Results 1  10
of
15
UMAC: Fast and Secure Message Authentication
, 1999
"... Abstract. We describe a message authentication algorithm, UMAC, which can authenticate messages (in software, on contemporary machines) roughly an order of magnitude faster than current practice (e.g., HMACSHA1), and about twice as fast as times previously reported for the universal hashfunction f ..."
Abstract

Cited by 120 (14 self)
 Add to MetaCart
Abstract. We describe a message authentication algorithm, UMAC, which can authenticate messages (in software, on contemporary machines) roughly an order of magnitude faster than current practice (e.g., HMACSHA1), and about twice as fast as times previously reported for the universal hashfunction family MMH. To achieve such speeds, UMAC uses a new universal hashfunction family, NH, and a design which allows effective exploitation of SIMD parallelism. The “cryptographic ” work of UMAC is done using standard primitives of the user’s choice, such as a block cipher or cryptographic hash function; no new heuristic primitives are developed here. Instead, the security of UMAC is rigorously proven, in the sense of giving exact and quantitatively strong results which demonstrate an inability to forge UMACauthenticated messages assuming an inability to break the underlying cryptographic primitive. Unlike conventional, inherently serial MACs, UMAC is parallelizable, and will have everfaster implementation speeds as machines offer up increasing amounts of parallelism. We envision UMAC as a practical algorithm for nextgeneration message authentication. 1
MMH: Software Message Authentication in the Gbit/second Rates
, 1997
"... March, 1997 Abstract We describe a construction of almost universal hash functions suitable for very fast software implementation and applicable to the hashing of variable size data and fast cryptographic message authentication. Our construction uses fast single precision arithmetic which is increa ..."
Abstract

Cited by 52 (3 self)
 Add to MetaCart
March, 1997 Abstract We describe a construction of almost universal hash functions suitable for very fast software implementation and applicable to the hashing of variable size data and fast cryptographic message authentication. Our construction uses fast single precision arithmetic which is increasingly supported by modern processors due to the growing needs for fast arithmetic posed by multimedia applications. We report on handoptimized assembly implementations on a 150 MHz PowerPC 604 and a 150 MHz PentiumPro, which achieve hashing speeds of 350 to 820 Mbit/sec, depending on the desired level of security (or collision probability), and a rate of more than 1 Gbit/sec on a 200 MHz PentiumPro. This represents a significant speedup over current software implementations of universal hashing and other message authentication techniques (e.g., MD5based). Moreover, our construction is specifically designed to take advantage of emerging microprocessor technologies (such as Intel's MMX, ...
The Poly1305AES messageauthentication code
 In Proc. FSE
, 2005
"... Abstract. Poly1305AES is a stateoftheart messageauthentication code suitable for a wide variety of applications. Poly1305AES computes a 16byte authenticator of a variablelength message, using a 16byte AES key, a 16byte additional key, and a 16byte nonce. The security of Poly1305AES is ve ..."
Abstract

Cited by 43 (12 self)
 Add to MetaCart
(Show Context)
Abstract. Poly1305AES is a stateoftheart messageauthentication code suitable for a wide variety of applications. Poly1305AES computes a 16byte authenticator of a variablelength message, using a 16byte AES key, a 16byte additional key, and a 16byte nonce. The security of Poly1305AES is very close to the security of AES; the security gap is at most 14D⌈L/16⌉/2 106 if messages have at most L bytes, the attacker sees at most 2 64 authenticated messages, and the attacker attempts D forgeries. Poly1305AES can be computed at extremely high speed: for example, fewer than 3.625(ℓ + 170) Athlon cycles for an ℓbyte message. This speed is achieved without precomputation; consequently, 1000 keys can be handled simultaneously without cache misses. Specialpurpose hardware can compute Poly1305AES at even higher speed. Poly1305AES is parallelizable, incremental, and not subject to any intellectualproperty claims.
Software performance of universal hash functions
 In Advances in Cryptology — EUROCRYPT ’99
, 1999
"... Abstract. This paper compares the parameters sizes and software performance of several recent constructions for universal hash functions: bucket hashing, polynomial hashing, Toeplitz hashing, division hashing, evaluation hashing, and MMH hashing. An objective comparison between these widely varying ..."
Abstract

Cited by 30 (0 self)
 Add to MetaCart
(Show Context)
Abstract. This paper compares the parameters sizes and software performance of several recent constructions for universal hash functions: bucket hashing, polynomial hashing, Toeplitz hashing, division hashing, evaluation hashing, and MMH hashing. An objective comparison between these widely varying approaches is achieved by defining constructions that offer a comparable security level. It is also demonstrated how the security of these constructions compares favorably to existing MAC algorithms, the security of which is less understood. 1
Bucket Hashing with a Small Key Size
 In Advances in Cryptology – EUROCRYPT ’97 (1997), Lecture Notes in Computer Science
, 1997
"... In this paper we consider very fast evaluation of strongly universal hash functions, or equivalently, authentication codes. We show how it is possible to modify some known families of hash functions into a form such that the evaluation is similar to "bucket hashing", a technique for ve ..."
Abstract

Cited by 13 (0 self)
 Add to MetaCart
(Show Context)
In this paper we consider very fast evaluation of strongly universal hash functions, or equivalently, authentication codes. We show how it is possible to modify some known families of hash functions into a form such that the evaluation is similar to "bucket hashing", a technique for very fast hashing introduced by Rogaway. Rogaway's bucket hash family has a huge key size, which for common parameter choices can be more than a hundred thousand bits. The proposed hash families have a key size that is close to the key size of the theoretically best known constructions, typically a few hundred bits, and the evaluation has a time complexity that is similar to bucket hashing.
Fast universal hashing with small keys and no preprocessing: the PolyR construction
, 2000
"... We describe a universal hashfunction family, PolyR, which hashes messages of effectively arbitrary lengths in 3.96.9 cycles/byte (cpb) on a Pentium II (achieving a collision probability in the range 2 16 2 50 ). Unlike most proposals, PolyR actually hashes short messages faster (per byte) tha ..."
Abstract

Cited by 8 (1 self)
 Add to MetaCart
We describe a universal hashfunction family, PolyR, which hashes messages of effectively arbitrary lengths in 3.96.9 cycles/byte (cpb) on a Pentium II (achieving a collision probability in the range 2 16 2 50 ). Unlike most proposals, PolyR actually hashes short messages faster (per byte) than long ones. At the same time, its key is only a few bytes, the output is only a few bytes, and no "preprocessing" is needed to achieve maximal effciency. Our designs have been strongly influenced by lowlevel considerations relevant to software speed, and experimental results are given throughout.
Message authentication on 64bit architectures
 In Selected Areas in Cryptography: 13th International Workshop, SAC 2006
, 2006
"... Abstract. This paper introduces VMAC, a message authentication algorithm (MAC) optimized for high performance in software on 64bit architectures. On the Athlon 64 processor, VMAC authenticates 2KB cacheresident messages at a cost of about 0.5 CPU cycles per message byte (cpb) — significantly fast ..."
Abstract

Cited by 6 (3 self)
 Add to MetaCart
(Show Context)
Abstract. This paper introduces VMAC, a message authentication algorithm (MAC) optimized for high performance in software on 64bit architectures. On the Athlon 64 processor, VMAC authenticates 2KB cacheresident messages at a cost of about 0.5 CPU cycles per message byte (cpb) — significantly faster than other recent MAC schemes such as UMAC (1.0 cpb) and Poly1305 (3.1 cpb). VMAC is a MAC in the WegmanCarter style, employing a “universal ” hash function VHASH, which is fully developed in this paper. VHASH employs a threestage hashing strategy, and each stage is developed with the goal of optimal performance in 64bit environments.
On Computation of Polynomial Modular Reduction
, 2000
"... In this paper, we consider the problem of efficient computation of polynomial modular reduction: A(x) mod f(x), where f(x) is a monic polynomial of degree n and A(x) is a polynomial of degree not greater than n + t 1; t > 1, both f(x) and A(x) are defined over a commutative ring R with identity. ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
In this paper, we consider the problem of efficient computation of polynomial modular reduction: A(x) mod f(x), where f(x) is a monic polynomial of degree n and A(x) is a polynomial of degree not greater than n + t 1; t > 1, both f(x) and A(x) are defined over a commutative ring R with identity. For given f(x) and the degree n + t 1 of A(x), we present an algorithm to compute this problem in t(w 1) addition operations in R and the same number of multiplication operations in R, where w is the Hamming weight of f(x). Applications of the proposed algorithm to finite field arithmetic are also discussed. Key Word: Polynomial arithmetic, modular operation, finite field arithmetic, complexity. 1. INTRODUCTION The recent advances in public key cryptography, especially elliptic curve cryptography, have rekindled the research in polynomial arithmetic, which is required in many finite field operations. One example is finite field multiplication. Let f(x) be an irreducible polynomial over GF(q) ...
On Computation of Polynomial Modular Reduction
, 2000
"... Abstract In this paper, we consider the problem of efficient computation of polynomial modularreduction: A(x) mod f (x), where f (x) is a monic polynomial of degree n and A(x) is apolynomial of degree not greater than n + t \Gamma 1; t? 1, both f (x) and A(x) are defined overa commutative ring R wit ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract In this paper, we consider the problem of efficient computation of polynomial modularreduction: A(x) mod f (x), where f (x) is a monic polynomial of degree n and A(x) is apolynomial of degree not greater than n + t \Gamma 1; t? 1, both f (x) and A(x) are defined overa commutative ring R with identity. For given f (x) and the degree n + t \Gamma 1 of A(x), wepresent an algorithm to compute this problem in
To be incorporated into author’s Highspeed cryptography book. FLOATINGPOINT ARITHMETIC AND MESSAGE AUTHENTICATION
"... Abstract. There is a wellknown class of message authentication systems guaranteeing that attackers will have a negligible chance of successfully forging a message. This paper shows how one of these systems can hash messages at extremely high speed—much more quickly than previous systems at the same ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. There is a wellknown class of message authentication systems guaranteeing that attackers will have a negligible chance of successfully forging a message. This paper shows how one of these systems can hash messages at extremely high speed—much more quickly than previous systems at the same security level—using IEEE floatingpoint arithmetic. This paper also presents a survey of the literature in a unified mathematical framework. 1.