- Poly1305-AES
Poly1305-AES is a cryptographic
message authentication code (MAC) written byDaniel J. Bernstein . As such, it may be used to simultaneously verify both the "data integrity " and the "authenticity" of amessage .Description
Poly1305-AES computes a 128-bit (16 bytes) authenticator of a variable-length message, using a 128-bit AES key, a 106-bit additional key, and a 128-bit nonce. The name is derived from the use of the
prime number 2130 - 5 and theAdvanced Encryption Standard .ecurity
The security of Poly1305-AES is very close to the underlying AES block cipher algorithm. As a result, the only way for an attacker to break Poly1305-AES is to break AES.
:"For instance, assuming that messages are packets up to 1024 bytes; that the attacker sees messages authenticated under a Poly1305-AES key; that the attacker attempts a whopping forgeries; and that the attacker cannot break AES with probability above ; then, with probability at least , all the are rejected" [http://cr.yp.to/mac/poly1305-20050329.pdf "The Poly1305-AES message-authentication code"] ,
Daniel J. Bernstein ] .Poly1305-AES offers also cipher replaceability. If anything does go wrong with AES, it can be substituted with identical security guarantee.
peed
Poly1305-AES can be computed at high speed in various CPUs: for an n-byte message, no more than 3.1n+780 Athlon cycles are needed, for example. The author has released optimized implementations for Athlon, Pentium Pro/II/III/M, PowerPC and UltraSPARC, in addition to non-optimized reference implementations in C and
C++ .External links
* [http://cr.yp.to/mac.html "Poly1305-AES"]
* [http://cr.yp.to/mac/poly1305-20050329.pdf "Poly1305-AES paper"] , complete specification, discussion of security bounds and details on implementation.
* [http://cr.yp.to/mac.html#use "Public domain Poly1305 library"]References
Wikimedia Foundation. 2010.
