This project has moved and is read-only. For the latest updates, please go here.


(see for the previous depreciated version, development on that old version has halted)

This project encompasses a cryptographic hash function that was in consideration for NIST's SHA-3 competition. It advanced to Round 3 as of the latest release of this project (the winning algorithm was not Skein, see the NIST link below for details). At its core, it uses the ThreeFish block cipher, which is described in the same paper as Skein. This implementation exposes the ThreeFish transformation functions for purposes of research and testing and can be used for encryption. There is a set of byte-centric functions and 64-bit-word-centric functions for use with ThreeFish. Initial community testing of the algorithm's core looks promising.

This implementation, as submitted, follows standard 1.3 of the Skein paper (as of October 2010). This is Visual Studio 2010 oriented with a much more modular approach than my previous attempt. Use of the code in previous versions of Visual Studio are possible only if they support .NET 4, but will require manually adding the code files to a new project. There is no LINQ code in the project but there is a requirement for .NET 4 due to the Optional Parameters that are being taken advantage of in this release. This GREATLY reduces the need for overloaded functions.

A PRNG (Pseudo-random Number Generator) is also implemented, but that is a little vague in the white paper, so this needs more work and guidance. A few other PRNG projects have sprung up in Python and other languages around (see link below). NOTE: I have not had the chance to test the results of this project against theirs, and would welcome a chance to do so. Anyone downloading this project should understand that the basic hashing, keyed hashing, and certain other functions that have examples in the Known Answer Tests (KATs) provided to NIST by the developers are working according to the paper, but the RNG/PRNG functions have no concrete examples from the developers, so they are "untested" as such.

See the new repository on GitHub as Microsoft is shuttering CodePlex permanently in late 2017

April 11th 2013, code clean up and documentation clean up. This is the last major editing that I will be doing on this code for a while. This should be good enough and stable for public consumption. Since SHA-3 was awarded to Keccak at the close of the competition, I don't have real need to develop this further, barring any bug reports.

June 17th 2011, much improved performance gained by moving core ThreeFish functions to separate DLL. This means Skein uses 2 DLL's now, but ILMERGE can put them together if this is an issue with anyone. See the check-in for details

  • Bruce Schneier's site where he and his team first released Skein.
  • Home site of Skein and a spring-board for information not made available here.
This is also one of the first places to look for updates to the core algorithm and any papers or attacks published surrounding Skein.
  • Information regarding NIST's SHA-3 Competition (Skein did not win the competition, but was one of the top 5 finalists in the last round before the winner was chosen, this speaks highly to its overall performance)

The skein_golden_kat_internals.txt file indicates a series of "known answer tests" as part of the NIST submission package. Use these for testing the outputs against the standard for basic hashing, tree hashing (implemented but not multi-threaded as of yet), and keyed hashing. A testing program that does a very cursory check on the basic functionality is included with the KATs file parsed out into individual tests against which the code can be run. In the old project, this was in VB; in the new project, everything is C Sharp. The updated white paper is also included in the project.

Because the original developers released the algorithm and process into the public domain, I am releasing this code as well. Check the License tab above for details on what restrictions CodePlex places on code posted here. As for myself and the development team (per the specification), you are free to do what you will assuming your country of residence has no specific legal restrictions.

This hash function itself is still undergoing some peer review, but this has tapered off since the close of the SHA-3 competition. The cryptanalysis that has been completed against the algorithm shows that the algorithm holds up well, but this is still a young algorithm. The version 1.3 tweaked a constant to strengthen the algorithm against rebound attacks. See the sites above for blog entries and published papers on this new tweak. This tweak is included in the most revision of the white paper with their reasoning behind it.

This implementation has been tested against the Known Answer Tests (KATs) in a very simple manor. The PRNG and RNG functions are my own concept as to how I think they should be developed since the white papers were a little non-specific in that area, and there are no KATs for those (NIST didn't require them).

Last edited Apr 21 at 7:05 PM by dsparksColossus, version 14