[noise] Specifying Blake2sp / Blake2bp
trevp at trevp.net
Mon May 1 19:55:10 PDT 2017
On Mon, May 1, 2017 at 7:54 PM, Jason A. Donenfeld <Jason at zx2c4.com> wrote:
> I was looking at Samuel's (CC'd) AVX2 optimized implementations of
> Blake2  and noticed there wasn't any implementation for Blake2s.
> Samuel explained to me that blake2s and blake2b don't naturally
> parallelize, which is why the blake2sp and blake2bp variants exist;
> these nicely parallelize, so fast implementations are possible. Given
> that Noise is pretty hash-heavy, we have good reason to be interested
> in fast hash functions.
Is it, really? ("hash-heavy"). The hash is just used during the
handshake, where's there's all the public-key ops.
Noise does lots of small-message hashing (including HMAC and HKDF),
plus hashing the "e" and "s" tokens, where I imagine this wouldn't
help much or at all. And I assume it's more complex and less widely
It's easy to just do it if you use the "BLAKE2sp" name, but at first
glance I'm skeptical this would be a good recommendation for the core
More information about the Noise