Reference implementation of SipHash, a family of pseudorandom functions optimized for speed on short messages.
SipHash was designed as a mitigation to hash-flooding DoS attacks. It is now used in the hash tables implementation of Python, Ruby, Perl 5, etc.
SipHash was designed by Jean-Philippe Aumasson and Daniel J. Bernstein.
Running
makewill build sanity checks (test vectors) for SipHash-2-4, the default version of SipHash:
./siphash24_testverifies 64 test vectors, and
./siphash24_debugdoes the same and prints intermediate values.
The code can be adapted to implement SipHash-c-d, the version of SipHash with c compression rounds and d finalization rounds, by tweaking the lines
#define cROUNDS 2
#define dROUNDS 4Obviously, if the number of rounds is modified then the test vectors won't verify.
In addition to the original SipHash, which returns 64-bit tags, this
reference code implements an experimental mode to return 128-bit tags.
This mode is enabled when the constant DOUBLE is defined.
Running
make doublewill build siphash24_test_double and siphash24_debug_double.
SipHash with 128-bit tags targets PRF security with 128-bit key and 128-bit tags. In particular, any attack trying up to 2^s should succeed with probability at most 2^(s - 128).
The 128-bit mode is experimental, use at your own risk.
The SipHash reference code is released under CC0 license, a public domain-like licence.
We aren't aware of any patents or patent applications relevant to SipHash, and we aren't planning to apply for any.
The SipHash page includes
- a list of third-party implementations and modules
- a list of projects using SipHash
- references to cryptanalysis results