Expand description
HashX-flavored SipHash implementation
We need SipHash to generate parts of HashX’s internal state: the initial register values for the hash program, and the stream of pseudorandom numbers used to generate the program itself. The fundamentals are as described in the SipHash paper, but much of the algorithm around the basic add-rotate-xor core has been modified:
-
Seeding: vanilla SipHash uses a nothing-up-my-sleeve constant to safely init 256 bits of internal state from 128 bits of user-supplied key data. The HashX implementation instead uses Blake2b to pre-process an arbitrary sized seed into a 512-bit pseudorandom value which is directly used to init the state of two SipHash instances.
-
The SipHash paper describes a compression function that includes a length indicator and padding, and supports variable length inputs. This is not needed, and HashX uses its own way of constructing a SipHash2,4 instance that takes a counter as input.
-
HashX also needs SipHash1,3 which it uses for a lightweight pseudorandom number stream internally. This variant isn’t typically used on its own or implemented in libraries. HashX also uses its own counter input construction method.
-
In addition to the SipHash1,3 and SipHash2,4 counter modes, HashX makes use of raw SipRounds while digesting a RegisterFile after the generated hash function completes.
SipHash is defined by Jean-Philippe Aumasson and Daniel J.Bernstein in their paper “SipHash: a fast short-input PRF” (2012).
Structs§
- SipState
- Internal state of one SipHash instance
Functions§
- siphash13_
ctr 🔒 - HashX’s flavor of SipHash1,3 counter mode with 64-bit output
- siphash24_
ctr 🔒 - HashX’s flavor of SipHash2,4 counter mode with 512-bit output