Blake3 was mentioned in another thread, but I wanted to make a new thread.
I think that Blake3 would be an ideal choice for Pijul’s hash function:
- Blake3 has a fist-class rust implementation, maintained by the authors of the hash function.
- The hashes are 256 bits, so it’s significantly shorter than 512 bit SHA2. There was some mention of a possible security tradeoff going to 256 bits, but I think that 256 bit hashes are currently considered to be secure, for now and the indefinite future.
- Blake3 is very, very fast. It both because it’s a merkle tree hash, which means that it’s highly amenable to parallelism, and because it uses Blake2s, which is a fast primitive.
- Blake3 includes a number of useful modes, in addition to the main hash function, it supports a keyed hash, and a key derivation operation. These might be useful for collision resistant hashing, or key derivation for signature operations.
Blake3 is binary merkle tree hash with 16KiB leaf nodes, which enables a lot of neat possibilities for Pijul:
- Corruption during transmission or storage could be identified and repaired at the block level, instead of having to throw away the entire object.
- Large objects could be synced from multiple locations, by requesting disjoint sets of blocks.
Blake3 is derived from a hash called Bao, which was written by Jack O’Connor, and then later turned into Blake3. Jack is active on Twitter and a few other places. I’m sure he would be interested in seeing Blake3 adopted, and would likely be able to explain any technical points relating to Pijul adopting Blake3.