Crates.io | blake3 |
lib.rs | blake3 |
version | 1.5.5 |
source | src |
created_at | 2019-09-17 19:59:37.30836 |
updated_at | 2024-11-27 02:42:15.030734 |
description | the BLAKE3 hash function |
homepage | |
repository | https://github.com/BLAKE3-team/BLAKE3 |
max_upload_size | |
id | 165535 |
size | 1,531,613 |
BLAKE3 is a cryptographic hash function that is:
The chart below is an example benchmark of 16 KiB inputs on a Cascade Lake-SP 8275CL server CPU from 2019. For more detailed benchmarks, see the BLAKE3 paper.
BLAKE3 is based on an optimized instance of the established hash function BLAKE2 and on the original Bao tree mode. The specifications and design rationale are available in the BLAKE3 paper. The default output size is 256 bits. The current version of Bao implements verified streaming with BLAKE3.
This repository is the official implementation of BLAKE3. It includes:
The blake3
Rust crate, which
includes optimized implementations for SSE2, SSE4.1, AVX2, AVX-512,
and NEON, with automatic runtime CPU feature detection on x86. The
rayon
feature provides multithreading.
The b3sum
Rust crate, which
provides a command line interface. It uses multithreading by default,
making it an order of magnitude faster than e.g. sha256sum
on
typical desktop hardware.
The C implementation, which like the Rust implementation includes
SIMD code and runtime CPU feature detection on x86. Unlike the Rust
implementation, it's not currently multithreaded. See
c/README.md
.
The Rust reference implementation, which is discussed in Section 5.1 of the BLAKE3 paper. This implementation is much smaller and simpler than the optimized ones above. If you want to see how BLAKE3 works, or you're writing a port that doesn't need multithreading or SIMD optimizations, start here. Ports of the reference implementation to other languages are hosted in separate repositories (C, Python).
A set of test vectors that covers extended outputs, all three modes, and a variety of input lengths.
BLAKE3 was designed by:
The development of BLAKE3 was sponsored by Electric Coin Company.
BLAKE3 is also specified in the Community Cryptography Specification Project (C2SP).
NOTE: BLAKE3 is not a password hashing algorithm, because it's designed to be fast, whereas password hashing should not be fast. If you hash passwords to store the hashes or if you derive keys from passwords, we recommend Argon2.
b3sum
utilityThe b3sum
command line utility prints the BLAKE3 hashes of files or of
standard input. Prebuilt binaries are available for Linux, Windows, and
macOS (requiring the unidentified developer
workaround)
on the releases page.
If you've installed Rust and
Cargo,
you can also build b3sum
yourself with:
cargo install b3sum
If rustup
didn't configure your PATH
for you, you might need to go
looking for the installed binary in e.g. ~/.cargo/bin
. You can test
out how fast BLAKE3 is on your machine by creating a big file and
hashing it, for example:
# Create a 1 GB file.
head -c 1000000000 /dev/zero > /tmp/bigfile
# Hash it with SHA-256.
time openssl sha256 /tmp/bigfile
# Hash it with BLAKE3.
time b3sum /tmp/bigfile
blake3
crate To use BLAKE3 from Rust code, add a dependency on the blake3
crate to
your Cargo.toml
. Here's an example of hashing some input bytes:
// Hash an input all at once.
let hash1 = blake3::hash(b"foobarbaz");
// Hash an input incrementally.
let mut hasher = blake3::Hasher::new();
hasher.update(b"foo");
hasher.update(b"bar");
hasher.update(b"baz");
let hash2 = hasher.finalize();
assert_eq!(hash1, hash2);
// Extended output. OutputReader also implements Read and Seek.
let mut output = [0; 1000];
let mut output_reader = hasher.finalize_xof();
output_reader.fill(&mut output);
assert_eq!(hash1, output[..32]);
// Print a hash as hex.
println!("{}", hash1);
Besides hash
, BLAKE3 provides two other modes, keyed_hash
and
derive_key
. The keyed_hash
mode takes a 256-bit key:
// MAC an input all at once.
let example_key = [42u8; 32];
let mac1 = blake3::keyed_hash(&example_key, b"example input");
// MAC incrementally.
let mut hasher = blake3::Hasher::new_keyed(&example_key);
hasher.update(b"example input");
let mac2 = hasher.finalize();
assert_eq!(mac1, mac2);
The derive_key
mode takes a context string and some key material (not a
password). The context string should be hardcoded, globally unique, and
application-specific. A good default format for the context string is
"[application] [commit timestamp] [purpose]"
:
// Derive a couple of subkeys for different purposes.
const EMAIL_CONTEXT: &str = "BLAKE3 example 2020-01-07 17:10:44 email key";
const API_CONTEXT: &str = "BLAKE3 example 2020-01-07 17:11:21 API key";
let input_key_material = b"usually at least 32 random bytes, not a password";
let email_key = blake3::derive_key(EMAIL_CONTEXT, input_key_material);
let api_key = blake3::derive_key(API_CONTEXT, input_key_material);
assert_ne!(email_key, api_key);
See c/README.md
.
We post links to third-party bindings and implementations on the @BLAKE3team Twitter account whenever we hear about them. Some highlights include an optimized Go implementation, Wasm bindings for Node.js and browsers, binary wheels for Python, .NET bindings, and JNI bindings.
Please see CONTRIBUTING.md.
This work is released into the public domain with CC0 1.0. Alternatively, it is licensed under any of the following:
Here's a (non-exhaustive) list of protocols and software that use BLAKE3: