Skip to content

ppad-tech/poly1305

BranchesTags

Repository files navigation

poly1305

A pure Haskell implementation of the Poly1305 message authentication code as specified by RFC8439.

Usage

A sample GHCi session:

  > :set -XOverloadedStrings
  >
  > -- import qualified
  > import qualified Crypto.MAC.Poly1305 as Poly1305
  >
  > -- produce a MAC for a message using a secret one-time key
  > let key = "i'll never use this key again!!!"
  > let msg = "i am a message that is in need of authentication"
  > Poly1305.mac key msg
  Just "\247\247\GSZ^\140\168\r\177\197\242\182b#\210g"

Documentation

Haddocks (API documentation, etc.) are hosted at docs.ppad.tech/poly1305.

Performance

The aim is best-in-class performance for pure Haskell code.

Current benchmark figures on the simple "sunscreen input" from RFC8439 on an M4 Silicon MacBook Air look like (use cabal bench to run the benchmark suite):

  benchmarking ppad-poly1305/mac (big key)
  time                 125.1 ns   (124.9 ns .. 125.4 ns)
                       1.000 R²   (1.000 R² .. 1.000 R²)
  mean                 125.4 ns   (125.0 ns .. 126.2 ns)
  std dev              1.530 ns   (216.3 ps .. 2.693 ns)

Security

This library aims at the maximum security achievable in a garbage-collected language under an optimizing compiler such as GHC, in which strict constant-timeness can be challenging to achieve.

The Poly1305 MAC function and its internals pass all official test vectors in RFC8439, and the downstream AEAD-ChaCha20-Poly1305 implementation in ppad-aead passes all the Project Wycheproof vectors.

Fixed-width words and constant-time primitives are supplied by ppad-fixed. Criterion benchmarks provide sanity checks of constant-time execution:

  benchmarking ppad-poly1305/mac (small key)
  time                 125.1 ns   (124.9 ns .. 125.4 ns)
                       1.000 R²   (1.000 R² .. 1.000 R²)
  mean                 125.1 ns   (125.0 ns .. 125.4 ns)
  std dev              524.6 ps   (180.6 ps .. 1.132 ns)

  benchmarking ppad-poly1305/mac (mid key)
  time                 125.2 ns   (124.9 ns .. 125.4 ns)
                       1.000 R²   (1.000 R² .. 1.000 R²)
  mean                 125.1 ns   (125.1 ns .. 125.3 ns)
  std dev              441.3 ps   (195.0 ps .. 755.1 ps)

  benchmarking ppad-poly1305/mac (big key)
  time                 125.1 ns   (124.9 ns .. 125.4 ns)
                       1.000 R²   (1.000 R² .. 1.000 R²)
  mean                 125.4 ns   (125.0 ns .. 126.2 ns)
  std dev              1.530 ns   (216.3 ps .. 2.693 ns)
  variance introduced by outliers: 12% (moderately inflated)

If you discover any vulnerabilities, please disclose them via security@ppad.tech.

Development

You'll require Nix with flake support enabled. Enter a development shell with:

$ nix develop

Then do e.g.:

$ cabal repl ppad-poly1305

to get a REPL for the main library.

About

The Poly1305 message authentication code

Topics

mac haskell cryptography poly1305

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

5 tags

Packages

No packages published

Languages