SipHash: a fast short-input PRF
DOWNLOADS
|
ATTACKS
|
USERS
|
CRYPTANALYSIS
|
THIRD-PARTY IMPLEMENTATIONS
SipHash is a family of pseudorandom functions (a.k.a. keyed hash functions) optimized for speed on
short messages.
network traffic authentication and
defense against hash-flooding
DoS attacks.
secure, fast, and simple (for real):
SipHash is simpler and faster than previous cryptographic algorithms (e.g.
MACs based on universal hashing)
SipHash is competitive in performance with insecure
non-cryptographic algorithms (e.g. MurmurHash)
We propose that hash tables switch to SipHash as a hash function.
Users of SipHash already include FreeBSD, OpenDNS, Perl 5, Ruby, or Rust.
64-bit strings.
A version returning 128-bit strings was later created, based on demand from users.
Intellectual property:
We aren't aware of any patents or patent applications relevant to
SipHash, and we aren't planning to apply for any.
The reference code of
SipHash is released under CC0 license, a public domain-like license.
[email protected] [email protected]
Attacks
Jointly with Martin Boßlet , we demonstrated weaknesses in
MurmurHash (used in Ruby, Java, etc.), CityHash (used in Google), and in
Python's hash.
Some of the technologies affected have switched to SipHash.
See this oCERT advisory ,
and the following resources:
Slides of the presentation
"Hash-flooding DoS reloaded: attacks and defenses" at the 29th Chaos
Communications Congress (Aumasson, Bernstein, Boßlet)
Slides of the presentation
"Hash-flooding DoS reloaded: attacks and defenses" at Application
Security Forum Western Switzerland 2012 (Aumasson, Boßlet)
Proof-of-concept
code for CRuby, JRuby, Rubinius, and Java
C++ program to find
universal (key-independent) multicollisions for CityHash64 C++ program to find
universal (key-independent) multicollisions for MurmurHash2 C++ program to find
universal (key-independent) multicollisions for MurmurHash3 Python script to recover the secret seed of the
hash randomization in Python 2.7.3 and 3.2.3
Users
Users of SipHash include:
OpenSSL :
libcrypto includes SipHashSodium :
SipHash-2-4 is the "shorthash" function in libsodium
Rust : SipHash-2-4 is used in the
hash tables implementation of this "safe, concurrent,
practical language" developed by Mozilla (patch ,
sip.rs ).
Python :
SipHash-2-4 is used as hash() "on all major platforms" (patch , PEP )
Wireguard :
SipHash-2-4 is used in hash tables of the Wireguard VPN
Expat :
libexpat uses SipHash in its XML parser
Bloomberg : SipHash-2-4 is one
of the hashes in Bloomberg's Basic Development Environment (documentation ,
code )
OpenBSD : SipHash-2-4 and
SipHash-4-8 have been committed under sys/crypto ,
and SipHash-2-4 is to be used in the in_pcb
hashing , and in other places
Shardmap : SipHash-2-4
is the hash function of this directory indexing system, "the designated
successor of HTree"
SoundHound , which "makes heavy use" of SipHash
FreeBSD :
SipHash-2-4 is used to protect SYN cookies from forgeries (code , revision )
Hashable :
SipHash-2-4 is used to hash objects in this Haskell package part of
the Haskell Platform (blog )
Rubinius : SipHash-2-4 is used in the hash tables
implementation (commit )
JRuby : SipHash-2-4 is the optional algorithm in the hash
tables implementation (commit )
Perl 5 : SipHash-2-4 is optional
in Perl builds
(commit ,
code )
Redis : SipHash-2-4 is used in the hash
tables implementation of this advanced key-value data store (pull request )
Ruby : SipHash-2-4 is used in the hash tables
implementation (vulnerability
report , changelog )
OpenDNS : SipHash-2-4 is used in the dnscache instances of all OpenDNS
resolvers (patch ).
Third-party implementations
2016 Aug 2: Pavel Werl.
siphash
2016 Mar 21: Sedat Kapanoglu.
HashDepot
2016 Mar 3: Frank Denis.
siphash-avx2
2016 Mar 2: Jan Wassenberg and Jyrki Alakuijala.
highwayhash
2016 Feb 23: Joel Holdsworth.
siphashsum
2015 Mar 6: InfraRuby Vision.
siphash-ir
2015 Feb 13: Pedro Emílio Machado de Brito.
siphash
2014 Sep 6: Damien Gryski.
SipHash
2014 Feb 8: Sylvain Laperche.
SipHash
2014 Jan 19: Twoje radio.
siple
2013 Aug 8: Evan Hanson.
siphash
2013 Jul 6: Sebastian Gesemann.
siphashxx
2013 Jun 13: Matthew Ford.
SipHash Java Library
2013 Jun 10: Matthew Ford.
SipHash Library
for Arduino
2013 Apr 7: Joachim Strömbergson.
siphash_6502
2013 Feb 18: Dan Kogai.
p5-digest-siphash
2013 Feb 6: Marek Majkowski.
Bitsliced
SipHash
2013 Feb 6: Marek Majkowski.
csiphash
2013 Feb 6: Marek Majkowski.
pysiphash
2013 Feb 3: Philipp Jovanovic.
siphash
2013 Jan 25: Ulrik Sverdrup.
siphash
2013 Jan 16: Joachim Strömbergson.
siphash_core
2012 Dec 19: Clifford Hammerschmidt.
ch-siphash package )
2012 Dec 16: Bo Zhu.
siphash-python
2012 Dec 4: Masahiro Nakagawa.
siphash-d
2012 Nov 6: Hiroshi Nakamura.
siphash-java-inline
2012 Nov 6: William Ahern.
siphash.h: SipHash-2-4
2012 Nov 6: Gregory Petrosyan.
siphash
2012 Oct 4: Brian S. Julin.
SipHash.pm6
2012 Oct 2: Bryan O'Sullivan.
SipHash.hs
2012 Aug 8: Damian Gryski.
siphash-rust
2012 Jul 4: Samuel Neves.
SUPERCOP )
2012 Jun 29: David Lazar.
siphash-cryptol
2012 Jun 28: Frank Denis.
siphash-erlang
2012 Jun 26: Brandon Haynes.
siphash-chsarp
2012 Jun 24: Vincent Hanquez.
hs-siphash
2012 Jun 24: Martin Boßlet.
siphash-ruby .
2012 Jun 24: Martin Boßlet.
siphash-java
2012 Jun 23: Robert Brown.
sip-hash
2012 Jun 23: Martin Boßlet.
siphash-c
2012 Jun 23: Frank Denis.
siphash-js
2012 Jun 23: Frank Denis.
siphash-php
2012 Jun 21: Floodyberry.
siphash
2012 Jun 20: Dmitry Chestnykh.
siphash