[cryptography] introducing BLAKE2 — an alternative to SHA-3, SHA-2 and MD5

David Adamson adamson.david.jr at gmail.com
Tue Dec 25 04:55:43 EST 2012


On 12/21/12, Zooko O'Whielacronx <zookog at gmail.com> wrote:
> ...
> However, many use cases need an alternative to MD5 — something with
> better security properties than MD5 but with high performance in
> software. To that end, we've defined BLAKE2, an optimized version of
> SHA-3 finalist BLAKE that is faster than MD5 on Intel 64-bit CPUs.
>
>

Hi Zooko,

Congratulations to Jean-Philippe Aumasson, to you, to Samuel Neves and
to Christian Winnerlein for BLAKE2. I would suggest you to support my
lobbying for a new European hash competition where the objectives will
be very precisely set up: The same security as SHA-3, but faster speed
than MD5 on 64-bit platforms (let say faster than 2 cycles/byte for
very long messages). Orr it does not need to be European competition,
it can be worldwide open German, Russian, Israeli, Japanese or Chinese
competition.

On SUPERCOP website I can see that for example on Ivy Bridge, in
64-bit mode, there are several hash functions that are faster than MD5
or very close to it. For example:

amd64; IB+AES (306a9); 2012 Intel Core i7-3520M; 2 x 2900MHz;
khazaddum, supercop-20120928

Cycles/byte for long messages
quartile	median	quartile	hash
2.09	2.14	2.17	edonr512
3.10	3.14	3.18	bmw512
4.21	4.24	4.28	edonr256
4.26	4.31	4.34	echosp256
4.23	4.34	4.37	cubehash832
4.76	4.78	4.80	bmw256
4.96	4.99	5.02	echo256
5.30	5.32	5.34	keccakc256treed2
5.30	5.32	5.33	md5
5.48	5.53	5.57	shabal512
5.50	5.53	5.55	shabal256
5.62	5.68	5.73	blake512
5.74	5.79	5.86	bblake256
5.99	6.03	6.06	tiger
6.26	6.29	6.32	blake64
6.25	6.29	6.33	sarmal256
6.27	6.30	6.36	skein512512
6.28	6.36	6.44	skein512256
...

I am sure that authors of edonr512, bmw512, echosp256, cubehash832,
shabal512, tiger, sarmal512 and skein512256, as well as many others
would be very enthusiastic to participate in such a competition. The
benefits of that competition will be that the organizer will have a
superior to SHA-2 and SHA-3 standardized cryptographic hash function
that was scrutinized heavily by the cryptographers from all the world.
The organizers do not need to wary from receiving hundreds of hash
proposals since the requirements that the speed should be more than 2
cycles/byte and the function to be as secure as SHA-3 is so high, that
I am expecting 90% of the amateurish proposals would be broken in one
day.

Regards,
David Adamson



More information about the cryptography mailing list