Poly1305

Poly1305 is a universal hash family designed by Daniel J. Bernstein for use in cryptography.[1]

As with any universal hash family, Poly1305 can be used as a one-time message authentication code to authenticate a single message using a secret key shared between sender and recipient,[2] similar to the way that a one-time pad can be used to conceal the content of a single message using a secret key shared between sender and recipient.

Originally Poly1305 was proposed as part of Poly1305-AES,[3] a Carter–Wegman authenticator[4][5][1] that combines the Poly1305 hash with AES-128 to authenticate many messages using a single short key and distinct message numbers. Poly1305 was later applied with a single-use key generated for each message using XSalsa20 in the NaCl crypto_secretbox_xsalsa20poly1305 authenticated cipher,[6] and then using ChaCha in the ChaCha20-Poly1305 authenticated cipher[7][8][1] deployed in TLS on the internet.[9]

  1. ^ a b c Aumasson, Jean-Philippe (2018). "Chapter 7: Keyed Hashing". Serious Cryptography: A Practical Introduction to Modern Encryption. No Starch Press. pp. 136–138. ISBN 978-1-59327-826-7.
  2. ^ Bernstein, Daniel J. (2008-05-01). "Protecting communications against forgery". In Buhler, Joe; Stevenhagen, Peter (eds.). Algorithmic number theory: lattices, number fields, curves and cryptography. Mathematical Sciences Research Institute Publications. Vol. 44. Cambridge University Press. pp. 535–549. ISBN 978-0521808545. Retrieved 2022-10-14.
  3. ^ Bernstein, Daniel J. (2005-03-29). "The Poly1305-AES message-authentication code". In Gilbert, Henri; Handschuh, Helena (eds.). Fast Software Encryption: 12th international workshop. FSE 2005. Lecture Notes in Computer Science. Paris, France: Springer. doi:10.1007/11502760_3. ISBN 3-540-26541-4. Retrieved 2022-10-14.
  4. ^ Wegman, Mark N.; Carter, J. Lawrence (1981). "New Hash Functions and Their Use in Authentication and Set Equality". Journal of Computer and System Sciences. 22 (3): 265–279. doi:10.1016/0022-0000(81)90033-7.
  5. ^ Boneh, Dan; Shoup, Victor (January 2020). A Graduate Course in Applied Cryptography (PDF) (Version 0.5 ed.). §7.4 The Carter-Wegman MAC, pp. 262–269. Retrieved 2022-10-14.
  6. ^ Bernstein, Daniel J. (2009-03-10). Cryptography in NaCl (Technical report). Document ID: 1ae6a0ecef3073622426b3ee56260d34.
  7. ^ Nir, Y.; Langley, A. (May 2015). ChaCha20 and Poly1305 for IETF Protocols. doi:10.17487/RFC7539. RFC 7539.
  8. ^ Nir, Y.; Langley, A. (June 2018). ChaCha20 and Poly1305 for IETF Protocols. doi:10.17487/RFC8439. RFC 8439.
  9. ^ Langley, A.; Chang, W.; Mavrogiannopoulos, N.; Strombergson, J.; Josefsson, S. (June 2016). ChaCha20-Poly1305 Cipher Suites for Transport Layer Security (TLS). doi:10.17487/RFC7905. RFC 7905.