Cryptology ePrint Archive: Report 2014/722

Differential Cryptanalysis of SipHash

Christoph Dobraunig and Florian Mendel and Martin Schläffer

Abstract: SipHash is an ARX based message authentication code developed by Aumasson and Bernstein. SipHash was designed to be fast on short messages. Already, a lot of implementations and applications for SipHash exist, whereas the cryptanalysis of SipHash lacks behind. In this paper, we provide the first published third-party cryptanalysis of SipHash regarding differential cryptanalysis. We use existing automatic tools to find differential characteristics for SipHash. To improve the quality of the results, we propose several extensions for these tools to find differential characteristics. For instance, to get a good probability estimation for differential characteristics in SipHash, we generalize the concepts presented by Mouha et al. and Velichkov et al. to calculate the probability of ARX functions. Our results are a characteristic for SipHash-2-4 with a probability of $2^{-236.3}$ and a distinguisher for the Finalization of SipHash-2-4 with practical complexity. Even though our results do not pose any threat to the security of SipHash-2-4, they significantly improve the results of the designers and give new insights in the security of SipHash-2-4.

Category / Keywords: secret-key cryptography / message authentication code, MAC, cryptanalysis, differential cryptanalysis, SipHash, S-functions, cyclic S-functions

Original Publication (in the same form): SAC 2014

Date: received 16 Sep 2014

Contact author: christoph dobraunig at iaik tugraz at

Available format(s): PDF | BibTeX Citation

Version: 20140916:161444 (All versions of this report)

Short URL: ia.cr/2014/722

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]