2

Is it a good choice to drop double SHA-256 and use straight Blake2 in a Bitcoin-like blockchain (more POS oriented so it's not a mining problem)?

I'm talking about Blake2 because I've read more about it than Blake3, so this question may even consider Blake3.

I don't want to clone Bitcoin but experiment with variations to see what can be improved at low level, so I want to keep it as simple as possible while maintaining at least the bitcoin security level.

Based on my research, it seems Blake2 hash computation is as secure as double hashing SHA-256, correct?

If I've understood correctly, double hashing SHA-256 is done to prevent length extension attack, as one can read here. That's prevented by default on Blake2. Read about it here.

Is this correct?

I'd like to see the performance difference between using Blake2 instead of double SHA-256, but I don't want to upend security.

tshepang
  • 105
  • 3
Not Important
  • 123
  • 5

1 Answers1

3

BLAKE2 can be used as a drop-in replacement for SHA-256d, yes. It is not vulnerable to the length extension attack. Whether or not you should use it in cryptocurrency is a more complex question, but it suffices to say that it will not be any less secure than using SHA-256d for your purposes.

Regarding the speed comparison, this will be more complex to answer as you'd need to specify if you want to encourage CPU mining, GPU mining, or ASIC mining for the cryptocurrency. The raw speed of the hash on a modern CPU will also vary, but BLAKE2 will be faster than SHA-256d. Exactly how much faster depends on the CPU's capabilities, such as SIMD features supported.

forest
  • 15,626
  • 2
  • 49
  • 103