Secret-key single-message authentication:
Crypto.Saltine.Core.OneTimeAuth
The
auth function authenticates a message
ByteString
using a secret key The function returns an authenticator. The
verify function checks if it's passed a correct authenticator
of a message under the given secret key.
The
auth function, viewed as a function of the message for a
uniform random key, is designed to meet the standard notion of
unforgeability after a single message. After the sender authenticates
one message, an attacker cannot find authenticators for any other
messages.
The sender must not use
auth to authenticate more than one
message under the same key. Authenticators for two messages under the
same key should be expected to reveal enough information to allow
forgeries of authenticators on other messages.
Crypto.Saltine.Core.OneTimeAuth is
crypto_onetimeauth_poly1305, an authenticator specified in
"Cryptography in NaCl" (
http://nacl.cr.yp.to/valid.html),
Section 9. This authenticator is proven to meet the standard notion of
unforgeability after a single message.
This is version 2010.08.30 of the onetimeauth.html web page.