Join Log in
Score:1
soul king avatar Crypto

Offset Parameters in BLAKE2b

in flag
soul king

In my course about cryptography, we started looking at hash functions. As homework, we had to pick a modern hash function and describe it in class. I chose BLAKE2b, which I can understand well when it is explained in words, but the official implementation raises questions.

static void G(int roundNum, int i, int a, int b, int c, int d)
    {
        int p = (roundNum << 4) + 2 * i;
        int p0 = ReplaceConstants[p];
        int p1 = ReplaceConstants[p + 1];

        string s = @"// G(r, i, a, b, c, d)
            a = a + b + m[" + p0 + @"];
            d ^= a;
            d = " + RotateRight("d", 32) + @";
            c = c + d;
            b ^= c;
            b = " + RotateRight("b", 24) + @";
            a = a + b + m[" + p1 + @"];
            d ^= a;
            d = " + RotateRight("d", 16) + @";
            c = c + d;
            b ^= c;
            b = " + RotateRight("b", 63) + @";";
        s = s.Replace("a", "v" + a);
        s = s.Replace("b", "v" + b);
        s = s.Replace("c", "v" + c);
        s = s.Replace("d", "v" + d);
        s = s.Replace("r", roundNum.ToString());
        s = s.Replace("i", i.ToString());
        s = s.Replace("\t", "");
        Console.WriteLine(s);
        Console.WriteLine();
    }

Single core function G, she calls RotateRight four times as intended.

static string RotateRight(string name, int offset)
    {
        return "((" + name + " >>" + offset + ")|(" + name + " << (64-" + offset + ")))";
    }

I don't understand why Rotate takes offset parameters of 32, 24, 16, 63 when 16, 12, 8, 7 are needed, as shown below: blake2b,illustration of algorithm Also, about this scheme, what do $Сsigma_r(2i+1)$ and $Msigma_r(2i)$ mean?

My sources:

Illustration from Wikipedia

Official C# Implementation

70
0 + 0
soul king avatar
in flag
soul king
added resources to the post
1
Reply
fgrieu avatar
ng flag
fgrieu
@Morrolan: I recognize [this](https://github.com/BLAKE2/BLAKE2/blob/master/csharp/Blake2Sharp/Blake2BCore-Simple.cs#L26-L42) as standard C#. But I'm at loss with the `string s = @"`part of the question's code. That's off-topic anyway.
0
Reply
Morrolan avatar
ng flag
Morrolan
@fgrieu Ah, I mentally skipped that. `@` is merely syntactic sugar to make it treat the contents of the string verbatim - that is without the special meaning which is usually assigned to characters such as `\\`. Looking at the string modification below, that is likely used to produce the unrolled implementation in the repo. (Off topic, I admit. Good thing there's no mod around)
0
Reply
Score:2
Morrolan avatar Crypto
ng flag
Morrolan

$G$ function

The graphic you reference seems to describe the $G$ function of BLAKE - and not of BLAKE2b. Note not only the different rotations, but also the addition of the constants $C_{\sigma_r(2i+1)}$ which are not present in BLAKE2 anymore. Both of these match the definition of the $G$ function of BLAKE, as per the official documentation.

As for BLAKE2: Do be careful that there are two versions of BLAKE2. BLAKE2s is for platforms with 8-32 bit hardware, BLAKE2b for platforms with 64 bit hardware.

BLAKE2s uses rotations by 16, 12, 8 and 7 bits respectively - but without the constant addition - so will look very similar (but not equal!) to your graphic.

BLAKE2b on the other hand uses rotations by 32, 24, 16 and 63 bits respectively, which is what the referenced source code implements.

For details on BLAKE2, check section 2.4 of the official BLAKE2 documentation (which seems to focus on changes from BLAKE to BLAKE2), or its RFC which provides a full description.

In the repository you link to, they only provide a C# reference implementation of BLAKE2b. You can however see the different implementations by comparing the C reference implementations of BLAKE2b and BLAKE2s:

BLAKE2s' $G()$ function

#define G(r,i,a,b,c,d)                      \
  do {                                      \
    a = a + b + m[blake2s_sigma[r][2*i+0]]; \
    d = rotr32(d ^ a, 16);                  \
    c = c + d;                              \
    b = rotr32(b ^ c, 12);                  \
    a = a + b + m[blake2s_sigma[r][2*i+1]]; \
    d = rotr32(d ^ a, 8);                   \
    c = c + d;                              \
    b = rotr32(b ^ c, 7);                   \
  } while(0)

BLAKE2b's $G()$ function:

#define G(r,i,a,b,c,d)                      \
  do {                                      \
    a = a + b + m[blake2b_sigma[r][2*i+0]]; \
    d = rotr64(d ^ a, 32);                  \
    c = c + d;                              \
    b = rotr64(b ^ c, 24);                  \
    a = a + b + m[blake2b_sigma[r][2*i+1]]; \
    d = rotr64(d ^ a, 16);                  \
    c = c + d;                              \
    b = rotr64(b ^ c, 63);                  \
  } while(0)

Permutations

The $\sigma$ you ask about is a family of permutations, see e.g. section 2.7 of the BLAKE2 RFC.

0 + 0
soul king avatar
in flag
soul king
many thank to you, now i understand. Think, i will have new questions, i will ask them under your comment!
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.