The Hash Function BLAKE

A book by Jean-Philippe Aumasson, Willi Meier, Raphael C.-W. Phan, Luca Henzen
Foreword by Daniel J. Bernstein

January 2015

ISBN 978-3-662-44756-7


Amazon | Barnes & Noble | Springer | Waterstones

eBook: Springer Link


"Very rarely do cryptographers focus on the bigger picture of their work: namely, how their systems and ciphers relate to the real world. In this book, J.P. Aumasson describes an innovative, state-of-the art hash function, while still making his work relatable to both the engineering and mathematical sciences.

The approach taken to writing The Hash Function BLAKE is the approach necessary to reverse the isolation of cryptography as a science, by connecting it to programmers, engineers, and designers of both hardware and software. By coupling this practical style with a thorough mathematical description, this book is at the forefront of helping make cryptography a field that is more relevant across the entire discipline of computer science and engineering."

—Nadim Kobeissi

Back cover

This is a comprehensive description of the cryptographic hash function BLAKE, one of the five final contenders in the NIST SHA3 competition, and of BLAKE2, an improved version popular among developers. It describes how BLAKE was designed and why BLAKE2 was developed, and it offers guidelines on implementing and using BLAKE, with a focus on software implementation.

In the first two chapters, the authors offer a short introduction to cryptographic hashing, the SHA3 competition, and BLAKE. They review applications of cryptographic hashing, they describe some basic notions such as security definitions and state-of-the-art collision search methods, and they present SHA1, SHA2, and the SHA3 finalists. In the chapters that follow, the authors give a complete description of the four instances BLAKE-256, BLAKE-512, BLAKE-224, and BLAKE-384; they describe applications of BLAKE, including simple hashing with or without a salt, and HMAC and PBKDF2 constructions; they review implementation techniques, from portable C and Python to AVR assembly and vectorized code using SIMD CPU instructions; they describe BLAKE’s properties with respect to hardware design for implementation in ASICs or FPGAs; they explain BLAKE's design rationale in detail, from NIST’s requirements to the choice of internal parameters; they summarize the known security properties of BLAKE and describe the best attacks on reduced or modified variants; and they present BLAKE2, the successor of BLAKE, starting with motivations and also covering its performance and security aspects. The book concludes with detailed test vectors, a reference portable C implementation of BLAKE, and a list of third-party software implementations of BLAKE and BLAKE2.

The book is oriented towards practice—engineering and craftsmanship— rather than theory. It is suitable for developers, engineers, and security professionals engaged with BLAKE and cryptographic hashing in general, and for applied cryptography researchers and students who need a consolidated reference and a detailed description of the design process, or guidelines on how to design a cryptographic algorithm.

Sample chapter

Chapter 2: Preliminaries

Table of contents

  1. Introduction
    1. Cryptographic Hashing
    2. The SHA3 Competition
    3. BLAKE, in a Nutshell
    4. Conventions
  2. Preliminaries
    1. Applications
    2. Security Notions
    3. Black-Box Collision Search
    4. Constructing Hash Functions
    5. The SHA Family
  3. Specification of BLAKE
    1. BLAKE-256
    2. BLAKE-512
    3. BLAKE-224
    4. BLAKE-384
    5. Toy Versions
  4. Using BLAKE
    1. Simple Hashing
    2. Hashing with a Salt
    3. Message Authentication with HMAC
    4. Password-Based Key Derivation with PBKDF2
  5. BLAKE in Software
    1. Straightforward Implementation
    2. Embedded Systems
    3. Vectorized Implementation Principle
    4. Vectorized Implementation with SSE Extensions
    5. Vectorized Implementation with AVX2 Extensions
    6. Vectorized Implementation with XOP Extensions
    7. Vectorized Implementation with NEON Extensions
    8. Performance
  6. BLAKE in Hardware
    1. RTL Design
    2. ASIC Implementation
    3. FPGA Design
    4. Performance
  7. Design Rationale
    1. NIST Call for Submissions
    2. Needs Analysis
    3. Design Philosophy
    4. Design Choices
  8. Security of BLAKE
    1. Differential Cryptanalysis
    2. Properties of BLAKE's G Function
    3. Properties of the Round Function
    4. Properties of the Compression Function
    5. Security Against Generic Attacks
    6. Attacks on Reduced BLAKE
  9. BLAKE2
    1. Motivations
    2. Differences with BLAKE
    3. Keyed Hashing (MAC and PRF)
    4. Tree Hashing
    5. Parallel Hashing: BLAKE2sp and BLAKE2bp
    6. Performance
    7. Security
  10. Conclusion


[email protected]