Poly1305

E43495

MAC algorithm cryptographic algorithm message authentication code

Poly1305 is a high-speed message authentication code (MAC) algorithm commonly used with stream ciphers like ChaCha20 to provide data integrity and authenticity.

Jump to: Surface forms Statements Referenced by

Observed surface forms (4)

Surface form	Occurrences
CHACHA20-POLY1305	1
ChaCha20-Poly1305	1
Poly1305 MAC by Daniel J. Bernstein	1
Poly1305 message authentication code	1

Statements (49)

Predicate	Object
instanceOf	MAC algorithm ⓘ cryptographic algorithm ⓘ message authentication code ⓘ
advantageOverHMAC	higher speed in software on many platforms ⓘ
basedOn	polynomial evaluation modulo a prime ⓘ
belongsToFamily	Carter–Wegman MACs ⓘ
blockSizeBytes	16 ⓘ
category	one-time MAC ⓘ
combinedAsAEADWith	AES in CTR mode ⓘ ChaCha20 ⓘ
combinedConstruction	AES-Poly1305 ⓘ ChaCha20 ⓘ surface form: ChaCha20-Poly1305
comparedTo	HMAC ⓘ
definedOver	prime field modulo 2^130-5 ⓘ
designedBy	Daniel J. Bernstein ⓘ
designProperty	constant-time implementation possible ⓘ high-speed in software ⓘ provable security under standard assumptions ⓘ
implementationLanguage	C ⓘ assembly ⓘ
introducedInYear	2004 ⓘ
oftenUsedWith	Advanced Encryption Standard ⓘ surface form: AES ChaCha20 ⓘ Salsa20 ⓘ
outputSizeBits	128 ⓘ
requires	one-time key ⓘ unique nonce per key ⓘ
securityAssumption	computational hardness of forging MAC without key ⓘ
securityGoal	data integrity ⓘ data origin authentication ⓘ message authentication ⓘ
standardizedBy	Internet Engineering Task Force ⓘ surface form: IETF
standardizedIn	RFC 8439 ⓘ surface form: RFC 7539 RFC 7539 ⓘ surface form: RFC 7905 RFC 8439 ⓘ
suitableFor	AEAD constructions ⓘ high-performance network protocols ⓘ
typicalKeySizeBits	256 ⓘ
usedBy	BoringSSL ⓘ OpenSSL ⓘ libsodium ⓘ
usedIn	IPsec ⓘ QUIC ⓘ SSH ⓘ TLS ⓘ
usesOperation	modular arithmetic ⓘ polynomial hash ⓘ
vulnerabilityIfMisused	key reuse across messages ⓘ nonce reuse with same key ⓘ

Referenced by (9)

Full triples — surface form annotated when it differs from this entity's canonical label.

ChaCha20 → AEADName → Poly1305 ⓘ

this entity surface form: ChaCha20-Poly1305

ChaCha20 → IANAName → Poly1305 ⓘ

this entity surface form: CHACHA20-POLY1305

RFC 7539 → basedOn → Poly1305 ⓘ

this entity surface form: Poly1305 MAC by Daniel J. Bernstein

RFC 7539 → defines → Poly1305 ⓘ

RFC 8439 → defines → Poly1305 ⓘ

ChaCha20 → formsAEADWith → Poly1305 ⓘ

Daniel J. Bernstein → notableWork → Poly1305 ⓘ

ChaCha20 → specifiedWith → Poly1305 ⓘ

RFC 7539 → specifies → Poly1305 ⓘ

this entity surface form: Poly1305 message authentication code