Poly1305-AES is a cryptographic message authentication code (MAC) written by Daniel J. Bernstein. As such, it may be used to simultaneously verify both the "data integrity" and the "authenticity" of a message.


Poly1305-AES computes a 128-bit (16 bytes) authenticator of a variable-length message, using a 128-bit AES key, a 106-bit additional key, and a 128-bit nonce. The name is derived from the use of the prime number 2130 - 5 and the Advanced Encryption Standard.


The security of Poly1305-AES is very close to the underlying AES block cipher algorithm. As a result, the only way for an attacker to break Poly1305-AES is to break AES.

:"For instance, assuming that messages are packets up to 1024 bytes; that the attacker sees 2^{64} messages authenticated under a Poly1305-AES key; that the attacker attempts a whopping 2^{75} forgeries; and that the attacker cannot break AES with probability above delta; then, with probability at least 0.999999-delta, all the 2^{75} are rejected" [http://cr.yp.to/mac/poly1305-20050329.pdf "The Poly1305-AES message-authentication code"] , Daniel J. Bernstein] .

Poly1305-AES offers also cipher replaceability. If anything does go wrong with AES, it can be substituted with identical security guarantee.


Poly1305-AES can be computed at high speed in various CPUs: for an n-byte message, no more than 3.1n+780 Athlon cycles are needed, for example. The author has released optimized implementations for Athlon, Pentium Pro/II/III/M, PowerPC and UltraSPARC, in addition to non-optimized reference implementations in C and C++.

External links

* [http://cr.yp.to/mac.html "Poly1305-AES"]
* [http://cr.yp.to/mac/poly1305-20050329.pdf "Poly1305-AES paper"] , complete specification, discussion of security bounds and details on implementation.
* [http://cr.yp.to/mac.html#use "Public domain Poly1305 library"]


Wikimedia Foundation. 2010.

Look at other dictionaries:

  • AES — For the Wikipedia feature, see . AES may refer to:;Standards, systems, and methods* Cryptography ** The Advanced Encryption Standard ** Advanced Encryption Standard process, the process used in choosing an algorithm for standardization as AES **… …   Wikipedia

  • Advanced Encryption Standard — (AES), también conocido como Rijndael (pronunciado Rain Doll en inglés), es un esquema de cifrado por bloques adoptado como un estándar de cifrado por el gobierno de los Estados Unidos. El AES fue anunciado por el Instituto Nacional de Estándares …   Wikipedia Español

  • Message authentication code — In cryptography, a message authentication code (often MAC) is a short piece of information used to authenticate a message. A MAC algorithm, sometimes called a keyed (cryptographic) hash function, accepts as input a secret key and an arbitrary… …   Wikipedia

  • NESSIE — For other uses, see Nessie (disambiguation). NESSIE (New European Schemes for Signatures, Integrity and Encryption) was a European research project funded from 2000–2003 to identify secure cryptographic primitives. The project was comparable to… …   Wikipedia

  • VEST — High Level Structure of VEST General Designers Sean O Neil First published June 13, 2005 Cipher deta …   Wikipedia

  • Cryptographic hash function — A cryptographic hash function (specifically, SHA 1) at work. Note that even small changes in the source input (here in the word over ) drastically change the resulting output, by the so called avalanche effect. A cryptographic hash function is a… …   Wikipedia

  • CMAC — This article is about the cyptographic construction. For other uses, see CMAC (disambiguation). In cryptography, CMAC (Cipher based MAC)[1] is a block cipher based message authentication code algorithm. It may be used to provide assurance of the… …   Wikipedia

  • Message authentication code — Contenido 1 Definición 2 Función MAC ideal 3 Propiedad de seguridad de las funciones MAC 4 Tipos de funciones MAC …   Wikipedia Español

  • Daniel J. Bernstein — Daniel Bernstein Born October 29, 1971 (1971 10 29) (age 40) East Patchogue, New York[ …   Wikipedia

  • UMAC — In cryptography, a message authentication code based on universal hashing, or UMAC, is a type of message authentication code (MAC) calculated choosing a hash function from a class of hash functions according to some secret (random) process and… …   Wikipedia