Paper 2014/722
Differential Cryptanalysis of SipHash
Christoph Dobraunig, Florian Mendel, and Martin Schläffer
Abstract
SipHash is an ARX based message authentication code developed by Aumasson and Bernstein. SipHash was designed to be fast on short messages. Already, a lot of implementations and applications for SipHash exist, whereas the cryptanalysis of SipHash lacks behind. In this paper, we provide the first published third-party cryptanalysis of SipHash regarding differential cryptanalysis. We use existing automatic tools to find differential characteristics for SipHash. To improve the quality of the results, we propose several extensions for these tools to find differential characteristics. For instance, to get a good probability estimation for differential characteristics in SipHash, we generalize the concepts presented by Mouha et al. and Velichkov et al. to calculate the probability of ARX functions. Our results are a characteristic for SipHash-2-4 with a probability of $2^{-236.3}$ and a distinguisher for the Finalization of SipHash-2-4 with practical complexity. Even though our results do not pose any threat to the security of SipHash-2-4, they significantly improve the results of the designers and give new insights in the security of SipHash-2-4.
Metadata
- Available format(s)
-
PDF
- Category
- Secret-key cryptography
- Publication info
- Published elsewhere. SAC 2014
- Keywords
- message authentication codeMACcryptanalysisdifferential cryptanalysisSipHashS-functionscyclic S-functions
- Contact author(s)
- christoph dobraunig @ iaik tugraz at
- History
- 2014-09-16: received
- Short URL
- https://ia.cr/2014/722
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2014/722,
author = {Christoph Dobraunig and Florian Mendel and Martin Schläffer},
title = {Differential Cryptanalysis of {SipHash}},
howpublished = {Cryptology {ePrint} Archive, Paper 2014/722},
year = {2014},
url = {https://eprint.iacr.org/2014/722}
}
