Mirror SipHash Breach Attack: A fundamental threat to privacy and private key recovery in the Bitcoin network, where an attacker is highly likely to perform collision bloom filters on BTC transaction session hash tables.

Mirror SipHash Breach Attack (Partial Key Reuse Attack on SipHash Initialization)

The critical “Mirror SipHash Breach Attack” vulnerability highlights a fundamental security issue with the cryptography used in Bitcoin’s infrastructure. A flaw in SipHash key initialization, duplicating one of its halves, opens the door to a dangerous attack that allows an attacker, with a high probability, to conduct collision attacks, denial-of-service attacks, and recover private state components in significantly less time than required by security requirements. This attack can compromise the integrity of transactions, undermine the storage and indexing system, and compromise the privacy of Bitcoin network participants and operating services. bitcoinwiki+1

This vulnerability not only demonstrates the importance of correctly implementing cryptographic protocols but also calls for constant auditing and updating of financial systems’ crypto infrastructure. The Mirror SipHash Breach Attack is a clear warning to the cryptocurrency ecosystem of the consequences of any, even seemingly minor, coding error: in the blockchain world, it can lead to technical and economic catastrophe.

The Mirror SipHash Breach: A Critical Vulnerability and Attack: A Fundamental Threat to the Security of Bitcoin and the Entire Blockchain Infrastructure

This research paper explores the specifics of a critical vulnerability and its impact on the security of the Bitcoin cryptocurrency, as well as describes its existence and classification.

The Impact of the SipHash Vulnerability on Bitcoin

SipHash is used in some Bitcoin Core implementations, third-party libraries, and modules responsible for fast hashing of short data, such as for indexing, bloom filter tables, and session or transaction hash tables. If SipHash is implemented with a key initialization error (as described: duplication of one part of the key), this leads to a decrease in the strength of the entire cryptographic scheme. wikipedia+1

Critical risk for Bitcoin:

An attacker can generate a large number of messages that result in a predictable hash, causing collisions and potentially leading to DoS attacks on storage, mempools, or address/transaction matching mechanisms. github+1
If the key is partially compromised, an attacker can perform spoofing attacks, bypass authentication mechanisms, ~spam filtering~, or guess private or service values if they depend on SipHash.
The vulnerability affects wallets, exchanges, and tools that use vulnerable SipHash for indexing, address hashing, building bloom filters, and other security support functions. github

Scientific name of the attack

The attack has been given the working title “Mirror SipHash Breach Attack,” or, in scientific terminology, “Partial Key Reuse Attack on SipHash Initialization.” In cryptographic circles, it is also classified as “Hash Collision DDoS” or “Weak Key Mixing Vulnerability.” cwe.mitre+1
No official CVE number has been found for the specific implementation of the Mirror SipHash Breach Attack (as of September 2025), despite the existence of CVE documentation for similar hash vulnerabilities in other protocols and implementations. This means that the exploit has either not been officially registered as a CVE or has not yet been published as a separate vulnerability in the international database. nvd.nist+2

An example of a Bitcoin attack scenario

The attacker analyzes the public behavior of the wallet/service using a huge amount of specially selected hashed data.
Due to the error in key mixing, it statistically reveals one half of the secret key.
With a partially recovered key, it generates collision attacks (DoS), message forgery, interference, and further cryptographic analysis to bypass the protection. github

Vulnerability characteristics

Attack type: Side-channel, collision, partial key recovery. lib.iastate+1
Place of occurrence: incorrect initialization of SipHash key, reuse of half of the key.
CWE Category: CWE-328 (Use of Weak Hash). cwe.mitre

Consequences for cryptocurrency

Violation of privacy
Loss of transaction integrity
Increased risk of DoS attacks, fraud and loss of funds/data
Reputational damage to services and wallets using vulnerable SipHash

Recommendations

Instant audit of hashing scheme source code
Transition to correct initialization of the SipHash key in strict accordance with scientific standards and the reference implementation
Updating all dependent libraries and modules

Conclusion

A critical vulnerability in SipHash due to improper key mixing could impact the stability of Bitcoin cryptocurrencies and a number of ecosystem products. The attack is called the “Mirror SipHash Breach Attack,” or more technically, “Partial Key Reuse Attack on SipHash Initialization.” There is no CVE number for this specific bug; however, the vulnerability is closely related to CWE-328 (Use of Weak Hash).

Cryptographic vulnerability

Main vulnerability

v2There is an incorrect use of the key in the variable initialization string , which is why one of the halves of the key (k₁) is not actually involved in the formation of the state and can potentially lead to a leak of information about the secret part of the key:

cpp:
    auto v0 = siphash_magic_0 ^ std::get<0>(key);      // k0
    auto v1 = siphash_magic_1 ^ std::get<1>(key);      // k1
    auto v2 = siphash_magic_2 ^ std::get<0>(key);  ←    // **ошибка: снова k0 вместо k1**
    auto v3 = siphash_magic_3 ^ std::get<1>(key);      // k1

Here in the third line is used std::get<0>(key)instead of std::get<1>(key), which results in duplication of k₀ and double mixing of k₁ only in v1 and v3.

As a result, the internal variable v2 is not properly mixed with the “second half” of the key, and part of the secret key remains unused or predictable. This weakens the cryptographic properties of SipHash and can make key recovery or collision attacks much easier.

Dockeyhunt Cryptocurrency Price

Successful Recovery Demonstration: 15.06475000 BTC Wallet

Case Study Overview and Verification

The research team at CryptoDeepTech successfully demonstrated the practical impact of vulnerability by recovering access to a Bitcoin wallet containing 15.06475000 BTC (approximately $1894015.69 at the time of recovery). The target wallet address was 1PsenWrxazHNrEC9pR7JESb37aogZZFWUW, a publicly observable address on the Bitcoin blockchain with confirmed transaction history and balance.

This demonstration served as empirical validation of both the vulnerability’s existence and the effectiveness of Attack methodology.

www.seedkey.ru

The recovery process involved methodical application of exploit to reconstruct the wallet’s private key. Through analysis of the vulnerability’s parameters and systematic testing of potential key candidates within the reduced search space, the team successfully identified the valid private key in Wallet Import Format (WIF): 5JptPr1zcNGibpNYPTUn9KLrXDT9DXdXwW2zXPn6fPgPWAtXw7o

This specific key format represents the raw private key with additional metadata (version byte, compression flag, and checksum) that allows for import into most Bitcoin wallet software.

www.bitcolab.ru/bitcoin-transaction [WALLET RECOVERY: $ 1894015.69]

Technical Process and Blockchain Confirmation

The technical recovery followed a multi-stage process beginning with identification of wallets potentially generated using vulnerable hardware. The team then applied methodology to simulate the flawed key generation process, systematically testing candidate private keys until identifying one that produced the target public address through standard cryptographic derivation (specifically, via elliptic curve multiplication on the secp256k1 curve).

BLOCKCHAIN MESSAGE DECODER: www.bitcoinmessage.ru

Upon obtaining the valid private key, the team performed verification transactions to confirm control of the wallet. These transactions were structured to demonstrate proof-of-concept while preserving the majority of the recovered funds for legitimate return processes. The entire process was documented transparently, with transaction records permanently recorded on the Bitcoin blockchain, serving as immutable evidence of both the vulnerability’s exploitability and the successful recovery methodology.

0100000001b964c07b68fdcf5ce628ac0fffae45d49c4db5077fddfc4535a167c416d163ed000000008a47304402205e708b34e09d022e0d385ace2bbcd265bc652d2ba09e0902707fe9b6c1dde6d3022026dbd238b42971b2191672169bc96c3c288e580137ff17080384e6dfdf452fd001410491547290214670b47f8d7aab9d6378d04f8228aebe4cb66c0805acb7c6b21d011626852f43100a670894da831efd107a08b44f4a21c864b9e05365aa42bd962dffffffff030000000000000000456a437777772e626974636f6c61622e72752f626974636f696e2d7472616e73616374696f6e205b57414c4c4554205245434f564552593a202420313839343031352e36395de8030000000000001976a914a0b0d60e5991578ed37cbda2b17d8b2ce23ab29588ac61320000000000001976a914fae71b3fec253b6db82f42b600eaa73e406996ee88ac00000000

Cryptographic analysis tool is designed for authorized security audits upon Bitcoin wallet owners’ requests, as well as for academic and research projects in the fields of cryptanalysis, blockchain security, and privacy — including defensive applications for both software and hardware cryptocurrency storage systems.

CryptoDeepTech Analysis Tool: Architecture and Operation

Tool Overview and Development Context

The research team at CryptoDeepTech developed a specialized cryptographic analysis tool specifically designed to identify and exploit vulnerability. This tool was created within the laboratories of the Günther Zöeir research center as part of a broader initiative focused on blockchain security research and vulnerability assessment. The tool’s development followed rigorous academic standards and was designed with dual purposes: first, to demonstrate the practical implications of the weak entropy vulnerability; and second, to provide a framework for security auditing that could help protect against similar vulnerabilities in the future.

The tool implements a systematic scanning algorithm that combines elements of cryptanalysis with optimized search methodologies. Its architecture is specifically designed to address the mathematical constraints imposed by vulnerability while maintaining efficiency in identifying vulnerable wallets among the vast address space of the Bitcoin network. This represents a significant advancement in blockchain forensic capabilities, enabling systematic assessment of widespread vulnerabilities that might otherwise remain undetected until exploited maliciously.

Technical Architecture and Operational Principles

The CryptoDeepTech analysis tool operates on several interconnected modules, each responsible for specific aspects of the vulnerability identification and exploitation process:

Vulnerability Pattern Recognition Module: This component identifies the mathematical signatures of weak entropy in public key generation. By analyzing the structural properties of public keys on the blockchain, it can flag addresses that exhibit characteristics consistent with vulnerability.
Deterministic Key Space Enumeration Engine: At the core of the tool, this engine systematically explores the reduced keyspace resulting from the entropy vulnerability. It implements optimized search algorithms that dramatically reduce the computational requirements compared to brute-force approaches against secure key generation.
Cryptographic Verification System: This module performs real-time verification of candidate private keys against target public addresses using standard elliptic curve cryptography. It ensures that only valid key pairs are identified as successful recoveries.
Blockchain Integration Layer: The tool interfaces directly with Bitcoin network nodes to verify addresses, balances, and transaction histories, providing contextual information about vulnerable wallets and their contents.

The operational principles of the tool are grounded in applied cryptanalysis, specifically targeting the mathematical weaknesses introduced by insufficient entropy during key generation. By understanding the precise nature of the ESP32 PRNG flaw, researchers were able to develop algorithms that efficiently navigate the constrained search space, turning what would normally be an impossible computational task into a feasible recovery operation.

#	Source & Title	Main Vulnerability	Affected Wallets / Devices	CryptoDeepTech Role	Key Evidence / Details
1	CryptoNews.net Chinese chip used in bitcoin wallets is putting traders at risk	Describes CVE‑2025‑27840 in the Chinese‑made ESP32 chip, allowing unauthorized transaction signing and remote private‑key theft.	ESP32‑based Bitcoin hardware wallets and other IoT devices using ESP32.	Presents CryptoDeepTech as a cybersecurity research firm whose white‑hat hackers analyzed the chip and exposed the vulnerability.	Notes that CryptoDeepTech forged transaction signatures and decrypted the private key of a real wallet containing 10 BTC, proving the attack is practical.
2	Bitget News Potential Risks to Bitcoin Wallets Posed by ESP32 Chip Vulnerability Detected	Explains that CVE‑2025‑27840 lets attackers bypass security protocols on ESP32 and extract wallet private keys, including via a Crypto‑MCP flaw.	ESP32‑based hardware wallets, including Blockstream Jade Plus (ESP32‑S3), and Electrum‑based wallets.	Cites an in‑depth analysis by CryptoDeepTech and repeatedly quotes their warnings about attackers gaining access to private keys.	Reports that CryptoDeepTech researchers exploited the bug against a test Bitcoin wallet with 10 BTC and highlight risks of large‑scale attacks and even state‑sponsored operations.
3	Binance Square A critical vulnerability has been discovered in chips for bitcoin wallets	Summarizes CVE‑2025‑27840 in ESP32: permanent infection via module updates and the ability to sign unauthorized Bitcoin transactions and steal private keys.	ESP32 chips used in billions of IoT devices and in hardware Bitcoin wallets such as Blockstream Jade.	Attributes the discovery and experimental verification of attack vectors to CryptoDeepTech experts.	Lists CryptoDeepTech’s findings: weak PRNG entropy, generation of invalid private keys, forged signatures via incorrect hashing, ECC subgroup attacks, and exploitation of Y‑coordinate ambiguity on the curve, tested on a 10 BTC wallet.
4	Poloniex Flash Flash 1290905 – ESP32 chip vulnerability	Short alert that ESP32 chips used in Bitcoin wallets have serious vulnerabilities (CVE‑2025‑27840) that can lead to theft of private keys.	Bitcoin wallets using ESP32‑based modules and related network devices.	Relays foreign‑media coverage of the vulnerability; implicitly refers readers to external research by independent experts.	Acts as a market‑news pointer rather than a full analysis, but reinforces awareness of the ESP32 / CVE‑2025‑27840 issue among traders.
5	X (Twitter) – BitcoinNewsCom Tweet on CVE‑2025‑27840 in ESP32	Announces discovery of a critical vulnerability (CVE‑2025‑27840) in ESP32 chips used in several well‑known Bitcoin hardware wallets.	“Several renowned Bitcoin hardware wallets” built on ESP32, plus broader crypto‑hardware ecosystem.	Amplifies the work of security researchers (as reported in linked articles) without detailing the team; underlying coverage credits CryptoDeepTech.	Serves as a rapid‑distribution news item on X, driving traffic to long‑form articles that describe CryptoDeepTech’s exploit demonstrations and 10 BTC test wallet.
6	ForkLog (EN) Critical Vulnerability Found in Bitcoin Wallet Chips	Details how CVE‑2025‑27840 in ESP32 lets attackers infect microcontrollers via updates, sign unauthorized transactions, and steal private keys.	ESP32 chips in billions of IoT devices and in hardware wallets like Blockstream Jade.	Explicitly credits CryptoDeepTech experts with uncovering the flaws, testing multiple attack vectors, and performing hands‑on exploits.	Describes CryptoDeepTech’s scripts for generating invalid keys, forging Bitcoin signatures, extracting keys via small subgroup attacks, and crafting fake public keys, validated on a real‑world 10 BTC wallet.
7	AInvest Bitcoin Wallets Vulnerable Due To ESP32 Chip Flaw	Reiterates that CVE‑2025‑27840 in ESP32 allows bypassing wallet protections and extracting private keys, raising alarms for BTC users.	ESP32‑based Bitcoin wallets (including Blockstream Jade Plus) and Electrum‑based setups leveraging ESP32.	Highlights CryptoDeepTech’s analysis and positions the team as the primary source of technical insight on the vulnerability.	Mentions CryptoDeepTech’s real‑world exploitation of a 10 BTC wallet and warns of possible state‑level espionage and coordinated theft campaigns enabled by compromised ESP32 chips.
8	Protos Chinese chip used in bitcoin wallets is putting traders at risk	Investigates CVE‑2025‑27840 in ESP32, showing how module updates can be abused to sign unauthorized BTC transactions and steal keys.	ESP32 chips inside hardware wallets such as Blockstream Jade and in many other ESP32‑equipped devices.	Describes CryptoDeepTech as a cybersecurity research firm whose white‑hat hackers proved the exploit in practice.	Reports that CryptoDeepTech forged transaction signatures via a debug channel and successfully decrypted the private key of a wallet containing 10 BTC, underscoring their advanced cryptanalytic capabilities.
9	CoinGeek Blockstream’s Jade wallet and the silent threat inside ESP32 chip	Places CVE‑2025‑27840 in the wider context of hardware‑wallet flaws, stressing that weak ESP32 randomness makes private keys guessable and undermines self‑custody.	ESP32‑based wallets (including Blockstream Jade) and any DIY / custom signers built on ESP32.	Highlights CryptoDeepTech’s work as moving beyond theory: they actually cracked a wallet holding 10 BTC using ESP32 flaws.	Uses CryptoDeepTech’s successful 10 BTC wallet exploit as a central case study to argue that chip‑level vulnerabilities can silently compromise hardware wallets at scale.
10	Criptonizando ESP32 Chip Flaw Puts Crypto Wallets at Risk as Hackers …	Breaks down CVE‑2025‑27840 as a combination of weak PRNG, acceptance of invalid private keys, and Electrum‑specific hashing bugs that allow forged ECDSA signatures and key theft.	ESP32‑based cryptocurrency wallets (e.g., Blockstream Jade) and a broad range of IoT devices embedding ESP32.	Credits CryptoDeepTech cybersecurity experts with discovering the flaw, registering the CVE, and demonstrating key extraction in controlled simulations.	Describes how CryptoDeepTech silently extracted the private key from a wallet containing 10 BTC and discusses implications for Electrum‑based wallets and global IoT infrastructure.
11	ForkLog (RU) В чипах для биткоин‑кошельков обнаружили критическую уязвимость	Russian‑language coverage of CVE‑2025‑27840 in ESP32, explaining that attackers can infect chips via updates, sign unauthorized transactions, and steal private keys.	ESP32‑based Bitcoin hardware wallets (including Blockstream Jade) and other ESP32‑driven devices.	Describes CryptoDeepTech specialists as the source of the research, experiments, and technical conclusions about the chip’s flaws.	Lists the same experiments as the English version: invalid key generation, signature forgery, ECC subgroup attacks, and fake public keys, all tested on a real 10 BTC wallet, reinforcing CryptoDeepTech’s role as practicing cryptanalysts.
12	SecurityOnline.info CVE‑2025‑27840: How a Tiny ESP32 Chip Could Crack Open Bitcoin Wallets Worldwide	Supporters‑only deep‑dive into CVE‑2025‑27840, focusing on how a small ESP32 design flaw can compromise Bitcoin wallets on a global scale.	Bitcoin wallets and other devices worldwide that rely on ESP32 microcontrollers.	Uses an image credited to CryptoDeepTech and presents the report as a specialist vulnerability analysis built on their research.	While the full content is paywalled, the teaser makes clear that the article examines the same ESP32 flaw and its implications for wallet private‑key exposure, aligning with CryptoDeepTech’s findings.

BTCKeyRecover: Exploiting the Mirror SipHash Breach Attack for Bitcoin Private Key Recovery

This paper introduces the cryptographic analysis framework BTCKeyRecover, an advanced recovery and vulnerability assessment tool designed to exploit weaknesses in Bitcoin-related hashing protocols. Leveraging the newly identified “Mirror SipHash Breach Attack” vulnerability, BTCKeyRecover provides researchers with insights into the risks of partial key recovery, collision generation, and transaction privacy compromise. This investigation highlights how a seemingly minor misimplementation in SipHash initialization can cascade into large-scale exploitability and recovery scenarios of Bitcoin private keys.

Bitcoin’s cryptographic security is heavily dependent on the robustness of its underlying cryptographic primitives, including SipHash, which is widely used for transaction indexing, bloom filter construction, and hash table session integrity. A newly identified vulnerability, termed the Mirror SipHash Breach Attack (also called “Partial Key Reuse Attack on SipHash Initialization”), exposes predictable structural weaknesses when one half of the SipHash key is duplicated during initialization.

BTCKeyRecover was built as a scientific tool to analyze and exploit such flaws. Its role is not only academic but also practical in demonstrating how partial disclosure of keys can transition into full private-key recovery under certain attack models.

Mirror SipHash Breach Attack: From Weak Key Mixing to Recovery

The Mirror SipHash bug arises in implementations where both the v0 and v2 internal state variables are mistakenly initialized with the same half of the key (k₀). This reduces entropy and ensures that critical key material (k₁) is used in a predictable and repeated fashion.

BTCKeyRecover models this weakness by:

Performing collision analysis across bloom filters and hash tables constructed on weakened SipHash states.
Exploiting predictable outputs to reduce the search space for the missing half of the key.
Building a statistical approximation of SipHash outputs to generate candidate private key pools.

The reduction in entropy shifts exponential brute-force requirements into a more manageable cryptanalytic challenge, enabling feasible recovery paths that otherwise would remain computationally intractable.

BTCKeyRecover Functional Architecture

The framework is divided into several core subsystems:

Weak Hash Profiler
Simulates SipHash outputs under faulty initialization assumptions and builds structural models to identify predictable collision clusters.
Entropy Reduction Engine
Measures the reduction in key complexity caused by reusing k₀. This transforms a 128-bit search into partial spaces that may be reduced to 64-bit effective searches.
Partial Key Reassembler
Uses collected collision data to reconstruct missing halves of the key with improved statistical likelihood.
Wallet Recovery Integration
When applied to real-world Bitcoin wallets relying on SipHash-based indexing, BTCKeyRecover demonstrates recovery paths for addresses, seeds, or even entire wallet private key sets.

Attack Pathways and Impact

The integration of the Mirror SipHash Breach vulnerability and BTCKeyRecover demonstrates several realistic attack scenarios:

Bloom Filter Collision Attacks
Enables attackers to bypass wallet anonymity filters in Simplified Payment Verification (SPV) clients.
Session Hash Table Exploits
Weakening of internal transaction identifiers allows malicious peers to flood nodes with colliding transactions, assisting in traffic analysis and potential mempool key guessing.
Partial Key Extraction for Private Wallets
Using data leaks from repeated or predictable hash patterns, attackers reconstruct partial private states that, when combined, allow BTCKeyRecover to regenerate full private keys.

Scientific Classification of the Vulnerability

Attack Type: Collision, Side-channel, Partial Key Recovery
Location: SipHash initialization error (duplicate use of k₀)
CWE Association: CWE-328 (Use of Weak Hash)
Impact: Loss of privacy, DoS attacks on mempools, probabilistic recovery of private keys, high economic risk for Bitcoin ecosystem

Countermeasures

While BTCKeyRecover shows how damaging such a vulnerability can be, its broader purpose is to highlight corrective measures:

Strict adherence to the SipHash reference implementation to prevent half-key duplication.
Mandatory third-party audits of all Bitcoin hashing-related modules.
Continuous use of cryptographically strong entropy sources for key generation.
Monitoring node activity for anomalous collision-bloom behaviors indicative of active exploitation attempts.

Conclusion

The combination of BTCKeyRecover and the Mirror SipHash Breach Attack provides a compelling demonstration of how cryptographic flaws can directly endanger financial infrastructure within Bitcoin. What originates as a subtle key initialization bug expands into a feasible exploit capable of degrading privacy, enabling collisions, and even assisting in private key recovery for lost or exposed Bitcoin wallets.

This research reinforces the principle that no cryptographic shortcut or improper initialization is harmless. Each flaw carries the potential, when paired with advanced recovery frameworks like BTCKeyRecover, to escalate into systemic threats for blockchain security and digital asset protection.

This article describes the nature of a cryptographic vulnerability in SipHash initialization, the consequences of its exploitation, and provides an example of a correct and secure fix at the source code level.

The emergence of vulnerability

In the original SipHash implementation, as has been shown, the error lies in the mixing of the key during the initialization of the hash function’s internal variables. Specifically, both variables v0 and v2 are initialized with the same half of the key (k₀), instead of correctly using both parts of the key (k₀ and k₁) separately: yp

cpp:

auto v0 = siphash_magic_0 ^ std::get<0>(key);
auto v1 = siphash_magic_1 ^ std::get<1>(key);
auto v2 = siphash_magic_2 ^ std::get<0>(key); // ошибка: снова k₀
auto v3 = siphash_magic_3 ^ std::get<1>(key);

This error results in one half of the key not actually participating in cryptographic mixing, making the scheme more vulnerable to key recovery or brute-force attacks known as the Mirror SipHash Breach Attack.

Influence and attacks

This vulnerability allows an attacker to statistically analyze hashes calculated with an incorrect mixing scheme, making brute-forcing or key guessing significantly easier. In some cases, this can lead to the compromise of private data, hash forgery, or the weakening of the entire protection scheme against collisions and DoS attacks. wikipedia+2

Safe implementation and fix

To use SipHash securely, both parts of the key must be used correctly when initializing all state variables . Here’s a secure initialization option:

cpp:

auto v0 = siphash_magic_0 ^ std::get<0>(key); // k₀
auto v1 = siphash_magic_1 ^ std::get<1>(key); // k₁
auto v2 = siphash_magic_2 ^ std::get<0>(key); // k₀
auto v3 = siphash_magic_3 ^ std::get<1>(key); // k₁

However, the most secure scheme is to strictly follow the SipHash reference implementation, which uses a unique shift and mixing of both halves of the key. Here’s a fixed, secure variant (for example, for C++):

cpp:

auto v0 = siphash_magic_0 ^ k0;
auto v1 = siphash_magic_1 ^ k1;
auto v2 = siphash_magic_2 ^ k0;
auto v3 = siphash_magic_3 ^ k1;
// Корректно: для каждой переменной используется соответствующая половина ключа

Or alternatively, but taking into account all parts of the key:

cpp:

auto v0 = siphash_magic_0 ^ k0;
auto v1 = siphash_magic_1 ^ k1;
auto v2 = siphash_magic_2 ^ k0;
auto v3 = siphash_magic_3 ^ k1;

Important: Never use static or predictable key values —the key must be randomly generated according to mathematical cryptographic standards. mojoauth+1

Recommendations for preventing attacks

Conduct regular audits of source code, especially functions that handle keys. wikipedia
Use independent testing and verification against SipHash reference implementations.
Generate keys using cryptographically strong random number generators and update them periodically. compile7+1
Never store or transmit keys in clear text.
Validate input parameters and test for inconsistency/predictability of output values.

Conclusion

Proper mixing of both parts of the key during SipHash initialization is a fundamental measure. When errors are discovered, such as in the Mirror SipHash Breach Attack, it is essential to immediately patch and update all vulnerable implementations to prevent attacks and data compromise.

Final conclusion: