Paper 2013/322
BLAKE2: simpler, smaller, fast as MD5
Jean-Philippe Aumasson, Samuel Neves, Zooko Wilcox-O'Hearn, and Christian Winnerlein
Abstract
We present the hash function BLAKE2, an improved version of the SHA-3 finalist BLAKE optimized for speed in software. Target applications include cloud storage, intrusion detection, or version control systems. BLAKE2 comes in two main flavors: BLAKE2b is optimized for 64-bit platforms, and BLAKE2s for smaller architectures. On 64-bit platforms, BLAKE2 is often faster than MD5, yet provides security similar to that of SHA-3: up to 256-bit collision resistance, immunity to length extension, indifferentiability from a random oracle, etc. We specify parallel versions BLAKE2bp and BLAKE2sp that are up to 4 and 8 times faster, by taking advantage of SIMD and/or multiple cores. BLAKE2 reduces the RAM requirements of BLAKE down to 168 bytes, making it smaller than any of the five SHA-3 finalists, and 32% smaller than BLAKE. Finally, BLAKE2 provides a comprehensive support for tree-hashing as well as keyed hashing (be it in sequential or tree mode).
Metadata
- Available format(s)
- Category
- Secret-key cryptography
- Publication info
- Published elsewhere. appeared in ACNS 2013; see also https://blake2.net/
- Keywords
- hash functionstree hashing
- Contact author(s)
- jeanphilippe aumasson @ gmail com
- History
- 2013-06-02: received
- Short URL
- https://ia.cr/2013/322
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2013/322, author = {Jean-Philippe Aumasson and Samuel Neves and Zooko Wilcox-O'Hearn and Christian Winnerlein}, title = {{BLAKE2}: simpler, smaller, fast as {MD5}}, howpublished = {Cryptology {ePrint} Archive, Paper 2013/322}, year = {2013}, url = {https://eprint.iacr.org/2013/322} }