Skip to content

Add blake3 as a registered/supported hash algorithm. #1240

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
tianon merged 1 commit into from
Apr 24, 2025
Merged

Add blake3 as a registered/supported hash algorithm. #1240

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions descriptor.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,7 @@ Some example digest strings include the following:
| `sha512:401b09eab3c013d4ca54922bb802bec8fd5318192b0a75f201d8b372742...` | [SHA-512](#sha-512) | Yes |
| `multihash+base58:QmRZxt2b1FVZPNqd8hsiykDL3TdBDeTSPX9Kv46HmX4Gx8` | Multihash | No |
| `sha256+b64u:LCa0a2j_xo_5m0U8HTBBNBNCLXBkg7-g-YpeiGJm564` | SHA-256 with urlsafe base64 | No |
| `blake3:6c3c624b58dbbcd3c0dd82b4c53f04194d1247c6eebdaab7c610cf7d66709b3b` | [BLAKE3](#blake3) | Yes |

Please see [Registered Algorithms](#registered-algorithms) for a list of registered algorithms.

Expand Down Expand Up @@ -142,6 +143,7 @@ The following algorithm identifiers are currently defined by this specification:
|----------------------|---------------------|
| `sha256` | [SHA-256](#sha-256) |
| `sha512` | [SHA-512](#sha-512) |
| `blake3` | [BLAKE3](#blake3) |

If a useful algorithm is not included in the above table, it SHOULD be submitted to this specification for registration.

Expand All @@ -161,6 +163,16 @@ Implementations MAY implement SHA-512 digest verification for use in descriptors
When the _algorithm identifier_ is `sha512`, the _encoded_ portion MUST match `/[a-f0-9]{128}/`.
Note that `[A-F]` MUST NOT be used here.

#### BLAKE3
Copy link
Contributor

@wking wking Feb 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In addition to the new section, you'll want a new entry in the registered-algorithms table up around line 140, right?

Copy link
Contributor Author

@rchincha rchincha Feb 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated


[BLAKE3][blake3] is a high performance, highly parallelizable, collision-resistant hash function which [is more performant][blake3-vs-sha2] than
[SHA-256][rfc4634-s4.1].
The hash output length MUST be 256 bits.
Copy link
Contributor

@wking wking Feb 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not familiar with BLAKE3, but going through the spec, it seems like we might also need to specify the hash hashing mode? Or is it sufficiently obvious from the context that there's no provision for supplying a key or other input, making the keyed_hash and derive_key modes unfeasible?

Copy link
Member

@tianon tianon Feb 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IMO it's pretty obvious that this is and has to be unkeyed (as you said, there's no way to specify a key).

Copy link
Contributor Author

@rchincha rchincha Feb 27, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similar to sha1 or sha2 right?

The purpose of the hash here is content-addressability (with non-collision guarantees)

You can still build a keyed hash out of these - https://datatracker.ietf.org/doc/html/rfc2104

Implementations MAY implement BLAKE3 digest verification for use in descriptors.

When the _algorithm identifier_ is `blake3`, the _encoded_ portion MUST match `/[a-f0-9]{64}/`.
Note that `[A-F]` MUST NOT be used here.

## Embedded Content

In many contexts, such as when downloading content over a network, resolving a descriptor to its content has a measurable fixed "roundtrip" latency cost.
Expand Down Expand Up @@ -220,3 +232,5 @@ In the following example, the descriptor indicates the type of artifact it is re
[rfc7230-s2.7]: https://tools.ietf.org/html/rfc7230#section-2.7
[sha256-vs-sha512]: https://groups.google.com/a/opencontainers.org/forum/#!topic/dev/hsMw7cAwrZE
[iana]: https://www.iana.org/assignments/media-types/media-types.xhtml
[blake3]: https://github.com/C2SP/C2SP/blob/BLAKE3/v1.0.0/BLAKE3.md
Copy link
Member

@sajayantony sajayantony Feb 27, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there an RFC we can point to? Also I'm not sure if but can an expert here articulate the difference between https://www.ietf.org/archive/id/draft-aumasson-blake3-00.html and a GitHub link above.

Copy link
Contributor Author

@rchincha rchincha Feb 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As per the commentary, RFC was submitted for process sake, but deemed ineffective/unnecessary. So this repo may be source of truth afaik.

[blake3-vs-sha2]: https://github.com/BLAKE3-team/BLAKE3-specs/blob/master/blake3.pdf