BLAKE4 wishlist #535
Description
Hello and thank you for all the good work on BLAKE3!
I was thinking that it could be great if there was a place to share feedback about those of us who use and deploy BLAKE3, the problems we have and what are our ideas to improve it. I know that BLAKE4 may not even be planned for now, and yet, I hope that the day it will be, it won't have the problems that I'm currently experiencing with BLAKE3.
So here are my initial ideas:
Use the the original ChaCha core
It would be great to be able to reuse ChaCha code between BLAKE4 and ChaCha-based encryption, such as in ChaCha12-BLAKE3. It would enable a entire cryptosystem (hashing, KDF, MAC, encryption...) based on a single core that is widely analyzed, deployed and easy to implement.
256-bit security (512-bit state / output)
While nobody agree on when cryptographically-relevant quantum computers will be available to attackers, the reality is that developers have to answer to bosses that love the word "compliance" and more and more standards and governmental agencies mandate 512-bit hashes to target 256-bit of post-quantum security. Therefore it's harder and harder to deploy BLAKE3 when such things are mandated.
Also, I would love if this issue could be featured so more people could give their feedback and ideas :)