Questions tagged [siphash]

A fast 64-bit PRF that can be used as a MAC

SipHash is a fast 64-bit PRF with a 128-bit key. It has been designed by Aumasson and Bernstein to be a fast MAC for short inputs, due to its key agility and low per message performance cost. It is used to implement hash tables in some programming languages.

Despite its name, it is not a secure cryptographic hash function.

External resources:

Research paper: SipHash: a fast short-input PRF (pdf)
SipHash Website with links to implementations and cryptanalysis

12 questions

votes

2 answers

Is SipHash cryptographically secure?

I'm evaluating different hash algorithms for use in my application. One of the kind of algorithms I am looking at are cryptographically secure ones to protect against DOS attacks. SipHash seems pretty great, but the creators seem very careful to…

hash provable-security siphash

asked Jul 03 '14 at 21:06

GBleaney

votes

1 answer

SipHash's (non-)collision resistance

I'm very new to cryptography, and I need help understanding the security claims made in Aumasson and Bernstein's paper on the SipHash. In particular, I'm trying to understand the following statement at the end of section 3 (p. 6): We comment that…

hash mac collision-resistance siphash

asked May 05 '16 at 03:21

Luis Casillas

14,703
2
33
53

votes

2 answers

Same 64-bit preimage resistance security for SipHash and SHA-512/64?

If I have to chose a 64 bit preimage resistant hash function; will there be any difference in security between SipHash and SHA-512/64 (SHA-512 truncated to 64 bits)? How long will it take an attacker to find a 64 bit preimage (e.g., minutes,…

hash sha-2 preimage-resistance siphash

asked Aug 14 '15 at 13:16

Chris

1,029
7
17

votes

0 answers

Why is Siphash-128 considered "experimental"?

Why is Siphash-128 still considered "experimental"? What does this mean?

siphash

asked Apr 19 '16 at 21:30

Demi

4,853
1
22
40

votes

2 answers

Cryptanalysis of Marvin32 compared to SipHash

So I am curious about the security analysis of Marvin32, the randomized hash algorithm used in .NET (to prevent hash-table DoS). I found the source code here: marvin32.h, marvin32.c. At first glance, the construction looks really similar to that of…

cryptanalysis pseudo-random-function siphash

asked Jun 05 '15 at 04:50

Paya

votes

1 answer

Does SipHash have 64 bit (second) preimage security?

I was not able to find an explicit statement about the first and second preimage security of SipHash-2-4 or SipHash-4-8 anywhere. I think it should be 64 bits, but I'd feel safer if somebody who has more experience with such hash functions could…

hash preimage-resistance 2nd-preimage-resistance siphash

asked May 02 '15 at 06:06

Chris

1,029
7
17

votes

2 answers

Generate a unique 64 bit numeric database key without collisions at $2^{32}$ birthday threshold?

What is the best way to generate a unique 64 bit numeric database key from a string? For example: if the string is a URL, you could generate a 64 bit key using SipHash or by truncating a SHA256 hash to 64 bits, but collisions are likely at $2^{32}$…

hash collision-resistance sha-256 database siphash

asked Jun 10 '14 at 12:50

espeed

votes

1 answer

A fast non-cryptographic hash function that is "strong enough"?

I'm designing a simple one-time-password mechanism for authentication against a possibly-insecure server - i.e. I don't want to use symmetric shared secrets. The first idea that came into mind was using a hash-chain with a cryptographic hash…

hash siphash

asked Jan 25 '14 at 22:38

Ozo

vote

0 answers

Using cryptography to protect database integrity

I'm designing a micro-services system where each service manages some set of entities (User, Account, e.g). I want to be able to verify the authenticity of entity identifiers (e.g User-Id and Account-Id), to make sure the identifier was actually…

integrity siphash

asked Apr 21 '20 at 09:44

somdoron

vote

0 answers

Parallel MAC vs doubled rounds for SipHash, KMAC and others

SipHash 4-8 is documented by the authors as being about half the speed of SipHash 2-4 and is obviously the more conservative option. I was wondering from a security perspective how this would compare with performing SipHash 2-4 with two different…

mac siphash kmac

asked Jul 18 '18 at 12:42

MotiNK

vote

1 answer

SipHash-1-3 128 bit variant

I came across a 128 bit variant of the SipHash-1-3 function (as opposed to the original 64 bit output). I tried looking for any public cryptanalysis of this function but couldn't find any. Moreover, in this particular usage of sip128-1-3 the keys…

cryptanalysis collision-resistance siphash

asked Apr 13 '25 at 06:45

adamk

vote

0 answers

Short-input (<= 128 bit), short-output (<= 10 bit) MAC

I am faced with a problem of selecting an appropriate message authentication code (MAC) for a particular application. These are the constraints: I have two 64-bit integers $r_a$ and $r_s$ as input, where: $r_a < 2^{52}$ and $r_s < 2^{52}$ $r_a$ is…

mac performance siphash

asked Dec 02 '23 at 16:14

asnfkjsdx