Poly1305
/ˌpɒliˈwʌn-θɜːrtiː-fʌɪv/
n. “A tiny guardian watching every bit.”
Poly1305 is a cryptographic message authentication code (MAC) algorithm created by Daniel J. Bernstein, designed to verify the integrity and authenticity of a message. Unlike encryption algorithms that hide the content, Poly1305 ensures that data has not been tampered with, acting as a digital seal that can detect even a single-bit change in a message.
Its design is simple but effective. Poly1305 treats messages as sequences of numbers and applies modular arithmetic over a large prime (2^130−5, hence the name). The resulting tag, typically 16 bytes long, is unique to the message and the secret key. Any alteration of the message results in a tag mismatch, instantly flagging tampering.
In practice, Poly1305 is rarely used in isolation. It is most commonly paired with the ChaCha20 stream cipher to form the ChaCha20-Poly1305 AEAD (Authenticated Encryption with Associated Data) construction. Here, ChaCha20 encrypts the content, while Poly1305 generates a tag to verify its authenticity. This combination provides both confidentiality and integrity simultaneously, a critical requirement for secure communications like TLS or WireGuard tunnels.
One of the standout features of Poly1305 is speed. It is optimized for modern CPUs, using simple arithmetic operations that minimize timing variability. This makes it highly resistant to side-channel attacks, a common pitfall for MAC algorithms on less carefully designed systems. Its efficiency has made it a staple in mobile and embedded applications where performance matters.
For developers, using Poly1305 correctly requires a unique key for each message. Reusing the same key for multiple messages can compromise security. Fortunately, in the typical ChaCha20-Poly1305 construction, ChaCha20 generates per-message keys, eliminating this risk.
Imagine sending a sensitive configuration file across an insecure network. Without a MAC, you wouldn’t know if it had been modified. With Poly1305, the recipient can instantly verify that the file arrived exactly as sent. Any attempt to tamper with the data — accidental or malicious — will be immediately detectable.
Poly1305 does not encrypt. It does not hide. It observes. It ensures that the message you trust is indeed the message you receive. Paired with an encryption layer like ChaCha20 or AES, it forms a complete, robust security envelope suitable for modern networking, storage, and communication applications.
In short, Poly1305 is the unsung sentinel of cryptography: small, fast, reliable, and essential whenever authenticity matters.