Project

General

Profile

Feature #12802

Add BLAKE2 support to Digest

Added by bascule (Tony Arcieri) about 2 years ago. Updated almost 2 years ago.

Status:
Open
Priority:
Normal
Assignee:
-
Target version:
-
[ruby-core:77466]

Description

BLAKE2 is a fast, modern hash function, based on improvements to the BLAKE function, which was a SHA3 finalist. BLAKE2 performs about twice as fast in software as SHA3 winner Keccak:

https://blake2.net/

BLAKE2 has received an informational RFC 7693 from the IETF:

https://tools.ietf.org/html/rfc7693

It was added to the Python standard library in Python 3.6:

https://docs.python.org/3.6/library/hashlib-blake2.html

If there's interest in supporting BLAKE2 in the Ruby standard library, I can put together a patch.

History

#2 [ruby-core:77767] Updated by hsbt (Hiroshi SHIBATA) about 2 years ago

  • Assignee deleted (ruby-core)

#3 [ruby-core:77768] Updated by nobu (Nobuyoshi Nakada) about 2 years ago

Is BLAKE2b unavailable if 64-bit integer is unavailable?

#4 [ruby-core:77769] Updated by bascule (Tony Arcieri) about 2 years ago

BLAKE2b will work on 32-bit CPUs but is optimized for 64-bit CPUs

#5 [ruby-core:77770] Updated by nobu (Nobuyoshi Nakada) about 2 years ago

I meant that BLAKE2b seems to need uint64_t.
If a compiler does not support such large integer type, isn't BLAKE2b usable on that platform?

#6 [ruby-core:77773] Updated by rhenium (Kazuki Yamaguchi) about 2 years ago

Is there still a supported environment without 64-bit integer support? ext/digest/sha2/sha2.c is already using 64-bit integers. It is compiled only when OpenSSL (or CommonCrypto) is not available, but the current versions of OpenSSL also require uint64_t.

But, I'm wondering, why not add the SHA-3 winner but only BLAKE2?

#8 [ruby-core:77812] Updated by bascule (Tony Arcieri) about 2 years ago

Nice @ SHA-3 branch. I think it makes sense to add both.

The reason to add BLAKE2 in addition to SHA-3 is that BLAKE2 is, in some cases, over 3X faster than SHA-3 at an equivalent security level:

https://blake2.net/sandy.png

BLAKE2b on a modern Intel CPU is even faster than MD5, but provides substantially better security.

Something of a grassroots movement is pushing for the use of BLAKE2 anywhere speed is important, such as checksumming large files.

#9 [ruby-core:78613] Updated by naruse (Yui NARUSE) about 2 years ago

Nobuyoshi Nakada wrote:

I meant that BLAKE2b seems to need uint64_t.
If a compiler does not support such large integer type, isn't BLAKE2b usable on that platform?
Kazuki Yamaguchi wrote:
Is there still a supported environment without 64-bit integer support? ext/digest/sha2/sha2.c is already using 64-bit integers. It is compiled only when OpenSSL (or CommonCrypto) is not available, but the current versions of OpenSSL also require uint64_t.

But, I'm wondering, why not add the SHA-3 winner but only BLAKE2?

Many part of CRuby requires int64_t/uint64_t.
The point seems acceptable.

#10 [ruby-core:78778] Updated by shyouhei (Shyouhei Urabe) almost 2 years ago

We looked at this issue at today's developer meeting. We could not be sure if we need our own implementation of BLAKE2 (or SHA3). Maybe a matter of time? We might need to use SHA3 someday, but OpenSSL should also have one at that time (BLAKE2 is there already).

Isn't it better for us to encourage people switching from Digest to OpenSSL?

Also available in: Atom PDF