BLAKE
1 The algorithm
- Author(s): Jean-Philippe Aumasson, Luca Henzen, Willi Meier, Raphael C.-W. Phan
- Website: http://131002.net/blake/
- NIST submission package:
- Round 3: Blake_FinalRnd.zip
- Round 1/2: BLAKE_Round2.zip (old versions: BLAKE.zip, BLAKEUpdate.zip)
Jean-Philippe Aumasson, Luca Henzen, Willi Meier, Raphael C.-W. Phan - SHA-3 proposal BLAKE
- ,2010
- http://131002.net/blake/blake.pdf
BibtexAuthor : Jean-Philippe Aumasson, Luca Henzen, Willi Meier, Raphael C.-W. Phan
Title : SHA-3 proposal BLAKE
In : -
Address :
Date : 2010
Jean-Philippe Aumasson, Luca Henzen, Willi Meier, Raphael C.-W. Phan - SHA-3 proposal BLAKE
- ,2008
- http://ehash.iaik.tugraz.at/uploads/0/06/Blake.pdf
BibtexAuthor : Jean-Philippe Aumasson, Luca Henzen, Willi Meier, Raphael C.-W. Phan
Title : SHA-3 proposal BLAKE
In : -
Address :
Date : 2008
2 Cryptanalysis
We distinguish between two cases: results on the complete hash function, and results on underlying building blocks.
A description of the tables is given here.
Recommended security parameter: 14 rounds (n=224,256); 16 rounds (n=384,512)
2.1 Hash function
Here we list results on the hash function according to the NIST requirements. The only allowed modification is to change the security parameter.
| Type of Analysis | Hash Size (n) | Parameters | Compression Function Calls | Memory Requirements | Reference |
| preimage | 224,256 | 2.5 rounds | 2n-15 | - | Ji,Liangyu |
| preimage | 384 | 2.5 rounds | 2355 | - | Ji,Liangyu |
| preimage | 512 | 2.5 rounds | 2481 | - | Ji,Liangyu |
2.2 Building blocks
Here we list results on underlying building blocks, and the hash function modified by other means than the security parameter.
Note that these results assume more direct control or access over some internal variables (aka. free-start, pseudo, compression function, block cipher, or permutation attacks).
| Type of Analysis | Hash Function Part | Hash Size (n) | Parameters/Variants | Compression Function Calls | Memory Requirements | Reference |
| semi-free-start near-collisions | compression function | 256 | 2 rounds | 226 | - | Turan,Uyan |
| collision | hash | all | toy version BLOKE | example | - | Vidali,Nose,Pašalic |
| semi-free-start collision | compression function | all | toy version BRAKE | example | - | Vidali,Nose,Pašalic |
| near-collision | compression function | 256 | 4 rounds (No. 4-7) | 221 | - | Su,Wu,Wu,Dong |
| near-collision | compression function | 512 | 4 rounds (No. 7-10) | 216 | - | Su,Wu,Wu,Dong |
| near-collision | compression function | 512 | 5 rounds (No. 7-11) | 2216 | - | Su,Wu,Wu,Dong |
| observations | hash | all | Gligoroski | |||
| impossible differential | permutation | 224,256 | 5 rounds | - | - | Aumasson,Guo,Knellwolf,Matusiewicz,Meier |
| impossible differential | permutation | 384,512 | 6 rounds | - | - | Aumasson,Guo,Knellwolf,Matusiewicz,Meier |
| near-collision | compression function | 256 | 4 rounds (No. 3-6) | 256 | - | Guo,Matusiewicz |
| free-start collision | hash | 224,256 | 2.5 rounds | 2n/2-16 | - | Ji,Liangyu |
| free-start collision | hash | 384,512 | 2.5 rounds | 2n/2-32 | - | Ji,Liangyu |
Meltem Sönmez Turan, Erdener Uyan - Practical Near-Collisions for Reduced Round Blake, Fugue, Hamsi and JH
Janoš Vidali, Peter Nose, Enes Pašalic - Collisions for variants of the BLAKE hash function
- Information Processing Letters 110:585--590, July 2010
- BibtexAuthor : Janoš Vidali, Peter Nose, Enes Pašalic
Title : Collisions for variants of the BLAKE hash function
In : Information Processing Letters -
Address :
Date : July 2010
Bozhan Su, Wenling Wu, Shuang Wu, Le Dong - Near-Collisions on the Reduced-Round Compression Functions of Skein and BLAKE
Danilo Gligoroski - Narrow-pipe SHA-3 candidates differ significantly from ideal random functions defined over big domains
Jean-Philippe Aumasson, Jian Guo, Simon Knellwolf, Krystian Matusiewicz, Willi Meier - Differential and invertibility properties of BLAKE (full version)
Jian Guo, Krystian Matusiewicz - Round-Reduced Near-Collisions of BLAKE-32
Li Ji, Xu Liangyu - Attacks on Round-Reduced BLAKE
