Paper 2019/865

Cryptanalysis of Reduced-Round SipHash

Le He and Hongbo Yu

Abstract

SipHash is a family of ARX-based MAC algorithms optimized for short inputs. Already, a lot of implementations and applications for SipHash have been proposed, whereas the cryptanalysis of SipHash still lags behind. In this paper, we study the property of truncated differential in SipHash and find out the output bits with the most imbalanced differential biases. Making use of these results, we construct distinguishers with practical complexity $2^{10}$ for SipHash-2-1 and $2^{36}$ for SipHash-2-2. We further reveal the relations between the value of output bias and the difference after first modular addition step, which is directly determined by corresponding key bits. Based on these relations, we propose a key recovery method for SipHash-2-1 that can obtain a nonuniform distribution of the 128-bit key through several bias tests. It is found that the highest probability can reach $2^{-41}$ and the nonuniform distribution can lead to a $2^{29}$ gain of search cost in average.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
SipHashDistinguish attackKey recoveryTruncated differential cryptanalysis
Contact author(s)
he-l17 @ mails tsinghua edu cn
History
2019-12-24: revised
2019-07-25: received
See all versions
Short URL
https://ia.cr/2019/865
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2019/865,
      author = {Le He and Hongbo Yu},
      title = {Cryptanalysis of Reduced-Round SipHash},
      howpublished = {Cryptology ePrint Archive, Paper 2019/865},
      year = {2019},
      note = {\url{https://eprint.iacr.org/2019/865}},
      url = {https://eprint.iacr.org/2019/865}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.