blake2b-solidity is a high-performance Solidity implementation of the BLAKE2b hash
function.
The primary goal of this project is to provide the most efficient and feature-complete BLAKE2b implementation for the Ethereum Virtual Machine (EVM) to support interoperability with other cryptographic applications and Proof-of-Work (PoW) algorithms.
BLAKE2b is renowned for its speed, security, and simplicity. Notable applications of BLAKE2b in blockchain include:
- Zcash: A privacy-focused blockchain that uses BLAKE2b for its Equihash proof-of-work algorithm.
- IPFS: A decentralized file storage system that uses BLAKE2b for content addressing.
The lack of full native support for BLAKE2b in the Ethereum Virtual Machine (EVM) poses challenges for application developers to validate and interoperate with these applications within Solidity smart contracts. Consequently, developers are often forced to either adopt another hashing algorithm such as keccak-256 or sha256, both of which enjoy native support in EVM, or trust validation performed by some trusted operator.
Efforts such as EIP-152 and Project Alchemy by Consensys have attempted to provide a BLAKE2/BLAKE2b implementation. However, EIP-152 only provides a precompiled F compress function instead of the full hash function, and Project Alchemy, which started before EIP-152, could not take advantage of the precompile compress function, did not pass all reference implementation test vectors, and is no longer maintained.
blake2b-solidity aims to address these limitations by providing a high-performance, gas-efficient, and
feature-complete BLAKE2b implementation in Solidity, enabling developers to leverage the benefits of BLAKE2b directly
within Ethereum smart contracts.
- Gas-efficient ⛽️ (See Gas Usage).
-
Variable Input Support: Accepts up to a theoretical maximum of 16 exbibytes (
$2^{64}$ bytes, see Caveats). - Salting: Supports salting for added security.
- Personalized Hashes: Supports personalized hashes.
- Zero External Dependency: No external Solidity dependency. Only the EIP-152 precompiled contract is used.
The blake2b-solidity implementation is gas efficient.
We benchmarked our implementation against other available hash functions by hashing the test vectors in the test suite
and returning the result in bytes. Test vectors that involve optional extensions (keying, salting, personalization)
were excluded in our benchmark.
| Hash Function | Implementation | Average Gas Cost | Digest Size (bits) | Relative Gas Cost (%) |
|---|---|---|---|---|
| Blake2b (Consensys) | Solidity | 255,427 | 512 | 1047% |
| Blake2b (this project) | Solidity + Precompile | 27,853 | 512 | 114% |
| ripemd160 | Native | 25,719 | 160 | 105% |
| sha256 | Native | 24,834 | 256 | 102% |
| keccak256 | Native | 24,400 | 256 | 100% |
- Input size above 1 MiB (
$2^{20}$ bytes) will likely fail due to block gas limit constraints (30 million gas at time of writing). - Only the lower 64-bit of the
tcounter is implemented to save gas. This restricts the maximum supported input size to$2^{64}$ bytes. The maximum allowed input size for BLAKE2b is$2^{128}$ bytes. Given the input size constraint above, this is not going to be an issue.
This project includes a comprehensive test suite to ensure strict conformance to the BLAKE2b specification.
Core test vectors are taken from the BLAKE2b reference implementation.
Additional test vectors are taken from official libsodium tests.
We are grateful to Tjaden Hess, Matt Luongo, Piotr Dyraga, and James Hancock for their contributions to EIP-152 and the initial reference implementation of the BLAKE2b F compression function in go-ethereum.
We would also like to thank Emil Bay for making his work on BLAKE2b test vectors available.
- RFC-7693: The BLAKE2 Cryptographic Hash and Message Authentication Code (MAC)
- BLAKE2: Simpler, Smaller, Fast as MD5
- EIP-152: Add BLAKE2 compression function
Fprecompile
blake2b-solidity is released under the MIT License.