> He's saying it is a property cryptographic hash functions must have that they are constant time, constant power.
It's a little unclear whether rurban was saying that they must have this property, or merely that they do have it. But that is neither here nor there because...
> each round of Blake3 is constant-time
That is not the same thing as the entire algorithm being constant-time.
This whole thread has turned into a horrible mess.
Yes, all else being equal, constant time/power is nice to have. But the only circumstance under which it is necessary is if you are processing secret data in a situation where an adversary can potentially observe side channels. But this is true for any algorithm, not just hashes. Furthermore, most common application of hashing a secret is password hashing, and there is is much more important that the hash be expensive than that it be constant time and power.
But Blake3 is not a password hash. It can be used as a component of a password hash, and there its constant-round time becomes a useful property. But to emphasize this in the context in which rurban's comment appears is at best badly misleading.
It's a little unclear whether rurban was saying that they must have this property, or merely that they do have it. But that is neither here nor there because...
> each round of Blake3 is constant-time
That is not the same thing as the entire algorithm being constant-time.
This whole thread has turned into a horrible mess.
Yes, all else being equal, constant time/power is nice to have. But the only circumstance under which it is necessary is if you are processing secret data in a situation where an adversary can potentially observe side channels. But this is true for any algorithm, not just hashes. Furthermore, most common application of hashing a secret is password hashing, and there is is much more important that the hash be expensive than that it be constant time and power.
But Blake3 is not a password hash. It can be used as a component of a password hash, and there its constant-round time becomes a useful property. But to emphasize this in the context in which rurban's comment appears is at best badly misleading.