2005 | OriginalPaper | Buchkapitel
The Poly1305-AES Message-Authentication Code
verfasst von : Daniel J. Bernstein
Erschienen in: Fast Software Encryption
Verlag: Springer Berlin Heidelberg
Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
Poly1305-AES is a state-of-the-art message-authentication code suitable for a wide variety of applications. Poly1305-AES computes a 16-byte authenticator of a variable-length message, using a 16-byte AES key, a 16-byte additional key, and a 16-byte nonce. The security of Poly1305-AES is very close to the security of AES; the security gap is at most 14D⌈
L
/16⌉/2
106
if messages have at most
L
bytes, the attacker sees at most 2
64
authenticated messages, and the attacker attempts
D
forgeries. Poly1305-AES can be computed at extremely high speed: for example, fewer than 3.1
l
+ 780 Athlon cycles for an ℓ-byte message. This speed is achieved
without
precomputation; consequently, 1000 keys can be handled simultaneously without cache misses. Special-purpose hardware can compute Poly1305-AES at even higher speed. Poly1305-AES is parallelizable, incremental, and not subject to any intellectual-property claims.