BLAKE3-specs
bao
BLAKE3-specs | bao | |
---|---|---|
8 | 4 | |
158 | 452 | |
0.0% | - | |
0.0 | 4.0 | |
almost 2 years ago | 2 months ago | |
HTML | Rust | |
GNU General Public License v3.0 or later | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
BLAKE3-specs
-
Reasons to Prefer Blake3 over Sha256
We put a lot of effort into section 5.1.2 of https://github.com/BLAKE3-team/BLAKE3-specs/blob/master/blak..., and the relatively more complicated part of BLAKE3 (incrementally building the Merkle tree) ends up being ~4 lines of code. Let me know what you think.
-
Why do we even need HKDF's?
BLAKE3 is a new function which includes a KDF mode, and is significantly faster than HKDF-SHA256. However, it hasn't seen as much cryptanalysis as more established functions, so I'm still somewhat wary of it (admittedly it's a reduced-round variant of BLAKE2s, with extra modes, so I'm not that wary, but it's still worth a warning).
-
A few questions...
The BLAKE3 spec is also pretty readable (though I think the graphics in the BLAKE2b paper make it a bit easier to understand).
-
Linux Kernel RNG is now Blake2 instead of SHA1 and 3x faster
> That's for 16KiB inputs.
BLAKE3 needs 16 KiB of input to hit the numbers in that bar chart, but BLAKE2s doesn't. It'll maintain its advantage over SHA-256 all the way down to the empty string. You can see this in Figure 3 of https://github.com/BLAKE3-team/BLAKE3-specs/blob/master/blak.... (BLAKE3 is also faster than SHA-256 all the way down to the empty string, but not by as large a margin as the 16 KiB figures suggest.)
On the other hand, these measurements were done on machines without SHA-256 hardware acceleration. If you have that (and Intel chips from the past year do), then SHA-256 does a lot better of course.
-
I Have Settled on XChaCha20+Blake3 for AEAD
Its section 2.1 of the paper: https://github.com/BLAKE3-team/BLAKE3-specs/blob/master/blak...
Though, note, blake3 still provides enhanced resistance against the attacks against blake2 even in the case where you only have one block, due to the change in how the fundamental hashing primitive is used.
-
Consensus mechanism
Consensus is done with Blockmania, a PBFT consensus protocol. Link P2P networking stack (in progress) = libp2p. Link (currently we're using Serf for cluster membership, but this will be replaced by libp2p) We use Blake 3 for merkle tree and hashing algorithm. Link (amongst others that are standard, e.g. multisig) Lthash is used for block propagation and homomorphic hashing, and to extend for bootstrapping. Link For transaction and balance privacy we use:
bao
-
The Curious Case of MD5
Thanks! I've added a note about this here: https://github.com/oconnor663/bao/issues/41#issuecomment-119.... Does that sound like an accurate summary to you?
-
Reasons to Prefer Blake3 over Sha256
I mostly agree with you, but there are a couple other bullet points I like to throw in the mix:
- Length extension attacks. I think all of the SHA-3 candidates did the right thing here, and we would never accept a new cryptographic hash function that didn't do the right thing here. But SHA-2 gets a pass for legacy reasons. That's understandable, but we know we need to replace it with something eventually.
- Kind of niche, but BLAKE3 supports incremental verification, i.e. checking the hash of a file while you stream it rather learning whether it was valid at the end of the stream. https://github.com/oconnor663/bao That's useful if you know the hash of a file but you don't necessarily trust the service that's storing it.
-
Lightweight Cryptography Standardization Process: NIST Selects Ascon
Sadly, for domain separation between the Cyclist calls, it needs to touch the capacity, right? So Ascon can’t be retrofitted without being modified. Too bad, it could have enabled bao-style shenanigans.
What are some alternatives?
BLAKE3 - the official Rust and C implementations of the BLAKE3 cryptographic hash function
multihash - Self describing hashes - for future proofing
XKCP - eXtended Keccak Code Package
experimental-caead - Experimental committing AEAD designed by Soatok.
go-benchmarks - Comprehensive and reproducible benchmarks for Go developers and architects.
Hakobu
rust-libp2p - The Rust Implementation of the libp2p networking stack.