SipHash-2-4