Poly1305-AES
Encyclopedia
Poly1305-AES is a cryptographic
message authentication code
(MAC) written by Daniel J. Bernstein
. It can be used to verify the data integrity
and the authenticity of a message
.
. The name is derived from the use of the prime number
2130 - 5 and the Advanced Encryption Standard
.
Poly1305-AES offers also cipher replaceability. If anything does go wrong with AES, it can be substituted with identical security guarantee.
The author has released optimized implementations for Athlon, Pentium Pro/II/III/M, PowerPC and UltraSPARC, in addition to non-optimized reference implementations in C
and C++
.
Cryptography
Cryptography is the practice and study of techniques for secure communication in the presence of third parties...
message authentication code
Message authentication code
In cryptography, a message authentication code is a short piece of information used to authenticate a message.A MAC algorithm, sometimes called a keyed hash function, accepts as input a secret key and an arbitrary-length message to be authenticated, and outputs a MAC...
(MAC) written by Daniel J. Bernstein
Daniel J. Bernstein
Daniel Julius Bernstein is a mathematician, cryptologist, programmer, and professor of mathematics at the University of Illinois at Chicago...
. It can be used to verify the data integrity
Data integrity
Data Integrity in its broadest meaning refers to the trustworthiness of system resources over their entire life cycle. In more analytic terms, it is "the representational faithfulness of information to the true state of the object that the information represents, where representational faithfulness...
and the authenticity of a message
Message
A message in its most general meaning is an object of communication. It is a vessel which provides information. Yet, it can also be this information. Therefore, its meaning is dependent upon the context in which it is used; the term may apply to both the information and its form...
.
Description
Poly1305-AES computes a 128-bit (16 bytes) authenticator of a variable-length message, using a 128-bit AES key, a 106-bit additional key, and a 128-bit nonceCryptographic nonce
In security engineering, nonce is an arbitrary number used only once to sign a cryptographic communication. It is similar in spirit to a nonce word, hence the name. It is often a random or pseudo-random number issued in an authentication protocol to ensure that old communications cannot be reused...
. The name is derived from the use of the prime number
Prime number
A prime number is a natural number greater than 1 that has no positive divisors other than 1 and itself. A natural number greater than 1 that is not a prime number is called a composite number. For example 5 is prime, as only 1 and 5 divide it, whereas 6 is composite, since it has the divisors 2...
2130 - 5 and the Advanced Encryption Standard
Advanced Encryption Standard
Advanced Encryption Standard is a specification for the encryption of electronic data. It has been adopted by the U.S. government and is now used worldwide. It supersedes DES...
.
Security
The security of Poly1305-AES is very close to the underlying AES block cipher algorithm. As a result, the only way for an attacker to break Poly1305-AES is to break AES.- For instance, assuming that messages are packets up to 1024 bytes; that the attacker sees messages authenticated under a Poly1305-AES key; that the attacker attempts a whopping forgeries; and that the attacker cannot break AES with probability above ; then, with probability at least , all the are rejected.
Poly1305-AES offers also cipher replaceability. If anything does go wrong with AES, it can be substituted with identical security guarantee.
Speed
Poly1305-AES can be computed at high speed in various CPUs: for an n-byte message, no more than 3.1n+780 Athlon cycles are needed, for example.The author has released optimized implementations for Athlon, Pentium Pro/II/III/M, PowerPC and UltraSPARC, in addition to non-optimized reference implementations in C
C (programming language)
C is a general-purpose computer programming language developed between 1969 and 1973 by Dennis Ritchie at the Bell Telephone Laboratories for use with the Unix operating system....
and C++
C++
C++ is a statically typed, free-form, multi-paradigm, compiled, general-purpose programming language. It is regarded as an intermediate-level language, as it comprises a combination of both high-level and low-level language features. It was developed by Bjarne Stroustrup starting in 1979 at Bell...
.
External links
- Poly1305-AES
- Poly1305-AES paper, complete specification, discussion of security bounds and details on implementation.
- Public domain Poly1305 library