BLAKE (hash function)

BLAKE
developer	Jean-Philippe Aumasson, Luca Henzen, Willi Meier, Raphael C.-W. Phan
Released	2010 (latest version)
Derived from	Cha Cha
Certification	SHA-3 finalist
Length of the hash value (bit)	224, 256, 384, 512
construction	HAIFA construction
Round	14 (BLAKE-224, BLAKE-256) ; 16 (BLAKE-384, BLAKE-512)
Best known cryptanalysis
	Boomerang attack by Biryukov, Nicolic and Roy 2011 on 8 rounds of BLAKE-256 with a complexity of 2 232 (for BLAKE2 only on 5.5 rounds)

BLAKE is a cryptographic hash function that was developed in 2008 by Jean-Philippe Aumasson, Luca Henzen, Willi Meier and Raphael C.-W. Phan was developed. BLAKE was one of the finalists in the NIST SHA-3 selection process .

structure

For the SHA-3 method, BLAKE supports hash values of 224, 256, 384 and 512 bits. BLAKE works on a data block of 16 words of 32 bits each (for the hash lengths 224 and 256 bits) or 64 bits (for the larger hash lengths). The first variant is referred to as BLAKE-256, the second as BLAKE-512. BLAKE corresponds to the HAIFA structure presented in 2007 .

The message is a message ending status and length of the expanded and divided into blocks of 512 or 1024 bits, which are processed sequentially. The concatenation value (hash from the already processed message blocks, at the beginning a constant initialization vector) is half as long as a data block. To process a message block, the concatenation value is first expanded to the data block size with optional salt and a counter that counts the processed message bits. The counter does not process the message blocks in exactly the same way, according to the HAIFA scheme.

Then the values of the data block are permuted and the message block is incorporated. This corresponds to block encryption , with the message block serving as the key. The round function used is based on the ChaCha stream cipher , a further development of Salsa20 . It uses additions, XOR operations and rotations of a data word with a constant rotation range. During the SHA-3 selection process, the number of rounds for BLAKE-256 was increased from 10 to 14 and for BLAKE-512 from 14 to 16 rounds in order to increase the safety margin.

After the permutation, the data block is compressed to the concatenation value by XORing one half with the other, with the salt, if used, being incorporated again via XOR. After the last message block, the concatenation value (or part of it) is the hash value.

properties

BLAKE together with Skein had the best software performance in the SHA-3 procedure and was faster than SHA-2 in most cases. However, the algorithm had a much poorer hardware performance , especially compared to the winner Keccak .

safety

In the SHA-3 procedure, BLAKE was certified to have a high safety margin, and the algorithm is also considered to be well understood and intensively analyzed. In 2011, Alex Biryukov, Ivica Nikolic and Arnab Roy published an attack on 8 rounds of BLAKE-256, albeit with a complexity of ²²³² . The attack was taken into account in the selection process and represents the best cryptanalysis as of June 2015.

BLAKE2

In 2012 Jean-Philippe Aumasson, Samuel Neves, Zooko Wilcox-O'Hearn and Christian Winnerlein released BLAKE2 as a further development of BLAKE. BLAKE2 is primarily aimed at further improving performance with the same security properties and should be faster than SHA-1 , MD5 and MD4 on 64-bit platforms . In an initial analysis from 2013, the authors assume that security properties are similar to those of BLAKE. However, BLAKE2 proved to be more susceptible to some attack scenarios, but the best attack on BLAKE ( boomerang attack ) cannot simply be transferred to BLAKE2.

Web links

BLAKE website
BLAKE in SHA-3 Zoo English
BLAKE2 - fast secure hashing . The BLAKE2 website in English

Individual evidence

↑ Alex Biryukov, Ivica Nikolic, Arnab Roy: Boomerang Attacks on BLAKE-32. In: Fast Software Encryption. Springer Berlin Heidelberg 2011. pp. 218-237. ISBN 978-3-642-21701-2
↑ Jian Guo, Pierre Karpman, Ivica Nikolic, Lei Wang and Shuang Wu: Analysis of BLAKE2 . P. 4 (pdf).
↑ Eli Biham and Orr Dunkelman: A Framework for Iterative Hash Functions - HAIFA (pdf)
^ National Institute of Standards and Technology: Third-Round Report of the SHA-3 Cryptographic Hash Algorithm Competition . November 2010. p. 45. doi : 10.6028 / NIST.IR.7896
^ National Institute of Standards and Technology: Third-Round Report of the SHA-3 Cryptographic Hash Algorithm Competition . November 2010. p. 57. doi : 10.6028 / NIST.IR.7896
^ National Institute of Standards and Technology: Third-Round Report of the SHA-3 Cryptographic Hash Algorithm Competition . November 2010. p. 33. doi : 10.6028 / NIST.IR.7896
↑ Jian Guo, Pierre Karpman, Ivica Nikolic, Lei Wang and Shuang Wu: Analysis of BLAKE2 . P. 14 (pdf).

[1] Alex Biryukov, Ivica Nikolic, Arnab Roy: Boomerang Attacks on BLAKE-32. In: Fast Software Encryption. Springer Berlin Heidelberg 2011. pp. 218-237. ISBN 978-3-642-21701-2

[2] Jian Guo, Pierre Karpman, Ivica Nikolic, Lei Wang and Shuang Wu: Analysis of BLAKE2 . P. 4 (pdf).

[3] Eli Biham and Orr Dunkelman: A Framework for Iterative Hash Functions - HAIFA (pdf)

[4] National Institute of Standards and Technology: Third-Round Report of the SHA-3 Cryptographic Hash Algorithm Competition . November 2010. p. 45. doi : 10.6028 / NIST.IR.7896

[5] National Institute of Standards and Technology: Third-Round Report of the SHA-3 Cryptographic Hash Algorithm Competition . November 2010. p. 57. doi : 10.6028 / NIST.IR.7896

[6] National Institute of Standards and Technology: Third-Round Report of the SHA-3 Cryptographic Hash Algorithm Competition . November 2010. p. 33. doi : 10.6028 / NIST.IR.7896

[7] Jian Guo, Pierre Karpman, Ivica Nikolic, Lei Wang and Shuang Wu: Analysis of BLAKE2 . P. 14 (pdf).