*** Welcome to piglix ***

BLAKE2

BLAKE
General
Designers Jean-Philippe Aumasson, Luca Henzen, Willi Meier, Raphael C.-W. Phan
Successors BLAKE2
Certification SHA-3 finalist
Detail
Digest sizes 224, 256, 384 or 512 bits
Structure HAIFA construction
Rounds 14 or 16
Speed 8.4 cpb on Core 2 for BLAKE-256; 7.8 cpb for BLAKE-512
BLAKE2
General
Designers Jean-Philippe Aumasson, Samuel Neves, Zooko Wilcox-O'Hearn, Christian Winnerlein
Derived from BLAKE
Detail
Digest sizes arbitrary
Rounds 10 or 12

BLAKE and BLAKE2 are cryptographic hash functions based on Dan Bernstein's ChaCha stream cipher, but a permuted copy of the input block, XORed with some round constants, is added before each ChaCha round. Like SHA-2, there are two variants differing in the word size. ChaCha operates on a 4×4 array of words. BLAKE repeatedly combines an 8-word hash value with 16 message words, truncating the ChaCha result to obtain the next hash value. BLAKE-256 and BLAKE-224 use 32-bit words and those output digest size are 256 bits and 224 bits, while BLAKE-512 and BLAKE-384 use 64-bit words and those output digest size are 512 bits and 384 bits.

BLAKE was submitted to the NIST hash function competition by Jean-Philippe Aumasson, Luca Henzen, Willi Meier, and Raphael C.-W. Phan. In 2008, there were 51 entries. BLAKE made it to the final round consisting of five candidate but lost to Keccak in 2012, which was selected for the SHA-3 algorithm.

Like SHA-2, BLAKE comes in two variants: one that uses 32-bit words, used for computing hashes up to 256 bits long, and one that uses 64-bit words, used for computing hashes up to 512 bits long. The core block transformation combines 16 words of input with 16 working variables, but only 8 words (256 or 512 bits) are preserved between blocks.

It uses a table of 16 constant words (the leading 512 or 1024 bits of the fractional part of π), and a table of 10 16-element permutations:

The core operation, equivalent to ChaCha's quarter round, operates on a 4-word column or diagonal combines with 2 words of message m[] and two constant words c[]. It is performed 8 times per full round:

In the above, r is the round number (0–13), and i varies from 0 to 7.

The differences from the ChaCha quarter-round function are:

The 64-bit version (which does not exist in ChaCha) is identical, but the rotation amounts are 32, 25, 16 and 11, respectively, and the number of rounds is increased to 16.

Pseudocode for the Blake2b algorithm. The Blake2b algorithm uses 8-byte (UInt64) words, and 128-byte chunks.

The Compress function takes a full 128-byte chunk of the input message and mixes it into the ongoing state array:


...
Wikipedia

...