Short-input hashing

Example

1
#define SHORT_DATA ((const unsigned char *) "Sparkling water")
2
#define SHORT_DATA_LEN 15
3
4
unsigned char hash[crypto_shorthash_BYTES];
5
unsigned char key[crypto_shorthash_KEYBYTES];
6
7
crypto_shorthash_keygen(key);
8
crypto_shorthash(hash, SHORT_DATA, SHORT_DATA_LEN, key);
Copied!

Purpose

Many applications and programming language implementations were recently found to be vulnerable to denial-of-service attacks when a hash function with weak security guarantees, such as Murmurhash 3, was used to construct a hash table.
In order to address this, Sodium provides the crypto_shorthash() function, which outputs short but unpredictable (without knowing the secret key) values suitable for picking a list in a hash table for a given key.
This function is optimized for short inputs.
The output of this function is only 64 bits. Therefore, it should not be considered collision-resistant.
Use cases:
    Hash tables
    Probabilistic data structures such as Bloom filters
    Integrity checking in interactive protocols

Usage

1
int crypto_shorthash(unsigned char *out, const unsigned char *in,
2
unsigned long long inlen, const unsigned char *k);
Copied!
Compute a fixed-size (crypto_shorthash_BYTES bytes) fingerprint for the message in whose length is inlen bytes, using the key k.
The k is crypto_shorthash_KEYBYTES bytes and can be created using crypto_shorthash_keygen().
The same message hashed with the same key will always produce the same output.

Constants

    crypto_shorthash_BYTES
    crypto_shorthash_KEYBYTES

Algorithm details

SipHash-2-4

Notes

    The key has to remain secret. This function will not provide any mitigations against DoS attacks if the key is known from attackers.
    When building hash tables, it is recommended to use a prime number for the table size. This ensures that all bits from the output of the hash function are being used. Mapping the range of the hash function to [0..N) can be done efficiently without modulo reduction.
    libsodium >= 1.0.12 also implements a variant of SipHash with the same key size but a 128-bit output, accessible as crypto_shorthash_siphashx24().
Last modified 9d ago