Paper 2013/322

BLAKE2: simpler, smaller, fast as MD5

Jean-Philippe Aumasson, Samuel Neves, Zooko Wilcox-O'Hearn, and Christian Winnerlein

Abstract

We present the hash function BLAKE2, an improved version of the SHA-3 finalist BLAKE optimized for speed in software. Target applications include cloud storage, intrusion detection, or version control systems. BLAKE2 comes in two main flavors: BLAKE2b is optimized for 64-bit platforms, and BLAKE2s for smaller architectures. On 64-bit platforms, BLAKE2 is often faster than MD5, yet provides security similar to that of SHA-3: up to 256-bit collision resistance, immunity to length extension, indifferentiability from a random oracle, etc. We specify parallel versions BLAKE2bp and BLAKE2sp that are up to 4 and 8 times faster, by taking advantage of SIMD and/or multiple cores. BLAKE2 reduces the RAM requirements of BLAKE down to 168 bytes, making it smaller than any of the five SHA-3 finalists, and 32% smaller than BLAKE. Finally, BLAKE2 provides a comprehensive support for tree-hashing as well as keyed hashing (be it in sequential or tree mode).

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. appeared in ACNS 2013; see also https://blake2.net/
Keywords
hash functionstree hashing
Contact author(s)
jeanphilippe aumasson @ gmail com
History
2013-06-02: received
Short URL
https://ia.cr/2013/322
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2013/322,
      author = {Jean-Philippe Aumasson and Samuel Neves and Zooko Wilcox-O'Hearn and Christian Winnerlein},
      title = {BLAKE2: simpler, smaller, fast as MD5},
      howpublished = {Cryptology ePrint Archive, Paper 2013/322},
      year = {2013},
      note = {\url{https://eprint.iacr.org/2013/322}},
      url = {https://eprint.iacr.org/2013/322}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.