The final implementation of the algorithm has been published , which offers a cryptographic hash function designed for applications such as checking the integrity of files, authenticating messages, and generating data for digital signatures. BLAKE3 is not intended for hashing passwords (passwords must use yescrypt, bcrypt, scrypt or Argon2), as it is aimed at calculating hashes as quickly as possible with a guarantee of no collisions, protection against and insensitivity to the size of the hashed data. BLAKE3 Reference Implementation under a dual license - public domain (CC0) and Apache 2.0.
The key difference of the new hash function is the very high performance of the hash calculation while maintaining the reliability at the SHA-3 level. By default, the size of the resulting hash in BLAKE3 is 32 bytes (256 bits), but it can be extended to arbitrary values. In the hash generation test for a 16 KB file, BLAKE3 outperforms SHA3-256 by 15 times, SHA-256 by 12 times, SHA-512 by 8 times, SHA-1 by 6 times, and BLAKE2b by 4 times times. A significant gap remains even when processing very large amounts of data, for example, BLAKE3 turned out to be SHA-256 by 8 times when computing a hash for 1GB of random data.
The algorithm was developed by well-known experts in cryptography (, , , ) and continues to develop the algorithm and uses the mechanism . Unlike BLAKE2 (BLAKE2b, BLAKE2s), BLAKE3 offers a single algorithm for all platforms that is not tied to the bit depth and hash size.
The performance improvement was achieved by reducing the number of rounds from 10 to 7 and hashing blocks separately in 1 KB chunks. According to the creators, they found a convincing , that you can get by with 7 rounds instead of 10 while maintaining the same level of reliability (for clarity, we can give an example with mixing fruits in a mixer - after 7 seconds the fruits are already completely mixed and an additional 3 seconds will not affect the consistency of the mixture). At the same time, some researchers express doubts, believing that even if at present 7 rounds are enough to counter all known attacks on hashes, then an additional 3 rounds may be useful in case new attacks are discovered in the future.
As for the division into blocks, in BLAKE3 the stream is divided into pieces of 1 KB each and each piece is hashed independently. Based on the hashes of the pieces on the base one big hash is formed. This separation allows you to solve the problem of parallelizing data processing when calculating a hash - for example, you can use 4-threaded SIMD instructions to simultaneously calculate the hashes of 4 blocks. Traditional SHA-* hash functions process data sequentially.
BLAKE3 Features:
- High performance;
- Safety, including resistance to , which SHA-2 is subject to;
- Ensuring parallelization of calculations for any number of threads and SIMD channels;
- Possibility of incremental updating and verified processing of streams;
- Application in PRF, MAC, KDF, XOF modes and as a regular hash;
- Single algorithm for all architectures, fast on both x86-64 and 32-bit ARM processors.
Source: opennet.ru