Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top

2014 | Book

Introduction Read chapter Read first chapter

The Hash Function BLAKE

Authors: Jean-Philippe Aumasson, Willi Meier, Raphael C.-W. Phan, Luca Henzen

Publisher: Springer Berlin Heidelberg

Book Series : Information Security and Cryptography

Part of: Springer Professional "Wirtschaft+Technik" , Springer Professional "Technik" , Springer Professional "Wirtschaft"

Login to get access
insite
SEARCH

About this book

This is a comprehensive description of the cryptographic hash function BLAKE, one of the five final contenders in the NIST SHA3 competition, and of BLAKE2, an improved version popular among developers. It describes how BLAKE was designed and why BLAKE2 was developed, and it offers guidelines on implementing and using BLAKE, with a focus on software implementation.

In the first two chapters, the authors offer a short introduction to cryptographic hashing, the SHA3 competition and BLAKE. They review applications of cryptographic hashing, they describe some basic notions such as security definitions and state-of-the-art collision search methods and they present SHA1, SHA2 and the SHA3 finalists. In the chapters that follow, the authors give a complete description of the four instances BLAKE-256, BLAKE-512, BLAKE-224 and BLAKE-384; they describe applications of BLAKE, including simple hashing with or without a salt and HMAC and PBKDF2 constructions; they review implementation techniques, from portable C and Python to AVR assembly and vectorized code using SIMD CPU instructions; they describe BLAKE’s properties with respect to hardware design for implementation in ASICs or FPGAs; they explain BLAKE's design rationale in detail, from NIST’s requirements to the choice of internal parameters; they summarize the known security properties of BLAKE and describe the best attacks on reduced or modified variants; and they present BLAKE2, the successor of BLAKE, starting with motivations and also covering its performance and security aspects. The book concludes with detailed test vectors, a reference portable C implementation of BLAKE, and a list of third-party software implementations of BLAKE and BLAKE2.

The book is oriented towards practice – engineering and craftsmanship – rather than theory. It is suitable for developers, engineers and security professionals engaged with BLAKE and cryptographic hashing in general and for applied cryptography researchers and students who need a consolidated reference and a detailed description of the design process, or guidelines on how to design a cryptographic algorithm.

Table of Contents

Frontmatter
Chapter 1. Introduction
Abstract
This introductory chapter presents cryptographic hash functions and their most common applications. It then describes the context of this book, namely NIST’s SHA3 competition, and presents a short review of BLAKE’s performance and unique properties.
Jean-Philippe Aumasson, Willi Meier, Raphael C.-W. Phan, Luca Henzen
Chapter 2. Preliminaries
Abstract
This chapter introduces the reader to cryptographic hash functions, starting with an informal review of the most common applications, from modification detection and digital signature to key update and timestamping. We then present slightly more formally the security notions associated with hash functions, discussing in particular what being “one-way” means (which is less simple than it sounds). Getting more technical, we review state-of-the-art generic collision search methods, and constructions of hash functions. Finally, we conclude with an overview of the SHA1 and SHA2 standards, as well as of the SHA3 finalists.
Jean-Philippe Aumasson, Willi Meier, Raphael C.-W. Phan, Luca Henzen
Chapter 3. Specification of BLAKE
Abstract
This chapter gives a complete specification of the hash function family BLAKE. It first describes the two main instances, BLAKE-256 and BLAKE-512, and then their variants BLAKE-224 and BLAKE-384. Finally, it describes the toy versions BLOKE, FLAKE, BLAZE, and BRAKE.
Jean-Philippe Aumasson, Willi Meier, Raphael C.-W. Phan, Luca Henzen
Chapter 4. Using BLAKE
Abstract
This chapter shows how BLAKE can be used in common hash-based cryptographic schemes. For each scheme, we provide a basic description and a concrete example showing how the data to be hashed is formed, as well as some intermediate values and the final result. Examples can be seen as detailed test vectors, and aim to be reproducible so that developers can check their implementations against various use cases. This chapter may be used as a set of test vectors, but does not aim to be an authoritative specification, let alone a recommendation, of the standard schemes considered.
Jean-Philippe Aumasson, Willi Meier, Raphael C.-W. Phan, Luca Henzen
Chapter 5. BLAKE in Software
Abstract
This chapter explains how to implement BLAKE on software platforms, from simplistic and portable C implementations to assembly for 8-bit AVR microcontrollers. We focus on the implementation of the compression function, as opposed to the operation mode, the latter being straightforward to implement and not performancecritical. Optimized C and assembly implementations of BLAKE for various platforms are included in the SUPERCOP software, available for download from the eBACS project [28]. Complete reference C implementations of BLAKE-256 and BLAKE-512 are given in Appendix B.
Jean-Philippe Aumasson, Willi Meier, Raphael C.-W. Phan, Luca Henzen
Chapter 6. BLAKE in Hardware
Abstract
This chapter analyzes the suitability of BLAKE for hardware implementation and surveys state-of-the-art architectures that cover a large portion of potential applications for ASIC and FPGA. Before entering into the specification of the various implementations, we introduce some basic notions of digital design and related characterization figures. The central part describes generic and application-specific architectures of BLAKE, while we conclude the chapter with a performance review of the most relevant implementation documented so far.
Jean-Philippe Aumasson, Willi Meier, Raphael C.-W. Phan, Luca Henzen
Chapter 7. Design Rationale
Abstract
We attempted to make design choices according to requirements derived from the identified needs of future SHA3 users, as in a typical engineering project. This chapter is structured as follows: Section 7.1 first summarizes the requirements defined by NIST in its call for proposals, from minimal acceptance criteria to strict security requirements.
Jean-Philippe Aumasson, Willi Meier, Raphael C.-W. Phan, Luca Henzen
Chapter 8. Security of BLAKE
Abstract
This chapter summarizes the security properties of BLAKE, as well as the attacks found on reduced or modified versions. First, we present a bottom-up analysis of the properties of BLAKE’s building blocks, necessary for the understanding of more advanced results. Then actual attacks on reduced versions of the hash function or of its components (compression function, permutation) are described. The focus is on differential cryptanalysis, the tool of choice for analyzing—and ultimately breaking—hash functions.
Jean-Philippe Aumasson, Willi Meier, Raphael C.-W. Phan, Luca Henzen
Chapter 9. BLAKE2
Abstract
BLAKE2 is a successor of BLAKE, designed in fall 2012—after Keccak was chosen as SHA3—by Jean-Philippe Aumasson, Samuel Neves, Zooko Wilcox-O’Hearn, and ChristianWinnerlein. (The project partly stems from Twitter discussions, where the authors are respectively @veorq, @sevenps, @zooko, and @codesinchaos.) BLAKE2 was engineered to leverage BLAKE’s high efficiency and security, and to optimize it for modern applications, with simplicity and usability as primary considerations.
Jean-Philippe Aumasson, Willi Meier, Raphael C.-W. Phan, Luca Henzen
Chapter 10. Conclusion
Abstract
It should be clear that, like all the other four SHA3 finalists, BLAKE and BLAKE2 are unlikely to be broken in a meaningful way—that is, in a way that allows an attacker to compromise the security of a system where they are used in a sound way. It is not excluded that one day someone will find, using sophisticated techniques, a “distinguisher” for the full permutation of BLAKE or of BLAKE2, but that would not affect its practical security.
Jean-Philippe Aumasson, Willi Meier, Raphael C.-W. Phan, Luca Henzen
Backmatter
Metadata
Title
The Hash Function BLAKE
Authors
Jean-Philippe Aumasson
Willi Meier
Raphael C.-W. Phan
Luca Henzen
Copyright Year
2014
Publisher
Springer Berlin Heidelberg
Electronic ISBN
978-3-662-44757-4
Print ISBN
978-3-662-44756-7
DOI
https://doi.org/10.1007/978-3-662-44757-4

Premium Partner

    Image Credits