Hi all,
I originally picked SHA3 (Keccak) for all hashing in grin [1]. The advantages
of SHA3 over SHA256 are numerous (more modern design, less known weaknesses,
designed independently from NSA, well studied and long review process, etc.)
which motivated my original decision. However it turns out that in practice,
SHA3 is on the slower side [2] due to last minute decisions from NIST to
increase the security parameters.
We will need a fair amount of hashing operations in grin, as our "transactions"
are broken down into inputs, outputs (in which range proofs can be considered
separately) and kernels which may all be hashed independently. We also maintain
at least one sum tree of the UTXO set. Hashing performance is important to our
normal operation.
So I'm considering a switch to the Blake2 [3] hash function. It's extremely
fast in software (faster than SHA256 and even MD5), has been shown to be as
secure as SHA3, was designed independently and has been widely reviewed.
Any strong opposition or concerns?
- Igno
[1] https://github.com/ignopeverell/grin/blob/master/core/src/core/hash.rs#L153
[2] https://www.imperialviolet.org/2017/05/31/skipsha3.html
[3] https://blake2.net
--
Mailing list: https://launchpad.net/~mimblewimble
Post to : mimblewimble@lists.launchpad.net
Unsubscribe : https://launchpad.net/~mimblewimble
More help : https://help.launchpad.net/ListHelp
