Paper 2014/722

Differential Cryptanalysis of SipHash

Christoph Dobraunig, Florian Mendel, and Martin Schläffer

Abstract

SipHash is an ARX based message authentication code developed by Aumasson and Bernstein. SipHash was designed to be fast on short messages. Already, a lot of implementations and applications for SipHash exist, whereas the cryptanalysis of SipHash lacks behind. In this paper, we provide the first published third-party cryptanalysis of SipHash regarding differential cryptanalysis. We use existing automatic tools to find differential characteristics for SipHash. To improve the quality of the results, we propose several extensions for these tools to find differential characteristics. For instance, to get a good probability estimation for differential characteristics in SipHash, we generalize the concepts presented by Mouha et al. and Velichkov et al. to calculate the probability of ARX functions. Our results are a characteristic for SipHash-2-4 with a probability of $2^{-236.3}$ and a distinguisher for the Finalization of SipHash-2-4 with practical complexity. Even though our results do not pose any threat to the security of SipHash-2-4, they significantly improve the results of the designers and give new insights in the security of SipHash-2-4.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. SAC 2014
Keywords
message authentication codeMACcryptanalysisdifferential cryptanalysisSipHashS-functionscyclic S-functions
Contact author(s)
christoph dobraunig @ iaik tugraz at
History
2014-09-16: received
Short URL
https://ia.cr/2014/722
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2014/722,
      author = {Christoph Dobraunig and Florian Mendel and Martin Schläffer},
      title = {Differential Cryptanalysis of SipHash},
      howpublished = {Cryptology ePrint Archive, Paper 2014/722},
      year = {2014},
      note = {\url{https://eprint.iacr.org/2014/722}},
      url = {https://eprint.iacr.org/2014/722}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.