Are you an EPFL student looking for a semester project?
Work with us on data science and visualisation projects, and deploy your project as an app on top of Graph Search.
Concept
Poly1305
Summary
Poly1305 is a universal hash family designed by Daniel J. Bernstein for use in cryptography.
As with any universal hash family, Poly1305 can be used as a one-time message authentication code to authenticate a single message using a key shared between sender and recipient,
like a one-time pad can be used to conceal the content of a single message using a key shared between sender and recipient.
Originally Poly1305 was proposed as part of Poly1305-AES,
a Carter–Wegman authenticator
that combines the Poly1305 hash with AES-128 to authenticate many messages using a single short key and distinct message numbers.
Poly1305 was later applied with a single-use key generated for each message using XSalsa20 in the NaCl crypto_secretbox_xsalsa20poly1305 authenticated cipher,
and then using ChaCha in the ChaCha20-Poly1305 authenticated cipher
deployed in TLS on the internet.
Poly1305 takes a 16-byte secret key and an -byte message and returns a 16-byte hash .
To do this, Poly1305:
Interprets as a little-endian 16-byte integer.
Breaks the message into consecutive 16-byte chunks.
Interprets the 16-byte chunks as 17-byte little-endian integers by appending a 1 byte to every 16-byte chunk, to be used as coefficients of a polynomial.
Evaluates the polynomial at the point modulo the prime .
Reduces the result modulo encoded in little-endian return a 16-byte hash.
The coefficients of the polynomial , where , are:
with the exception that, if , then:
The secret key is restricted to have the bytes , i.e., to have their top four bits clear; and to have the bytes , i.e., to have their bottom two bits clear.
Thus there are distinct possible values of .
If is a secret 16-byte string interpreted as a little-endian integer, then
is called the authenticator for the message .
If a sender and recipient share the 32-byte secret key in advance, chosen uniformly at random, then the sender can transmit an authenticated message .
Official source
About this result
This page is automatically generated and may contain information that is not correct, complete, up-to-date, or relevant to your search query. The same applies to every other page on this website. Please make sure to verify the information with EPFL's official sources.