## Cryptology ePrint Archive: Report 2019/865

Cryptanalysis of Reduced-Round SipHash

Le He and Hongbo Yu

Abstract: SipHash is a family of ARX-based MAC algorithms optimized for short inputs. Already, a lot of implementations and applications for SipHash have been proposed, whereas the cryptanalysis of SipHash still lacks behind. In this paper, we study the property of truncated differential in SipHash and find out the output bits with the most imbalanced differential biases. Based on these results, we construct distinguishers with practical complexity $2^{10}$ for SipHash-2-1 and $2^{36}$ for SipHash-2-2. We further reveal the relations between the value of output bias and the difference after first modular addition step, which is directly determined by corresponding key bits. Making use of these relations, we propose a key recovery method for SipHash-2-1 with success rate increased from $2^{-128}$ to $2^{-41}$.

Category / Keywords: secret-key cryptography / SipHash, Distinguish attack, Key recovery, Truncated differential cryptanalysis