[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [saag] Re: [Cfrg] Re: universal MACs

To: saag at mit.edu, cfrg at ietf.org
Subject: Re: [saag] Re: [Cfrg] Re: universal MACs
From: "D. J. Bernstein" <djb at cr.yp.to>
Date: 18 Feb 2005 22:09:26 -0000
Automatic-legal-notices: See http://cr.yp.to/mailcopyright.html.
List-help: <mailto:cfrg-request@ietf.org?subject=help>
List-id: Crypto Forum Research Group <cfrg.ietf.org>
List-post: <mailto:cfrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=unsubscribe>
References: <151A63B4E33B4F49896AC6D1BA788A6E15C57F@EXCHVS2.louisville.stortek.com> <20040926155422.1F55F1AE84@berkshire.research.att.com> <20040926195031.59299.qmail@cr.yp.to> <B382BA62-28D7-11D9-8709-0003935495EC@cisco.com> <20041102205520.89918.qmail@cr.yp.to> <20050114065836.57336.qmail@cr.yp.to>
Sender: cfrg-bounces at ietf.org

I wrote, a month ago:
> As a followup: The Poly1305-AES paper will appear in the Fast Software
> Encryption 2005 proceedings. Today I've posted http://cr.yp.to/mac.html
> with C API details, a reference implementation, and some tests.

As a further followup: I've posted my poly1305aes library, a very fast
public-domain implementation of Poly1305-AES, including tuning for the
Athlon, Pentium, PowerPC, and UltraSPARC. Sample timings:

   Poly1305(16-byte message): 693 Athlon cycles
   HMAC-MD5(16-byte message): openssl speed hmac says ~2700 Athlon cycles
   Poly1305(16-byte message): 800 UltraSPARC-III cycles
   HMAC-MD5(16-byte message): ~2200 UltraSPARC-III cycles
   Poly1305(1024-byte message): 3824 Athlon cycles
   HMAC-MD5(1024-byte message): ~12400 Athlon cycles
   Poly1305(1024-byte message): 5541 UltraSPARC-III cycles
   HMAC-MD5(1024-byte message): ~8600 UltraSPARC-III cycles

You can find the library at http://cr.yp.to/mac.html, along with
comprehensive benchmarks. If you're interested in further announcements,
join the poly1305 mailing list.

I should note that the library includes new AES code that achieves
state-of-the-art speed while resisting L1-cache timing attacks. The code
is limited to the case I care about in Poly1305-AES (no precomputation,
no decryption) but should still be of interest to other AES users. It
might even reduce my speed advantage over other secure CW MACs. :-)

---D. J. Bernstein, Associate Professor, Department of Mathematics,
Statistics, and Computer Science, University of Illinois at Chicago

_______________________________________________
Cfrg mailing list
Cfrg at ietf.org
https://www1.ietf.org/mailman/listinfo/cfrg

References:
- [Cfrg] Re: [saag] Bad day at the hash function factory
  - From: Hughes, James P
- [Cfrg] Re: [saag] Bad day at the hash function factory
  - From: Steven M. Bellovin
- Re: [Cfrg] Re: [saag] Bad day at the hash function factory
  - From: D. J. Bernstein
- universal MACs [was: Re: [Cfrg] Re: [saag] Bad day at the hash function factory]
  - From: David A. McGrew
- [Cfrg] Re: universal MACs
  - From: D. J. Bernstein
- Re: [Cfrg] Re: universal MACs
  - From: D. J. Bernstein

Prev by Date: [Cfrg] Re: universal MACs
Next by Date: [Cfrg] Fwd: [saag] X.509 certificate collision, via MD5 collisions
Previous by thread: Re: [Cfrg] Re: universal MACs
Next by thread: RE: [Cfrg] Re: [saag] Bad day at the hash function factory
Index(es):
- Date
- Thread