This is a comprehensive description of the cryptographic hash function BLAKE, one of the five final contenders in the NIST SHA3 competition, and of BLAKE2, an improved version popular among developers. It describes how BLAKE was designed and why BLAKE2 was developed, and it offers guidelines on implementing and using BLAKE, with a focus on software implementation.

In the first two chapters, the authors offer a short introduction to cryptographic hashing, the SHA3 competition and BLAKE. They review applications of cryptographic hashing, they describe some basic notions such as security definitions and state-of-the-art collision search methods and they present SHA1, SHA2 and the SHA3 finalists. In the chapters that follow, the authors give a complete description of the four instances BLAKE-256, BLAKE-512, BLAKE-224 and BLAKE-384; they describe applications of BLAKE, including simple hashing with or without a salt and HMAC and PBKDF2 constructions; they review implementation techniques, from portable C and Python to AVR assembly and vectorized code using SIMD CPU instructions; they describe BLAKEs properties with respect to hardware design for implementation in ASICs or FPGAs; they explain BLAKE's design rationale in detail, from NISTs requirements to the choice of internal parameters; they summarize the known security properties of BLAKE and describe the best attacks on reduced or modified variants; and they present BLAKE2, the successor of BLAKE, starting with motivations and also covering its performance and security aspects. The book concludes with detailed test vectors, a reference portable C implementation of BLAKE, and a list of third-party software implementations of BLAKE and BLAKE2.

The book is oriented towards practice engineering and craftsmanship rather than theory. It is suitable for developers, engineers and security professionals engaged with BLAKE and cryptographic hashing in general and for applied cryptographyresearchers and students who need a consolidated reference and a detailed description of the design process, or guidelines on how to design a cryptographic algorithm.

Dr. Jean-Philippe Aumasson received his Ph.D. from EPFL (Lausanne) in 2009. He is principal cryptographer at Kudelski Security, part of the Kudelski group, in Switzerland. He has co-authored more than 30 research papers in the field of symmetric cryptography and cryptanalysis and regularly talks at security and hacking conferences.

Prof.-Dr. Willi Meier received his Ph.D. in Mathematics from ETH Zürich in 1975. He has been a professor of mathematics and computer science at the University of Applied Sciences, Northwestern Switzerland in Windisch since 1985. His current research interests include the analysis and design of cryptographic primitives such as stream ciphers and hash functions.

Prof. Raphael Phan received his Ph.D. from the Multimedia University (MMU) in 2005. He held academic positions at UK, Swiss and Australian universities before becoming professor of security engineering at MMU in 2012. He has served in the technical program committees of over 100 security conferences. His research interests include security, privacy and cryptology and more recently dark side cryptography and subtleness recognition.

Dr. Luca Henzen received his Ph.D. from ETH Zürich in 2007. He works for UBS AG, Switzerland. His research interests include the design of VLSI circuits for cryptographic applications and low-power systems.