Poly1305-AES

Poly1305-AES is a cryptographic message authentication code (MAC) written by Daniel J. Bernstein. It can be used to verify the data integrity and the authenticity of a message.

Description

Poly1305-AES computes a 128-bit (16 bytes) authenticator of a variable-length message, using a 128-bit AES key, a 106-bit additional key, and a 128-bit nonce. The name is derived from the use of the prime number 2¹³⁰−5 and the Advanced Encryption Standard.

↑Jump back a section

Security

The security of Poly1305-AES is very close to the underlying AES block cipher algorithm. As a result, the only way for an attacker to break Poly1305-AES is to break AES.

For instance, assuming that messages are packets up to 1024 bytes; that the attacker sees $2^{64}$ messages authenticated under a Poly1305-AES key; that the attacker attempts a whopping $2^{75}$ forgeries; and that the attacker cannot break AES with probability above $\delta$ ; then, with probability at least $0.999999-\delta$ , all the $2^{75}$ are rejected.^[1]

Poly1305-AES offers also cipher replaceability. If anything does go wrong with AES, it can be substituted with identical security guarantee.

↑Jump back a section

Speed

Poly1305-AES can be computed at high speed in various CPUs: for an n-byte message, no more than 3.1n+780 Athlon cycles are needed,^[1] for example. The author has released optimized implementations for Athlon, Pentium Pro/II/III/M, PowerPC and UltraSPARC, in addition to non-optimized reference implementations in C and C++.

↑Jump back a section

References

^ ^a ^b The Poly1305-AES message-authentication code, Daniel J. Bernstein

↑Jump back a section

External links

Poly1305-AES
Poly1305-AES paper, complete specification, discussion of security bounds and details on implementation.
Public domain Poly1305 library

v t e Cryptographic hash functions and message authentication codes (MACs)

Common functions	MD5 SHA-1 SHA-2 SHA-3/Keccak

Functions	FSB ECOH GOST HAS-160 HAVAL LM hash MDC-2 MD2 MD4 MD6 N-Hash RadioGatún RIPEMD Snefru SWIFFT Tiger VSH WHIRLPOOL crypt(3) (DES)

SHA-3 finalists	BLAKE Grøstl JH Skein

MAC algorithms	DAA CBC-MAC HMAC OMAC/CMAC PMAC VMAC UMAC Poly1305-AES

Authenticated encryption modes	CCM CWC EAX GCM IAPM OCB

Attacks	Collision attack Preimage attack Birthday attack Brute force attack Rainbow table Distinguishing attack Side-channel attack

Misc.	Avalanche effect Hash collision Merkle–Damgård construction Salt Security summary

Standardization	CRYPTREC NESSIE NIST hash function competition

v t e Cryptography

History of cryptography Cryptanalysis Cryptography portal Outline of cryptography

Symmetric-key algorithm Block cipher Stream cipher Public-key cryptography Cryptographic hash function Message authentication code Random numbers Steganography

This cryptography-related article is a stub. You can help Wikipedia by expanding it.

↑Jump back a section

Last modified on 9 October 2012, at 11:04