SipHash, cryptographic hash library now available for Arduino (8bit)

I have finished a streaming SipHash library for Arduino.
It is available here (SipHash Library for Arduino)

From the Jean-Philippe Aumasson page

SipHash is a family of pseudorandom functions (a.k.a. keyed hash functions) optimized for speed on short messages
SipHash is secure, fast, and simple (for real):
SipHash is simpler and faster than previous cryptographic algorithms (e.g. MACs based on universal hashing)
SipHash is competitive in performance with insecure non-cryptographic algorithms (e.g. MurmurHash)

The library is small (~1200 bytes code and 42byte RAM) and fast and uses 128bit secret keys.

I will be using it to provide a per message MAC (Message authentication code - Wikipedia) for authentication and verification of pfod (www.pfod.com.au) messages to provide security against hackers taking control of my pfodDevice when I am accessing it over the internet.

See http://www.forward.com.au/pfod/secureChallengeResponse/index.html for the detailed design of the message security.

matthew

Does the key use only lower nibbles? Can I use higher nibble as well?
How long the message can be?

The key is 128bits i.e. 16 bytes, all bits are used. Upper and lower nibbles in each byte are used.
For security this key MUST BE RANDOM. See the "Generating the Password" section towards the bottom of http://www.forward.com.au/pfod/secureChallengeResponse/index.html for a method of getting 'random' keys

The message size in unlimited (by the SipHash)
you call SipHash.updateHash((byte)c); for each byte in the message.
SipHash internally accumulates 8 bytes and then adds them to the hash and then discards them.
In finalize() SipHash adds the msg length % 256. The code assigns one byte to keep this value and updates it each time updateHash() is called.

sample usage
// Define your 'secret' 16 byte key in program memory (flash memory)
unsigned char key[] PROGMEM = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f};
// to start hashing initialize with your key
SipHash.init(key);
// for each byte in the message call updateHash()
for (int i=0; i<msgLen;i++) {
SipHash.updateHash((byte)c); // update hash with each byte of msg
}
// at the end of the message call finalize to calculate the result
SipHash.finalize(); // finish
// the unsigned char[8] variable, SipHash.result, then contains the 8 bytes of the hash in BigEndian format

So it does not encrypt the message, just creates a hash, so when I send a message to my second arduino (B), the B creates the hash (based on the same secret key I have got) upon the message, the B sends me the hash back, and I may compare the B-hash with my hash I did for the same message before. When my compare of both hashes match, I know a) the B is my friend, b) the message has not been altered by somebody during the transport to the B. Is my understanding correct please?

Correct, the message is not encrypted (hidden).
BUT the hash lets you check
i) that the other party has the same secret key
ii) that the message has not be modified by some third party.

There are a few more details that need to be attended to
See http://www.forward.com.au/pfod/secureChallengeResponse/index.html for the detailed security design based on this (or some other) secure hash.
matthew

That could be used with optiboot when doing remote upload:
a) it confirms I did the upload to the proper device,
b) that nobody modified my sketch,
c) that upload has has been received properly..

could be used with optiboot

Hmm. "Could be used with a bootloader", I guess. Adding 800+ bytes of crypto code to a 500 byte bootloader would sort of do away with the "opti" designation.

Just checked the latest SipHash code and it appears to add about 1200 bytes in its current form (the 800 came from an eariler AVR studio code set)

Have updated the library to allow initialization from either a key in RAM or in PROGMEM

Hmm. "Could be used with a bootloader", I guess. Adding 800+ bytes of crypto code to a 500 byte bootloader would sort of do away with the "opti" designation.

Adding 1200bytes to a "standard bootloader" will do it a "gigauploader". So adding it to the optiboot it will still be "opti" :slight_smile:

1200 bytes in its current form (the 800 came from an eariler AVR studio code set)

Really? 50% code growth going from AVR Studio to Arduino? What happened?

rechecked the C code got
Program Memory Usage : 1032 bytes 12.6 % Full
Data Memory Usage : 44 bytes 8.6 % Full
found note that size was previously 920 so no idea what I was thinking when I wrote 800

I have added a Java version also here
http://www.forward.com.au/pfod/SipHashJavaLibrary/index.html

This Java version differs from the existing Java implementations in two ways

i) It gives the correct result for bytes whose leading bit is set (128-255)
ii) and is a streaming implementation

matthew