How Poly1305 Works

Message Authentication Codes

Encryption hides data, but it does not protect data from being altered in transit. Without authentication, an attacker could flip random bits in an encrypted file to subtly corrupt your database.

Poly1305 is a Message Authentication Code (MAC) that acts like a tamper-proof seal. It generates an unforgeable cryptographic tag for the ciphertext. Before giovium decrypts anything, it verifies this tag to ensure pristine integrity.

Wegman-Carter Authentication

Poly1305 calculates a polynomial over the finite field 2¹³⁰ - 5. It takes the ciphertext, pairs it with a completely unique one-time authentication key, and computes a 16-byte tag. The math is incredibly efficient on modern 64-bit CPUs.

Everyday Example

Think of Poly1305 as an invisible, tamper-evident wax seal placed tightly over the zipper of a locked bag. The bag is already encrypted (locked), but if a hacker tries to blindly slash the bag while in transit, the wax seal shatters. The receiver instantly knows the bag was messed with and rejects it without even trying to unlock it.

The Deep Mathematics

Poly1305 evaluates a polynomial utilizing an evaluation key 'r' over a prime field where p = 2¹³⁰ - 5. The ciphertext is divided into 16-byte chunks (c₁, c₂, ...). The algorithm computes the accumulation (((c₁ * r) + c₂) * r ...) modulo (2¹³⁰ - 5). This Carter-Wegman MAC construct provides unconditional, information-theoretic authenticity bounded only by the key secrecy.