The Poly1305-AES Message-Authentication Code

14 years 5 months ago

Download cr.yp.to

Poly1305-AES is a state-of-the-art message-authentication code suitable for a wide variety of applications. Poly1305-AES computes a 16-byte authenticator of a variable-length message, using a 16-byte AES key, a 16-byte additional key, and a 16-byte nonce. The security of Poly1305-AES is very close to the security of AES; the security gap is at most 14D L/16 /2106 if messages have at most L bytes, the attacker sees at most 264 authenticated messages, and the attacker attempts D forgeries. Poly1305-AES can be computed at extremely high speed: for example, fewer than 3.625( + 170) Athlon cycles for an -byte message. This speed is achieved without precomputation; consequently, 1000 keys can be handled simultaneously without cache misses. Special-purpose hardware can compute Poly1305-AES at even higher speed. Poly1305AES is parallelizable, incremental, and not subject to any intellectualproperty claims.

Daniel J. Bernstein

Real-time Traffic

16-byte Additional Key | Cryptography | FSE 2005 | Poly1305-AES | State-of-the-art Message-authentication Code |

claim paper

Post Info
More Details (n/a)

Added	27 Jun 2010
Updated	27 Jun 2010
Type	Conference
Year	2005
Where	FSE
Authors	Daniel J. Bernstein

Comments (0)

Sciweavers

The Poly1305-AES Message-Authentication Code

16-byte Additional Key | Cryptography | FSE 2005 | Poly1305-AES | State-of-the-art Message-authentication Code |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers