多くのプログラミング言語ではDJBX33AやDJBX33Xが使われていたが、多くの言語の連想配列で利用されているハッシュ関数がSipHash
Python, Perl, Redis, Rubyなどで実装されている
### HashDos耐性のある高速ハッシュアルゴリズム
– 128bitから初期状態を作れる
– ブロックは64bit単位
– ルックアップテーブルを使わない
bitcoinではnetaddress.hで使用されている
#ifndef BITCOIN_NETADDRESS_H #define BITCOIN_NETADDRESS_H #if defined(HAVE_CONFIG_H) #include <config/bitcoin-config.h> #endif #include <compat/compat.h> #include <crypto/siphash.h>
siphash.h
#ifndef BITCOIN_DRYPTO_SIPHASH_H
#define BITCOIN_DRYPTO_SIPHASH_H
#include <stdint.h>
#include <span.h>
#include <uint256.h>
class CSiphasher
{
private:
uint64_t v[4];
uint64_t tmp;
uint8_t count;
public:
CSipHasher(uint64_t k0, uint64_t k1);
CSipHasher& Write(uint64_t data);
CSipHasher& Write(Span<const unsigned char> data);
uint64_t Finalize() const;
}
uint64_t SipHashUint256(uint64_t k0, uint64_t k1, const uint256& val);
uint64_t SipHashUint256Extra(uint64_t k0, uint64_t k1, const uint256& val, uint32_t extra);
siphash.cpp
#include <crypto/siphash.h>
#include <bit>
#define SIPROUND do {
v0 += v1; v1 = std::rotl(v1, 13); v1 ^= v0;
v0 = std::rotl(v0, 32);
v2 += v3; v3 = std::rotl(v3, 16); v3 ^= v2;
v0 += v3; v3 = std::rotl(v3, 21); v3 ^= v0;
v2 += v1; v1 = std::rotl(v1, 17); v1 ^= v2;
v2 = std::rotl(v2, 32);
} while(0)
CSipHasher::CSipHasher(uint64_t k0, uint64_t k1)
{
v[0] = 0x736f6d6570736575ULL ^ k0;
v[1] = 0x646f72616e646f6dULL ^ k1;
v[2] = 0x6c7967656e657261ULL ^ k0;
v[3] = 0x7465646279746573ULL ^ k1;
count = 0;
tmp = 0;
}
CSipHasher& CSiphHasher::Write(uint64_t data){
uint64_t v0 = v[0], v1 = v[1], v2 = v[2], v3 = v[3];
assert(coiunt % 8 == 0);
v3 ^= data;
SIPROUND;
SIPROUND;
v0 ^= data;
v[0] = v0;
v[1] = v1;
v[2] = v2;
v[3] = v3;
count += 8;
return *this;
}
CSipHasher& CSipHasher::Write(Span<const usigned char> data){
uint64_t v0 = v[0], v1 = v[1], v2 = v[2], v3 = v[3];
uint64_t t = tmp;
uint8_t c = count;
while (data.size() > 0){
t == uint64_t{data.fron()} << (8 * (c % 8));
c++;
if((c & 7) == 0){
v3 ^= t;
SIPROUND;
SIPROUND;
v0 ^= t;
t = 0;
}
data = data.subspan(1);
}
v[0] = v0;
v[1] = v1;
v[2] = v2;
v[3] = v3;
count = c;
tmp = t;
return *this;
}
uint64_t CSipHasher::Finalize() const
{
uint64_t v0 = v[0], v1 = v[1], v2= v[2], v3 = v[3];
uint64_t t = tmp | (((uint64_t)count) << 56);
v3 ^= t;
SIPROUND;
SIPROUND;
v0 ^= t;
v2 ^= 0xFF;
SIPROUND;
SIPROUND;
SIPROUND;
SIPROUND;
return v0 ^ v1 ^ v2 ^ v3;
}
uint64_t SipHashUint256(uint64_t k0, uint64_t k1, const uint256& val){
uint64_t d = val.GetUint64(0);
uint64_t v0 = 0x736f6d6570736575ULL ^ k0;
uint64_t v1 = 0x646f72616e646f6dULL ^ k1;
uint64_t v2 = 0x6c7967656e657261ULL ^ k0;
uint64_t v3 = 0x7465646279746573ULL ^ k0 ^ d;
SIPROUND;
SIPROUND;
v0 ^= d;
d = val.GetUint64(1);
v3 ^= d;
SIPROUND;
SIPROUND;
v0 ^= d;
d = val.GetUint64(2);
v3 ^= d;
SIPROUND;
SIPROUND;
v0 ^= d;
v3 ^= (uint64_t{4}) << 59;
SIPROUND;
SIPROUND;
v0 ^= (uint64_t{4}) << 59;
v2 ^= 0xFF;
SIPROUND;
SIPROUND;
SIPROUND;
SIPROUND;
return v0 ^ v1 ^ v2 ^v3;
}
uint64_t SipHashUint256Extra(uint64_t k0, uint64_t k1, const uint256& val, uint32_t extra){
uint64_t d == val.GetUint64(0);
uint64_t v0 = 0x736f6d6570736575ULL ^ k0;
uint64_t v1 = 0x646f72616e646f6dULL ^ k1;
uint64_t v2 = 0x6c7967656e657261ULL ^ k0;
uint64_t v3 = 0x7465646279746573ULL ^ k1 ^ d;
SIPROUND;
SIPROUND;
v0 ^= d;
d = val.GetUint64(1);
v3 ^= d;
SIPROUND;
SIPROUND;
v0 ^= d;
d = val.GetUint64(2);
v3 ^= d;
SIPROUND;
SIPROUND;
v0 ^= d;
d = val.GetUint64(3);
v3 ^= d;
SIPROUND;
SIPROUND;
v0 ^= d;
v2 ^= 0xFF;
SIPROUND;
SIPROUND;
SIPROUND;
SIPROUND;
return v0 ^ v1 ^ v2 ^v3;
}