# Blake

## Contents

## History[edit]

**Blake** is a hash function that participated in the hash function competition of the **US National Institute of Standards and Technology**. It was one of the five finalists alongside Grøstl, JH, Skein and Keccak - the winner of the competition. Blake was developed by the Swiss cryptographers Jean-Philippe Aumasson, Luca Henzen, Willi Meier and the United Kingdom specialist Raphael C.-W. Phan.
The intention behind the competition was to develop a new hash function to complement the previous **Secure Hash Algorithm** (**SHA**) standards - **SHA-1 and SHA-2**. The competition was held from November 2, 2007, when it was formally announced to October 2, 2012 when the winner was declared.

## Technical details[edit]

Blake is designed implementing **HAIFA** (**HAsh Iterative FrAmework**) construction. HAIFa is an upgrade of **Merkle–Damgård construction** and its modern alternative developed by Eli Biham and Orr Dunkelman. It was developed to, amongst other things, avoid **length extension attacks**.

Length extension attacks are a vulnerability of the previous Secure Hash Algorithm standards SHA-1 and SHA-2 that are both based on the original Merkle–Damgård structure. Those attacks are based on the usage of Hash(message1) and the length of message1 to calculate Hash(message1 ‖ message2) for an attacker-controlled message2. Hashing functions that are a target of length extension attacks operating in the following way: the input message is split into parts, and the function sequentially processes each part. As a result of working with each message, the hash function converts its internal state, which is used to process the next part. The first block of the message uses a predefined initializing value. After all the parts of the message have been processed, function is generating the output value, which is a representation of its internal state after the last block of the message has been processed. Therefore, one can restore a function from its value to its internal state, which can then be used to process new data. One can now extend the original message by adding new information to the end of the message and calculate the hash value that will be valid for the new message. The implementation of HAIFA made Blake immune to the length extension attacks, **fixed-point attacks**, reduced the risks of successful **multicollisions attack** and **Herding attack**.

The technology behind the main functional of Blake is a Dan Bernstein's **ChaCha** stream cipher - a modification of **Salsa20** cipher that aims aim to increase Salsa20 diffusion per round while achieving without losing performance by adding changes in the round function. Both Salsa and ChaCha are very efficient due to the fact that the transformation of each column and each row are independent from each other, the calculations necessary to encrypt could be paralleled. This gives a significant gain in speed for most modern platforms. The algorithm also has close to no overhead calculations required to run the encryption cycle and changing the key. Many cryptographic systems rely on pre-calculations, the results of which must be stored in the cache of the first level (L1) of the processor. Since they depend on the key, the calculations will have to be performed again. In ChaCha, one just need to load the key into the memory.

Compression algorithm of the Blake function is based on ChaCha cipher but it adds permuted copy of the input block, **XORed** (“exclusive or” logical operation) with some round constants, before each round. ChaCha also lacks a 64-bit version, but is exists in Blake.

Similar to SHA-2, BLAKE comes in two variants. The first one is a BLAKE-256 that uses 32-bit words, used for computing hashes up to 256 bits long. The other one is BLAKE-512 that uses 64-bit words, used for computing hashes up to 512 bits long.

## Implementations[edit]

Blake isn’t very popular as a hashing algorithm for cryptocurrency **proof-of-work**, but there are some notable cryptocurrencies that use Blake or its improved versions. The biggest cryptocurrency that uses Blake is **Decred** - Blake-256 - based coin with more than $339 million of market capitalization. Other famous Blake-256 coins are **Photon** and **Blakecoin**, but they are not as successful as Decred with the $469 thousand and $268 thousand of capitalization respectively. Another popular Blake-based cryptocurrency is **Siacoin** that implements Blake2b and has over $261 million of market capitalization.

However, Blake and its upgrades are quite popular as a technical solution in other fields. Blake2 is a hash function of **Argon2** - a key derivation function that was selected as the winner of the Password Hashing Competition in 2015. Blake2b is used as a key derivation function in Equihash proof of work in **Zcash**. RAR file archive format of the version 5 supports an optional 256-bit BLAKE2sp file checksum. It is also supported by many cryptography libraries like, for example, Botan, Crypto++, OnenSSL and others.

## See Also on BitcoinWiki[edit]

## Resources[edit]

- Daniel J. Bernstein: ChaCha, a variant of Salsa20
- Wikipedia: Length extention attack
- Daniel J. Bernstein: Salsa20 specification
- Jean-Philippe Aumasson, et al. SHA-3 proposal BLAKE
- Wikipedia: BLAKE (hash function)
- Wikipedia: Haifa construction