BLAKE (hash function)
Encyclopedia
BLAKE is a cryptographic hash function
submitted to the NIST hash function competition
by Jean-Philippe Aumasson, Luca Henzen, Willi Meier, and Raphael C.-W. Phan. It is based on Dan Bernstein's ChaCha stream cipher, but a permuted copy of the input block, XORed with some round constants, is added before each ChaCha round. BLAKE was chosen as one of the five finalists of the competition.
Like SHA-2
, there are two variants differing in the word size. ChaCha operates on a 4×4 array of words. BLAKE repeatedly combines an 8-word hash value with 16 message words, truncating the ChaCha result to obtain the next hash value. BLAKE-256 uses 32-bit words, while BLAKE-512 uses 64-bit words.
, BLAKE comes in two variants: one that uses 32-bit words, used for computing hashes up to 256 bits long, and one that uses 64-bit words, used for computing hashes up to 512 bits long. The core block transformation combines 16 words of input with 16 working variables, but only 8 words (256 or 512 bits) are preserved between blocks.
It uses a table of 16 constant words (the leading 512 or 1024 bits of the fractional part of π), and a table of 10 16-element permutations:
σ[0] = 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
σ[1] = 14 10 4 8 9 15 13 6 1 12 0 2 11 7 5 3
σ[2] = 11 8 12 0 5 2 15 13 10 14 3 6 7 1 9 4
σ[3] = 7 9 3 1 13 12 11 14 2 6 5 10 4 0 15 8
σ[4] = 9 0 5 7 2 4 10 15 14 1 11 12 6 8 3 13
σ[5] = 2 12 6 10 0 11 8 3 4 13 7 5 15 14 1 9
σ[6] = 12 5 1 15 14 13 4 10 0 7 6 3 9 2 8 11
σ[7] = 13 11 7 14 12 1 3 9 5 0 15 4 8 6 2 10
σ[8] = 6 15 14 9 11 3 0 8 12 2 13 7 1 4 10 5
σ[9] = 10 2 8 4 7 6 1 5 15 11 9 14 3 12 13 0
The core operation, equivalent to ChaCha's quarter round, operates on a 4-word column or diagonal combines with 2 words of message
j ← σ[r%10][2×i] // Index computations
k ← σ[r%10][2×i+1]
a ← a + b + (m[j] ⊕ c[k]) // Step 1 (with input)
d ← (d ⊕ a) >>> 16
c ← c + d // Step 2 (no input)
b ← (b ⊕ c) >>> 12
a ← a + b + (m[k] ⊕ c[j]) // Step 3 (with input)
d ← (d ⊕ a) >>> 8
c ← c + d // Step 4 (no input)
b ← (b ⊕ c) >>> 7
In the above,
The differences from the ChaCha quarter-round function are:
The 64-bit version (which does not exist in ChaCha) is identical, but the rotation amounts are 32, 25, 16 and 11, respectively, and the number of rounds is increased to 16.
= A8CFBBD73726062DF0C6864DDA65DEFE58EF0CC52A5625090FA17601E1EECD1B
628E94F396AE402A00ACC9EAB77B4D4C2E852AAAA25A636D80AF3FC7913EF5B8
BLAKE-512("The quick brown fox jumps over the lazy dog
")
= 1F7E26F63B6AD25A0896FD978FD050A1766391D2FD0471A77AFB975E5034B7AD
2D9CCF8DFB47ABBBE656E1B82FBC634BA42CE186E8DC5E1CE09A885D41F43451
Cryptographic hash function
A cryptographic hash function is a deterministic procedure that takes an arbitrary block of data and returns a fixed-size bit string, the hash value, such that an accidental or intentional change to the data will change the hash value...
submitted to the NIST hash function competition
NIST hash function competition
The NIST hash function competition is an open competition held by the US National Institute of Standards and Technology for a new SHA-3 function to replace the older SHA-1 and SHA-2, which was formally announced in the Federal Register on November 2, 2007...
by Jean-Philippe Aumasson, Luca Henzen, Willi Meier, and Raphael C.-W. Phan. It is based on Dan Bernstein's ChaCha stream cipher, but a permuted copy of the input block, XORed with some round constants, is added before each ChaCha round. BLAKE was chosen as one of the five finalists of the competition.
Like SHA-2
SHA-2
In cryptography, SHA-2 is a set of cryptographic hash functions designed by the National Security Agency and published in 2001 by the NIST as a U.S. Federal Information Processing Standard. SHA stands for Secure Hash Algorithm. SHA-2 includes a significant number of changes from its predecessor,...
, there are two variants differing in the word size. ChaCha operates on a 4×4 array of words. BLAKE repeatedly combines an 8-word hash value with 16 message words, truncating the ChaCha result to obtain the next hash value. BLAKE-256 uses 32-bit words, while BLAKE-512 uses 64-bit words.
Algorithm
Like SHA-2SHA-2
In cryptography, SHA-2 is a set of cryptographic hash functions designed by the National Security Agency and published in 2001 by the NIST as a U.S. Federal Information Processing Standard. SHA stands for Secure Hash Algorithm. SHA-2 includes a significant number of changes from its predecessor,...
, BLAKE comes in two variants: one that uses 32-bit words, used for computing hashes up to 256 bits long, and one that uses 64-bit words, used for computing hashes up to 512 bits long. The core block transformation combines 16 words of input with 16 working variables, but only 8 words (256 or 512 bits) are preserved between blocks.
It uses a table of 16 constant words (the leading 512 or 1024 bits of the fractional part of π), and a table of 10 16-element permutations:
σ[0] = 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
σ[1] = 14 10 4 8 9 15 13 6 1 12 0 2 11 7 5 3
σ[2] = 11 8 12 0 5 2 15 13 10 14 3 6 7 1 9 4
σ[3] = 7 9 3 1 13 12 11 14 2 6 5 10 4 0 15 8
σ[4] = 9 0 5 7 2 4 10 15 14 1 11 12 6 8 3 13
σ[5] = 2 12 6 10 0 11 8 3 4 13 7 5 15 14 1 9
σ[6] = 12 5 1 15 14 13 4 10 0 7 6 3 9 2 8 11
σ[7] = 13 11 7 14 12 1 3 9 5 0 15 4 8 6 2 10
σ[8] = 6 15 14 9 11 3 0 8 12 2 13 7 1 4 10 5
σ[9] = 10 2 8 4 7 6 1 5 15 11 9 14 3 12 13 0
The core operation, equivalent to ChaCha's quarter round, operates on a 4-word column or diagonal combines with 2 words of message
m[]
and two constant words c[]
. It is performed 8 times per full round:j ← σ[r%10][2×i] // Index computations
k ← σ[r%10][2×i+1]
a ← a + b + (m[j] ⊕ c[k]) // Step 1 (with input)
d ← (d ⊕ a) >>> 16
c ← c + d // Step 2 (no input)
b ← (b ⊕ c) >>> 12
a ← a + b + (m[k] ⊕ c[j]) // Step 3 (with input)
d ← (d ⊕ a) >>> 8
c ← c + d // Step 4 (no input)
b ← (b ⊕ c) >>> 7
In the above,
r
is the round number (0–13), and i
varies from 0 to 7.The differences from the ChaCha quarter-round function are:
- The addition of the message words has been added.
- The rotation directions have been reversed.
The 64-bit version (which does not exist in ChaCha) is identical, but the rotation amounts are 32, 25, 16 and 11, respectively, and the number of rounds is increased to 16.
Tweaks
Throughout the NIST hash function competition, entrants are permitted to "tweak" their algorithms to address issues that are discovered. Changes that have been made to BLAKE are:- The number of rounds was increased from 10/14 to 14/16. This is to be more conservative about security while still being fast.
BLAKE hashes
BLAKE-512("")= A8CFBBD73726062DF0C6864DDA65DEFE58EF0CC52A5625090FA17601E1EECD1B
628E94F396AE402A00ACC9EAB77B4D4C2E852AAAA25A636D80AF3FC7913EF5B8
BLAKE-512("The quick brown fox jumps over the lazy dog
The quick brown fox jumps over the lazy dog
"The quick brown fox jumps over the lazy dog" is an English-language pangram, that is, a phrase that contains all of the letters of the alphabet. It has been used to test typewriters and computer keyboards, and in other applications involving all of the letters in the English alphabet...
")
= 1F7E26F63B6AD25A0896FD978FD050A1766391D2FD0471A77AFB975E5034B7AD
2D9CCF8DFB47ABBBE656E1B82FBC634BA42CE186E8DC5E1CE09A885D41F43451