D. J. Bernstein
Authenticators and signatures

hash127

Frequently asked questions
How to install hash127
Choices for conf-opt

See Poly1305 for an improved message-authentication code.

I have a paper explaining how hash127 works and analyzing its security. I also have a page of information on CPU speeds.

What is it?

hash127 computes a provably secure 127-bit secret-key authenticator of an arbitrarily long message. Someone who does not know the secret key has a negligible chance of guessing a correct authenticator for a different message.

Timings

These timings are clock cycles to hash 64 bytes, 128 bytes, etc. with the following libraries:

127: hash127.
MD5: OpenSSL implementation of MD5. Includes Pentium asm and UltraSPARC asm; please let me know if there are any faster MD5 implementations.
SHA: OpenSSL implementation of SHA. Includes Pentium asm.

Timing overhead is included but usually small.

Library 64 128 256 512 1024 2048 Chip MHz Compiler

127 0.70 550 825 1340 2480 4667 9275 Pentium 166 gcc 2.8.1

MD5 0.9.5 1132 1523 2250 3727 6680 12583 Pentium 166 gcc 2.8.1

SHA 0.9.5 2097 3024 4862 8535 15880 30567 Pentium 166 gcc 2.8.1

127 0.70 566 792 1303 2406 4527 8850 Pentium II 400 gcc 2.7.2.3

127 0.70 561 814 1313 2449 4583 8954 Pentium III 450 egcs 2.91.66

MD5 0.9.5 1133 1494 2267 3782 6767 12947 Pentium III 450 egcs 2.91.66

SHA 0.9.5 1971 2765 4353 7527 13879 26596 Pentium III 450 egcs 2.91.66

127 0.70 570 762 1148 2111 3818 7438 UltraSPARC I 167 egcs 2.91.66

MD5 0.9.5 1523 2127 3313 5703 10468 20008 UltraSPARC I 167 egcs 2.91.66

SHA 0.9.5 2261 3269 5296 9297 17298 33300 UltraSPARC I 167 egcs 2.91.66

127 0.70 608 864 1375 2552 4818 9429 Alpha 21264 500 egcs 2.91.66

MD5 0.9.5 1623 2335 3795 6699 12465 23835 Alpha 21264 500 egcs 2.91.66

SHA 0.9.5 1836 2679 4410 7824 14637 28302 Alpha 21264 500 egcs 2.91.66

Library	64	128	256	512	1024	2048	Chip	MHz	Compiler
127 0.70	550	825	1340	2480	4667	9275	Pentium	166	gcc 2.8.1
MD5 0.9.5	1132	1523	2250	3727	6680	12583	Pentium	166	gcc 2.8.1
SHA 0.9.5	2097	3024	4862	8535	15880	30567	Pentium	166	gcc 2.8.1
127 0.70	566	792	1303	2406	4527	8850	Pentium II	400	gcc 2.7.2.3
127 0.70	561	814	1313	2449	4583	8954	Pentium III	450	egcs 2.91.66
MD5 0.9.5	1133	1494	2267	3782	6767	12947	Pentium III	450	egcs 2.91.66
SHA 0.9.5	1971	2765	4353	7527	13879	26596	Pentium III	450	egcs 2.91.66
127 0.70	570	762	1148	2111	3818	7438	UltraSPARC I	167	egcs 2.91.66
MD5 0.9.5	1523	2127	3313	5703	10468	20008	UltraSPARC I	167	egcs 2.91.66
SHA 0.9.5	2261	3269	5296	9297	17298	33300	UltraSPARC I	167	egcs 2.91.66
127 0.70	608	864	1375	2552	4818	9429	Alpha 21264	500	egcs 2.91.66
MD5 0.9.5	1623	2335	3795	6699	12465	23835	Alpha 21264	500	egcs 2.91.66
SHA 0.9.5	1836	2679	4410	7824	14637	28302	Alpha 21264	500	egcs 2.91.66

hash127 is subject to a continuing series of performance improvements. Please report the hash127 version number in any comments on hash127.