http://en.zaoniao.it/index.php?action=history&feed=atom&title=SipHashSipHash - Revision history2026-05-15T10:22:37ZRevision history for this page on the wikiMediaWiki 1.32.0http://en.zaoniao.it/index.php?title=SipHash&diff=6906&oldid=prevAdmin: Created page with "'''SipHash''' is an Add-Rotate-Xor (ARX) based family of pseudorandom functions created by Jean-Philippe Aumasson and Daniel J. B..."2019-07-16T09:29:47Z<p>Created page with "'''SipHash''' is an <a href="/index.php?title=Block_cipher&action=edit&redlink=1" class="new" title="Block cipher (page does not exist)">Add-Rotate-Xor</a> (ARX) based family of <a href="/index.php?title=Pseudorandom_function&action=edit&redlink=1" class="new" title="Pseudorandom function (page does not exist)">pseudorandom functions</a> created by <a href="/index.php?title=Jean-Philippe_Aumasson&action=edit&redlink=1" class="new" title="Jean-Philippe Aumasson (page does not exist)">Jean-Philippe Aumasson</a> and Daniel J. B..."</p>
<p><b>New page</b></p><div>'''SipHash''' is an [[block cipher#ARX_add-rotate-xor|Add-Rotate-Xor]] (ARX) based family of [[pseudorandom function]]s created by [[Jean-Philippe Aumasson]] and [[Daniel J. Bernstein]] in 2012, in response to a spate of "hash flooding" [[denial-of-service attack]]s in late 2011.<br />
<br />
Although designed for use as a [[hash function]] in the computer science sense, SipHash is fundamentally different from [[cryptographic hash functions]] like [[Secure Hash Algorithm|SHA]] in that it is only suitable as a [[message authentication code]]: a ''keyed'' hash function like [[HMAC]]. That is, SHA is designed so that it is difficult for an attacker to find two messages ''X'' and ''Y'' such that SHA(''X'') = SHA(''Y''), even though anyone may compute SHA(''X''). SipHash instead guarantees that, having seen ''X<sub>i</sub>'' and SipHash(''X<sub>i</sub>'', ''k''), an attacker who does not know the key ''k'' cannot find (any information about) ''k'' or SipHash(''Y'', ''k'') for any message ''Y'' ∉ {''X<sub>i</sub>''} which they have not seen before.<br />
<br />
==Overview==<br />
<br />
SipHash computes 64-bit [[message authentication code]] from a variable-length message and 128-bit secret key. It was designed to be efficient even for short inputs, with performance comparable to non-cryptographic hash functions, such as [[CityHash]], or to authenticate [[network packet]]s.<br />
<br />
An unkeyed hash function such as SHA is only collision-resistant if the entire output is used. If used to generate a ''small'' output, such as an index into a hash table of practical size, then no algorithm can prevent collisions; an attacker need only make as many attempts as there are possible outputs.<br />
<br />
For example, suppose a network server is designed to be able to handle up to a million requests at once. It keeps track of incoming requests in a hash table with two million entries, using a hash function to map identifying information from each request to one of the two million possible table entries. An attacker who knows the hash function need only feed it arbitrary inputs; one out of two million will have a specific hash value. If the attacker now sends a few hundred requests all chosen to have the ''same'' hash value to the server, that will produce a large number of hash collisions, slowing (or possibly stopping) the server with an effect similar to a [[Denial-of-service attack#Application-layer floods|packet flood]] of many million requests.<br />
<br />
By using a key unknown to the attacker, a keyed hash function like SipHash prevents this sort of attack. While it is possible to add a key to an unkeyed hash function ([[HMAC]] is a popular technique), SipHash is much more efficient.<br />
<br />
Functions in SipHash family are specified as SipHash-''c''-''d'', where ''c'' is the number of rounds per message block and ''d'' is the number of finalization rounds. The recommended parameters are SipHash-2-4 for best performance, and SipHash-4-8 for conservative security.<br />
<br />
The [[reference implementation]] was released as [[public domain software]] under the [[CC0]].<br />
<br />
==Usage==<br />
<br />
SipHash is used in '''[[hash table]] implementations''' of various software:<br />
* [[Perl]] (available as compile-time option)<br />
* [[Python (programming language)|Python]] (starting in version 3.4)<br />
* [[Ruby (programming language)|Ruby]]<br />
* [[Rust (programming language)|Rust]] <br />
* [[systemd]] <br />
* [[OpenDNS]]<br />
* [[Haskell (programming language)|Haskell]]<br />
* [[OpenBSD]]<br />
<br />
'''Native Implementations'''<br />
* [https://github.com/bloomberg/bde/blob/master/groups/bsl/bslh/bslh_siphashalgorithm.h C++]<br />
* [https://github.com/jedisct1/rust-siphash Rust]<br />
* [[Crypto++]]<br />
* [https://github.com/paya-cz/siphash C#]<br />
* [https://gist.github.com/ar-nelson/12bd5ea968c145045200 Haskell]<br />
* [https://github.com/jedisct1/siphash-js JavaScript]<br />
* [https://github.com/pemb/siphash VHDL]<br />
* [https://godoc.org/github.com/dchest/siphash Go]<br />
<br />
==See also==<br />
* [[Cryptographic hash function]]<br />
* [[Hash function]]<br />
* [[Message authentication code]]<br />
* [[List of hash functions]]<br />
<br />
==Source==<br />
<br />
[http://wikipedia.org/ http://wikipedia.org/]<br />
<br />
[[Category:Software]]<br />
[[Category:Cryptography]]</div>Admin