Switch to blake2b for merkle construction

[Harryman]

Its more efficient than sha256 and probably more secure

[das-sein]

Shouldn't we instead optimize for more difficult, intentionally slower and RAM-intense hashing functions like argon2? The merkle tree child inputs are known, and while it may be considered hard now to generate enough inputs to forge a child node, a fast hashing algorithm that uses trivial RAM inherently makes it easier for future attackers to design ASIC arrays to mine for collisions, which would allow them to compromise the merkle tree. Unless there is a consensus protocol in place that will be able to ignore manipulated trees.

[Harryman]

No the merkle trees are there for validation of data, even using the older sha256 algo which is slower and less secure yet we are unable to find collisions even with the entire bitcoin mining power being thrown at it. We want this to be efficient as possible so nodes validating can be as light weight as possible. Ultimately these hashes could be for content addressable storage and sharing of data since it is in a authenticated structure. Even post-quantum most modern hash functions should be secure from cheaply creating collisions.

Even with collisions being possible that would only compromise the integrity of a single leaf node, and even then the original leaf would be widely replicated and more easily accessible than an attacker's collision, also if there are any subsequent state changes that were built off of that leaf the attacker would also have to create collisions for the rest of the state changes.