poly1305

The Poly1305 message authentication code (docs.ppad.tech/poly1305).
git clone git://git.ppad.tech/poly1305.git
Log | Files | Refs | README | LICENSE
commit c00ac95e132e38a84899dd7e34dce2eee81e07b7
parent 30ec265e9cec86d0ac1a50c42ead189d8e2c6821
Author: Jared Tobin <jared@jtobin.io>
Date:   Tue, 11 Mar 2025 10:33:42 +0400

meta: wycheproof note

Diffstat:

MREADME.md | 7+++++--


1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
@@ -56,8 +56,10 @@ which strict constant-timeness can be [challenging to achieve][const].
 Note that *at present* we use GHC's native variable-length Integer type
 internally, and make no guarantees of constant-time execution.
 
-The Poly1305 MAC function and its internals pass all official test
-vectors in RFC8439.
+The Poly1305 MAC function and its internals pass all official
+test vectors in RFC8439, and the downstream AEAD-ChaCha20-Poly1305
+implementation in [ppad-aead](https://github.com/ppad-tech/aead) passes
+all the [Project Wycheproof vectors][wyche].
 
 If you discover any vulnerabilities, please disclose them via
 security@ppad.tech.
@@ -84,3 +86,4 @@ to get a REPL for the main library.
 [flake]: https://nixos.org/manual/nix/unstable/command-ref/new-cli/nix3-flake.html
 [hadoc]: https://docs.ppad.tech/poly1305
 [const]: https://www.chosenplaintext.ca/articles/beginners-guide-constant-time-cryptography.html
+[wyche]: https://github.com/C2SP/wycheproof