SipHash is an Add-Rotate-Xor (ARX) based family of pseudorandom created by Jean-Philippe Aumasson and Daniel J. Bernstein in 2012, [1] in a spoof of “hash flooding” denial-of-service attacks in Late 2011. [2]

Although designed for use as a hash function in the computer science sense, SipHash is fundamentally different from cryptographic hash functions like SHM in which it is only suitable as a message authentication code : a keyed hash function like HMAC . That is, SHA is designed so That It is difficulty for an attacker to find two messages X and Y Such That SHA ( X ) = SHA ( Y ), Even Though anyone May compute SHA ( X ). SipHash instead guarantees that, having seen i and SipHash ( i , k ),


SipHash computes 64-bit message authentication code from a variable-length message and 128-bit secret key. It was designed to be efficient even for short inputs, with comparable performance to non-cryptographic hash functions, such as CityHash , [1] thus can be used to prevent denial-of-service attacks against hash tables (“hash flooding” [3] or to authenticate network packets .

An unkeyed hash function such as SHA is only collision-resistant if the entire output is used. If used to generate a small output, then no algorithm can prevent collisions; An attacker need only make as many as possible.

For example, assume a network server is designed to be able to handle up to a million requests at once. It keeps track of incoming requests in a hash table with two million entries, using a hash function to map. An attacker who knows the hash function arbitrary inputs; One out of two million will have a specific hash value. If the attacker now Sends A Few hundred requests all Chosen to avez la même hash value to the server, That will Produce a wide number of hash collisions Slowing (gold Possibly stopping) the server with an effect similar to a packet flood of Many million requests. [4]

By using a key to the attacker, a keyed hash function like SipHash prevents this sort of attack. While it is feasible to add a key year to hash unkeyed function ( HMAC is a popular technical) SipHash is much more efficient.

Functions in SipHash family are specified as SipHash- c – d , Where c is the number of rounds per message block and d is the number of rounds finalization. The recommended parameters are SipHash-2-4 for best performance, and SipHash-4-8 for conservative security.

The reference implementation was released as public domain software under CC0 . [5]


SipHash is used in hash table implementations of various software: [6]

  • Perl (available as compile-time option) [7]
  • Python (starting in version 3.4) [8]
  • Ruby
  • Rust [9]
  • Systemd [10]
  • OpenDNS
  • Haskell
  • OpenBSD

Native Implementations

  • C ++
  • Rust
  • Crypto ++
  • C #
  • Haskell
  • JavaScript
  • VHDL
  • Go

See also

  • Cryptographic hash function
  • Hash function
  • Message authentication code
  • List of hash functions


  1. ^ Jump up to:b Jean-Philippe Aumasson & Daniel J. Bernstein (2012-09-18). “SipHash: a fast short-input PRF” (PDF) .
  2. Jump up^ Lennon, Mike (2011-12-28). “Hash Table Vulnerability Enables Wide-Scale DDoS Attacks” . SecurityWeek .
  3. Jump up^ Aumasson, Jean-Philippe; Bernstein, Daniel J .; Boßlet, Martin (2012-11-08). Hash-flooding DoS reloaded: attacks and defenses (PDF) . Application Security Forum – Western Switzerland 2012 .
  4. Jump up^ Crosby, Scott A .; Wallach, Dan S. (2003-08-06). Denial of Service via Algorithmic Complexity Attacks . Usenix Security Symposium . Washington, DC
  5. Jump up^ “SipHash: a fast short-input PRF” . 2016-08-01 . Retrieved 2017-01-21 . Intellectual property: We are not aware of any patents or patent applications related to SipHash, and we are not planning to apply for any. The reference code of SipHash is released under CC0 license, a public domain-like license.
  6. Jump up^ Jean-Philippe Aumasson; Daniel J. Bernstein (2016-08-01). “SipHash: a fast short-input PRF, Users” . Retrieved 2017-01-21.
  7. Jump up^ “Perl security – Algorithmic Complexity Attacks” . 2016-05-16 . Retrieved 2017-01-21 .
  8. Jump up^ Christian Heimes (2013-09-27). “PEP 456 – Secure and interchangeable hash algorithm” . Retrieved 2017-01-21 .
  9. Jump up^ Graydon Hoare (2012-07-24). “Add core :: hash containing SipHash-2-4 implementation. Re: # 1616 and # 859” . Retrieved 2017-01-21 .
  10. Jump up^ Lennart Poettering (2013-12-22). “Shared: switch to have SipHash table implementation over to” . Retrieved 2017-01-21 .

Leave a Reply

Your email address will not be published. Required fields are marked *