#jsDisabledContent { display:none; } My Account | Register | Help

BLAKE (hash function)

Article Id: WHEBN0030054589
Reproduction Date:

 Title: BLAKE (hash function) Author: World Heritage Encyclopedia Language: English Subject: Collection: Publisher: World Heritage Encyclopedia Publication Date:

BLAKE (hash function)

BLAKE and BLAKE2 are cryptographic hash functions.

It is based on Dan Bernstein's ChaCha stream cipher, but a permuted copy of the input block, XORed with some round constants, is added before each ChaCha round.

Like SHA-2, there are two variants differing in the word size. ChaCha operates on a 4×4 array of words. BLAKE repeatedly combines an 8-word hash value with 16 message words, truncating the ChaCha result to obtain the next hash value. BLAKE-256 and BLAKE-224 use 32-bit words and those output digest size are 256 bits and 224 bits, while BLAKE-512 and BLAKE-384 use 64-bit words and those output digest size are 512 bits and 384 bits

History

BLAKE was submitted to the NIST hash function competition by Jean-Philippe Aumasson, Luca Henzen, Willi Meier, and Raphael C.-W. Phan. In 2008, there were 51 entries. BLAKE made it to the final round consisting of five candidate but lost to Keccak in 2012, which was selected for the SHA-3 algorithm.

Algorithm

Like SHA-2, BLAKE comes in two variants: one that uses 32-bit words, used for computing hashes up to 256 bits long, and one that uses 64-bit words, used for computing hashes up to 512 bits long. The core block transformation combines 16 words of input with 16 working variables, but only 8 words (256 or 512 bits) are preserved between blocks.

It uses a table of 16 constant words (the leading 512 or 1024 bits of the fractional part of π), and a table of 10 16-element permutations:

```σ[0] =  0  1  2  3  4  5  6  7  8  9 10 11 12 13 14 15
σ[1] = 14 10  4  8  9 15 13  6  1 12  0  2 11  7  5  3
σ[2] = 11  8 12  0  5  2 15 13 10 14  3  6  7  1  9  4
σ[3] =  7  9  3  1 13 12 11 14  2  6  5 10  4  0 15  8
σ[4] =  9  0  5  7  2  4 10 15 14  1 11 12  6  8  3 13
σ[5] =  2 12  6 10  0 11  8  3  4 13  7  5 15 14  1  9
σ[6] = 12  5  1 15 14 13  4 10  0  7  6  3  9  2  8 11
σ[7] = 13 11  7 14 12  1  3  9  5  0 15  4  8  6  2 10
σ[8] =  6 15 14  9 11  3  0  8 12  2 13  7  1  4 10  5
σ[9] = 10  2  8  4  7  6  1  5 15 11  9 14  3 12 13  0
```

The core operation, equivalent to ChaCha's quarter round, operates on a 4-word column or diagonal combines with 2 words of message `m[]` and two constant words `c[]`. It is performed 8 times per full round:

```j ← σ[r%10][2×i]            // Index computations
k ← σ[r%10][2×i+1]
a ← a + b + (m[j] ⊕ c[k])   // Step 1 (with input)
d ← (d ⊕ a) >>> 16
c ← c + d                   // Step 2 (no input)
b ← (b ⊕ c) >>> 12
a ← a + b + (m[k] ⊕ c[j])   // Step 3 (with input)
d ← (d ⊕ a) >>> 8
c ← c + d                   // Step 4 (no input)
b ← (b ⊕ c) >>> 7
```

In the above, `r` is the round number (0–13), and `i` varies from 0 to 7.

The differences from the ChaCha quarter-round function are:

• The rotation directions have been reversed.

The 64-bit version (which does not exist in ChaCha) is identical, but the rotation amounts are 32, 25, 16 and 11, respectively, and the number of rounds is increased to 16.

Tweaks

Throughout the NIST hash function competition, entrants are permitted to "tweak" their algorithms to address issues that are discovered. Changes that have been made to BLAKE are:

• The number of rounds was increased from 10/14 to 14/16. This is to be more conservative about security while still being fast.

BLAKE hashes

```BLAKE-512("")
= A8CFBBD73726062DF0C6864DDA65DEFE58EF0CC52A5625090FA17601E1EECD1B
628E94F396AE402A00ACC9EAB77B4D4C2E852AAAA25A636D80AF3FC7913EF5B8
```
```BLAKE-512("The quick brown fox jumps over the lazy dog")
2D9CCF8DFB47ABBBE656E1B82FBC634BA42CE186E8DC5E1CE09A885D41F43451
```

BLAKE2

An improved version of BLAKE called BLAKE2 was announced in December 21, 2012. It was created by Jean-Philippe Aumasson, Samuel Neves, Zooko Wilcox-O'Hearn, and Christian Winnerlein with the goal to replace widely used, but broken MD5 and SHA-1 algorithms, with applicability in cloud storage, software distribution, host-based intrusion detection, digital forensics, and revision control tools.[1]

BLAKE2 removes addition of constants to message words from BLAKE round function, changes two rotation constants, simplifies padding, adds parameter block that is XOR'ed with initialization vectors, and reduces the number of rounds from 16 to 12 for BLAKE2b (successor of BLAKE-512), and from 14 to 10 for BLAKE2s (successor of BLAKE-256).

BLAKE2 supports keying, salting, personalization, and hash tree modes, and can output digests from 1 up to 64 bytes for BLAKE2b or up to 32 bytes for BLAKE2s. There are also parallel versions designed for increased performance on multi-core processors; BLAKE2bp (4-way parallel) and BLAKE2sp (8-way parallel).

BLAKE2 hashes

```BLAKE2b-512("")
= 786A02F742015903C6C6FD852552D272912F4740E15847618A86E217F71F5419
D25E1031AFEE585313896444934EB04B903A685B1448B755D56F701AFE9BE2CE
```
```BLAKE2b-512("The quick brown fox jumps over the lazy dog")
F82401CF7AA2E4CB1ECD90296E3F14CB5413F8ED77BE73045B13914CDCD6A918
```

BLAKE2 uses

RAR file archive format version 5 supports an optional 256-bit BLAKE2sp file checksum instead of the default 32-bit CRC32. It was implemented in WinRAR v5+. [2]

NeoScrypt, a password based key derivation function, employs BLAKE2s within its FastKDF component. [3]

References

1. ^ http://www.paritynews.com/security/item/525-blake2-an-alternative-to-sha-3-sha-2-and-md5-announced
2. ^ WinRAR Version Change List; RARsoft.
3. ^ Doering, John NeoScrypt, a Strong Memory Intensive Key Derivation Function, 2014, p. 3