On Fri, 24 Jan 2025 at 21:54, Tim Düsterhus <t...@bastelstu.be> wrote: > > Hi > > (Hans, apologies for the duplicate copy, I accidentally did not send the > first reply to the list) > > Am 2025-01-24 20:39, schrieb Hans Henrik Bergan: > > Can we add the BLAKE3 hash? > > > > Created a PR here: https://github.com/php/php-src/pull/13194 > > Created a RFC draft here: https://wiki.php.net/rfc/blake3 > > > > BLAKE3 is a cryptographic hash function based on the SHA3-finalist > > BLAKE, offering SHA3-256-like security at much higher speed. > > Benchmarks from /ext/hash/bench.php highlight BLAKE3's performance: it > > is over four times faster than SHA3-256 on AMD Ryzen 9 7950x: > > https://wiki.php.net/_detail/rfc/output_5_.png > > Thank you for your RFC. I'm a little confused by the benchmark results. > According to > https://www.amd.com/de/products/processors/desktops/ryzen/7000-series/amd-ryzen-9-7950x.html, > the Ryzen 9 7950x should support SHA-NI, which should make SHA-256 much > faster than SHA-1. On my i7-1365U I get SHA-256 results that are > competitive with BLAKE3 and with SHA-256 being a well-established > algorithm, the benefit of having BLAKE3 becomes much smaller when also > considering that will likely remain under much less scrunity of the > cryptographic community.
BLAKE3 keeping up with dedicated SHA CPU instructions (i.e SHA-NI) is impressive. ARM is getting more and more common, and I don't think ARM has SHA instructions (yet?) tho. BLAKE3 offers security superior to SHA2 and comparable to SHA3, among the 3, only SHA2 is vulnerable to length extension attacks. > blake3 0.010877 > sha3-256 0.052112 On your system, it seems BLAKE3 is 4.7 times (almost 5 times?) faster than sha3-256, interesting. > Is your benchmark perhaps not reflecting the latest changes with PHP > 8.4? SHA-NI support was added in > https://github.com/php/php-src/pull/15152. ah yes, the benchmarks is from commit https://github.com/php/php-src/pull/13194/commits/187c8e96383bf3b792c45a4769c6f795db0e86a6 dating to 19 january 2024 (the benchmark is in the commit message), 6 months prior to https://github.com/php/php-src/pull/15152 ... I tried getting BLAKE3 added back in january 2024, but ran out of steam. > As for the RFC itself: I suggest to already add the (closed) voting > doodle to the proposed voting choices section. The way the section is > currently worded doesn't make sense, because it implies two distinct > votes. like this I guess: <doodle title="Integrate BLAKE3?" auth="divinity76" voteType="single" closed="true"> * Yes * No </doodle> added.
