Poly1305-AES

From Wikipedia, the free encyclopedia

Poly1305-AES is a cryptographic message authentication code (MAC) written by Daniel J. Bernstein. As such, it may be used to simultaneously verify both the data integrity and the authenticity of a message.

1 Description
2 Security
3 Speed
4 External links
5 References

[edit] Description

Poly1305-AES computes a 16-byte authenticator of a variable-length message, using a 16-byte AES key, a 16-byte additional key, and a 16-byte nonce. The name is derived from the use of the prime number 2¹³⁰ - 5 and the Advanced Encryption Standard. Since it uses a 130 bit prime, and works on 16 byte (128 bit) portions of message data, the algorithm works best when used with an bignum package, such as the GNU Multi-Precision Library used in most of the sample code provided by the author.

[edit] Security

The security of Poly1305-AES is very close to the underlying AES block cipher algorithm. As a result, the only way for an attacker to break Poly1305-AES is to break AES.

For instance, assuming that messages are packets up to 1024 bytes; that the attacker sees $264$ messages authenticated under a Poly1305-AES key; that the attacker attempts a whopping $275$ forgeries; and that the attacker cannot break AES with probability above $δ$ ; then, with probability at least $0.999999 - δ$ , all the $275$ are rejected^[1].

Poly1305-AES offers also cipher replaceability. If anything does go wrong with AES, it can be substituted with identical security guarantee.

[edit] Speed

Poly1305-AES can be computed at high speed in various CPUs: for an n-byte message, no more than 3.1n+780 Athlon cyles are needed^[1], for example. The author has released optimized implementations for Athlon, Pentium Pro/II/III/M, PowerPC and UltraSPARC, in addition to non-optimized reference implementations in C and C++.

[edit] External links

Poly1305-AES
Poly1305-AES paper, complete specification, discussion of security bounds and details on implementation.
Public domain Poly1305 library

[edit] References

^ ^a ^b The Poly1305-AES message-authentication code, Daniel J. Bernstein

This cryptography-related article is a stub. You can help Wikipedia by expanding it.

Cryptographic hash functions and Message authentication codes (MACs) v • d • e
Hash algorithms: Gost-Hash \| HAS-160 \| HAS-V \| HAVAL \| MDC-2 \| MD2 \| MD4 \| MD5 \| N-Hash \| RadioGatún \| RIPEMD \| SHA family \| Snefru \| Tiger \| VEST \| WHIRLPOOL \| crypt(3) DES
MAC algorithms: DAA \| CBC-MAC \| HMAC \| OMAC/CMAC \| PMAC \| UMAC \| Poly1305-AES \| VEST
Authenticated encryption modes: CCM \| EAX \| GCM \| OCB \| VEST Attacks: Birthday attack \| Collision attack \| Preimage attack \| Rainbow table \| Brute force attack
Standardization: CRYPTREC \| NESSIE Misc: Avalanche effect \| Hash collision \| Hash functions based on block ciphers
Cryptography v • d • e
History of cryptography \| Cryptanalysis \| Cryptography portal \| Topics in cryptography
Symmetric-key algorithm \| Block cipher \| Stream cipher \| Public-key cryptography \| Cryptographic hash function \| Message authentication code \| Random numbers