#poly1305 #aes #aead #aes256ctr

no-std aes256ctr_poly1305aes

Pure Rust implementation of the AES256CTR-Poly1305AES Authenticated Encryption with optional architecture-specific hardware acceleration

3 unstable releases

0.2.0 Nov 13, 2023
0.1.1 Mar 13, 2022
0.1.0 Mar 13, 2022

#574 in Cryptography

Download history 680/week @ 2023-12-06 795/week @ 2023-12-13 764/week @ 2023-12-20 1078/week @ 2023-12-27 948/week @ 2024-01-03 661/week @ 2024-01-10 1899/week @ 2024-01-17 1111/week @ 2024-01-24 980/week @ 2024-01-31 543/week @ 2024-02-07 627/week @ 2024-02-14 545/week @ 2024-02-21 545/week @ 2024-02-28 1742/week @ 2024-03-06 661/week @ 2024-03-13 228/week @ 2024-03-20

3,246 downloads per month
Used in 5 crates (2 directly)

Apache-2.0 OR MIT

134 lines


crate Docs Apache2/MIT licensed Rust Version Crates.io Downloads

Pure Rust implementation of AES256-CTR/Poly1305-AES: an Authenticated Encryption with Associated Data (AEAD) cipher amenable to fast, constant-time implementations in software, based on the AES256-CTR stream cipher and the Poly1305-AES MAC which uses the Poly1305 universal hash function in combination with the AES-128 block cipher.

A lot code is copied from the chacha20poly1305 crate



AES256-CTR is widely known as stream cipher using the AES256 block cipher. Poly1305-AES as MAC has been proposed by Daniel J. Bernstein in his famous paper The Poly1305-AES message-authentication code.

While both the stream cipher and the MAC are not commonly used, there exists software which uses the combination to encrypt and authenticate the data, e.g. the backup software restic.


Licensed under either of:

at your option.


Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.


~20K SLoC