Francais | English | Espanõl

From Wikipedia, the free encyclopedia

Poly1305-AES is a cryptographic message authentication code (MAC) written by Daniel J. Bernstein. As such, it may be used to simultaneously verify both the data integrity and the authenticity of a message.

Contents 1 Description 2 Security 3 Speed 4 External links 5 References

[edit] Description

Poly1305-AES computes a 16-byte authenticator of a variable-length message, using a 16-byte AES key, a 16-byte additional key, and a 16-byte nonce. The name is derived from the use of the prime number 2¹³⁰ - 5 and the Advanced Encryption Standard. Since it uses a 130 bit prime, and works on 16 byte (128 bit) portions of message data, the algorithm works best when used with an bignum package, such as the GNU Multi-Precision Library used in most of the sample code provided by the author.

[edit] Security

The security of Poly1305-AES is very close to the underlying AES block cipher algorithm. As a result, the only way for an attacker to break Poly1305-AES is to break AES.

For instance, assuming that messages are packets up to 1024 bytes; that the attacker sees <math>2^{64}</math> messages authenticated under a Poly1305-AES key; that the attacker attempts a whopping <math>2^{75}</math> forgeries; and that the attacker cannot break AES with probability above <math>\delta</math>; then, with probability at least <math>0.999999-\delta</math>, all the <math>2^{75}</math> are rejected<ref name=paper>The Poly1305-AES message-authentication code, Daniel J. Bernstein</ref>.

Poly1305-AES offers also cipher replaceability. If anything does go wrong with AES, it can be substituted with identical security guarantee.

[edit] Speed

Poly1305-AES can be computed at high speed in various CPUs: for an n-byte message, no more than 3.1n+780 Athlon cyles are needed<ref name=paper/>, for example. The author has released optimized implementations for Athlon, Pentium Pro/II/III/M, PowerPC and UltraSPARC, in addition to non-optimized reference implementations in C and C++.

[edit] External links

• Poly1305-AES
• Poly1305-AES paper, complete specification, discussion of security bounds and details on implementation.
• Public domain Poly1305 library

[edit] References

<references />

Cryptographic hash functions and Message authentication codes (MACs) v • d • e</div></span>
Hash algorithms: Gost-Hash | HAS-160 | HAVAL | MDC-2 | MD2 | MD4 | MD5 | N-Hash | RIPEMD | SHA family | Snefru | Tiger | VEST | WHIRLPOOL | crypt(3) DES
MAC algorithms: Data Authentication Code | CBC-MAC | HMAC | OMAC/CMAC | PMAC | UMAC | Poly1305-AES | VEST
Authenticated encryption modes: CCM | EAX | GCM | OCB | VEST   Attacks: Birthday attack | Collision attack | Preimage attack | Brute force attack
Standardization: CRYPTREC | NESSIE   Misc: Avalanche effect | Hash collision | Hash functions based on block ciphers
Cryptography v • d • e</div>
History of cryptography | Cryptanalysis | Cryptography portal | Topics in cryptography
Symmetric-key algorithm | Block cipher | Stream cipher | Public-key cryptography | Cryptographic hash function | Message authentication code | Random numbers