secp256k1-based DHKEM for HPKE
draft-wahby-cfrg-hpke-kem-secp256k1-00
This document is an Internet-Draft (I-D).
Anyone may submit an I-D to the IETF.
This I-D is not endorsed by the IETF and has no formal standing in the
IETF standards process.
The information below is for an old version of the document.
Document | Type |
This is an older version of an Internet-Draft whose latest revision state is "Expired".
|
|
---|---|---|---|
Author | Riad S. Wahby | ||
Last updated | 2023-07-23 | ||
RFC stream | (None) | ||
Formats | |||
Stream | Stream state | (No stream defined) | |
Consensus boilerplate | Unknown | ||
RFC Editor Note | (None) | ||
IESG | IESG state | I-D Exists | |
Telechat date | (None) | ||
Responsible AD | (None) | ||
Send notices to | (None) |
draft-wahby-cfrg-hpke-kem-secp256k1-00
Crypto Forum R. S. Wabhy Internet-Draft Carnegie Mellon University Intended status: Informational 23 July 2023 Expires: 24 January 2024 secp256k1-based DHKEM for HPKE draft-wahby-cfrg-hpke-kem-secp256k1-00 Abstract This memo defines DHKEM-secp256k1, a variant of HPKE DHKEM (RFC9180) built on the secp256k1 elliptic curve. About This Document This note is to be removed before publishing as an RFC. The latest revision of this draft can be found at https://github.com/kwantam/draft-wahby-cfrg-hpke-kem-secp256k1/. Status information for this document may be found at https://datatracker.ietf.org/doc/draft-wahby-cfrg-hpke-kem- secp256k1/. Discussion of this document takes place on the Crypto Forum Research Group mailing list (mailto:cfrg@ietf.org), which is archived at https://mailarchive.ietf.org/arch/search/?email_list=cfrg. Subscribe at https://www.ietf.org/mailman/listinfo/cfrg/. Source for this draft and an issue tracker can be found at https://github.com/kwantam/draft-wahby-cfrg-hpke-kem-secp256k1. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 24 January 2024. Wabhy Expires 24 January 2024 [Page 1] Internet-Draft hpke-secp256k1-kem July 2023 Copyright Notice Copyright (c) 2023 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Motivation . . . . . . . . . . . . . . . . . . . . . . . 2 2. Conventions and Definitions . . . . . . . . . . . . . . . . . 3 3. Construction . . . . . . . . . . . . . . . . . . . . . . . . 3 3.1. Serializing and deserializing keys . . . . . . . . . . . 3 3.2. DeriveKeyPair . . . . . . . . . . . . . . . . . . . . . . 3 4. Security Considerations . . . . . . . . . . . . . . . . . . . 4 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 6. Normative References . . . . . . . . . . . . . . . . . . . . 4 Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 5 Appendix B. Test Vectors . . . . . . . . . . . . . . . . . . . . 5 B.1. DHKEM(Secp256k1, HKDF-SHA256) HKDF-SHA256 AES-128-GCM . . 5 B.1.1. Base . . . . . . . . . . . . . . . . . . . . . . . . 5 B.1.2. Auth . . . . . . . . . . . . . . . . . . . . . . . . 6 B.2. DHKEM(Secp256k1, HKDF-SHA256) HKDF-SHA256 AES-256-GCM . . 7 B.2.1. Base . . . . . . . . . . . . . . . . . . . . . . . . 7 B.2.2. Auth . . . . . . . . . . . . . . . . . . . . . . . . 9 B.3. DHKEM(Secp256k1, HKDF-SHA256) HKDF-SHA256 ChaCha20-Poly1305 . . . . . . . . . . . . . . . . . . . . 10 B.3.1. Base . . . . . . . . . . . . . . . . . . . . . . . . 10 B.3.2. Auth . . . . . . . . . . . . . . . . . . . . . . . . 11 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 13 1. Introduction 1.1. Motivation The secp256k1 elliptic curve is widely used in blockchain applications. To date, several proposals have sought to allow users to use their keys for encryption. To enable this application, this document specifies a DHKEM mode for use with the secp256k1 elliptic curve. Several implementations appear to have sprung up ad-hoc; this document is written in hope of avoiding fragmentation in the ecosystem, particularly around HPKE KEM suite-id assignments. Wabhy Expires 24 January 2024 [Page 2] Internet-Draft hpke-secp256k1-kem July 2023 2. Conventions and Definitions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. 3. Construction The secp256k1 elliptic curve is specified in [SEC2v2], Section 2.4.1. DHKEM is specified in [RFC9180], Section 4. In particular, the Decap, Encap, AuthDecap, and AuthEncap functions for DHKEM are defined in Section 4.1 of that document. The secp256k1 DHKEM construction closely follows NIST-P256 DHKEM. See Section 5 for the precise specification. 3.1. Serializing and deserializing keys Conversion functions in this section are defined in [SEC1v2]. * The SerializePublicKey() function uses the uncompressed Elliptic- Curve-Point-to-Octet-String conversion. * The DeserializePublicKey() function uses the uncompressed Octet- String-to-Elliptic-Curve-Point conversion. Deserialized public keys MUST be validated before they can be used in a manner analogous to the one for NIST-P256 in [RFC9180], Section 7.1.4. * The SerializePrivateKey() function uses the Field-Element-to- Octet-String conversion. If the private key is an integer outside the range [0, order-1], where 'order' is the order of the curve being used, the private key MUST be reduced to its representative in [0, order-1]. * The DeserializePrivateKey() function uses the Octet-String-to- Field-Element conversion. 3.2. DeriveKeyPair The DeriveKeyPair() function is as described in [RFC9180], Section 7.1.3. For this curve, the bitmask value 0xff should be used. The order of the secp256k1 curve as defined in [SEC2v2], Section 2.4.1, is 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141. Wabhy Expires 24 January 2024 [Page 3] Internet-Draft hpke-secp256k1-kem July 2023 4. Security Considerations Please consult the security considerations from [RFC9180]. 5. IANA Considerations This document requests/registers a new entry to the "HPKE KEM Identifiers" registry. Value: 0x0013 (please) KEM: DHKEM(secp256k1, HKDF-SHA256) Nsecret: 32 Nenc: 65 Npk: 65 Nsk: 32 Auth: yes Reference: [SEC2v2], [RFC9180] 6. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <https://www.rfc-editor.org/rfc/rfc2119>. [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, <https://www.rfc-editor.org/rfc/rfc8174>. [RFC9180] Barnes, R., Bhargavan, K., Lipp, B., and C. Wood, "Hybrid Public Key Encryption", RFC 9180, DOI 10.17487/RFC9180, February 2022, <https://www.rfc-editor.org/rfc/rfc9180>. [SEC1v2] "SEC 1: Elliptic Curve Cryptography", 2009, <https://secg.org/sec1-v2.pdf>. [SEC2v2] "SEC 2: Recommended Elliptic Curve Domain Parameters", 2010, <https://secg.org/sec2-v2.pdf>. Wabhy Expires 24 January 2024 [Page 4] Internet-Draft hpke-secp256k1-kem July 2023 Appendix A. Acknowledgements The author would like to thank Christopher Wood for his input. Appendix B. Test Vectors This section contains test vectors formatted similary to the ones found in [RFC9180]. These test vectors cover both Base and Auth setup for each of AES-128-GCM, AES-256-GCM, and ChaCha20-Poly1305. (PSK and AuthPSK are elided because their DHKEM operations are identical to Base and Auth, respectively.) B.1. DHKEM(Secp256k1, HKDF-SHA256) HKDF-SHA256 AES-128-GCM B.1.1. Base info: 17adde3164d65a90d077fd9a0fdba665152c3336 ikmE: 4e627f7d755a76961e60ee218c2ab33ee877c49a2363bf03ae4dea2c811bf3c6 skEm: 3aa90cf5d3e08d7a153b0c4bc23913fd7eb59c936b5d17780d2f56f5dc58afb8 pkEm: 04917de747a0cc3dbc3f5dcc43953bce63f8abfcb0c52194bcc0d06fafd3176b cabf5095aab38436368641df9fff17839c70774dbda7c9811a2ab7af3e66c88c49 ikmR: 1020a03f4ec8eaf31018ee2c06774580fa5c6a1d5ead187bbcaf1412d003e381 skRm: e1b5eca4c289765b68f24696466083b80f28b556fa9a7cd95a7e2c3b48ba5c96 pkRm: 042cca5011df9c9d1a091b98ef8606ccabdf727969ab1385ccbbf67c8168cce9 472fc1cdb426ecfd47185f9dd9c5bcffeaeb18b8f3ff93a3bcbaa38b4493b5465d shared_secret: 7425a21c31b2359df693c00e1baf6804d4585a52eaf474365bcc6c6 50bb618bd key: 5573fa4b33098b2e149a7dc611d33423 base_nonce: ebb56a270a01a914963d59db exporter_secret: 114594ee4124586291a43b134cfd3e7c4f92101f496b3b5ceaa73 cc33adbbc5a info: 1cdae379030a0423b12fc76ee1354749bede74e0 ikmE: e1528622348377db6d394241993bb5f4a743c94b2790a2e7546c1588ba4fd317 skEm: f19780f805f1f79f5439176c05abd39520d4d9c3438a59107e045a02ac37b7f3 pkEm: 046820789ecff937d62071faf1ad07a2aee7305a13ac4355e0776ce644ee313e 7b942b150a696f2fb49bdb56305c0bcea1d1dc5d4d4cda0ffc3715ebd68cf98727 ikmR: 01e6a31592cdb561760965669c453c12b8e0feb70fa73267ca5071a67fa4ffe4 skRm: 9b2a6f416777c7616f3aa6ad2cb0ccbb184eab57001fdebdaeec76a71b718247 pkRm: 04256656a2f1ead0b5ee419b46c79b3f3d8d58f60ca776460f7d7c29d2d65f3e cd311c15742d28e8b5e21c6e688b83cf58e72d7fe7573fc365941e856a23bd9021 shared_secret: 303de8c4107fc806ae63dffacc17cfff804be96281377012685e635 7b5bae4be key: 4c1fffd50efded12dd4a9f083a0c5e06 base_nonce: 39ca05f47a52b7b941f9ac2f exporter_secret: 71d665e1adfc7c7727353778a50a2848b1ad6bcd8dfd1a42e585b f17982522f3 Wabhy Expires 24 January 2024 [Page 5] Internet-Draft hpke-secp256k1-kem July 2023 info: d7306d0a1fd86999ef883c941e02c4975ec29f00 ikmE: 521029f944906302688dc165f61c3d75eaabcf96f26a30251e7d14f7d2162ff1 skEm: 470ac3e49a60dea044258efbb05294a348f9c47caf8480556d7d9e7cc48402bf pkEm: 046b6edc8ce9a1af75f2dd5093447d96dc7179907eec61cf3104756333655ff9 a1bb3cde4ff87b85a1d1b145b4d030ab37cd961e8b3307c5eebef988593187b129 ikmR: f4027ea850c3b82daeddf7697e86be92ebb276a10b1eab7748acc024ca5d2c56 skRm: ef82b3f942608a8c9ff963e81ed6cfcb75c5ae60710785fd602af1e69efe76d2 pkRm: 04e917708468776d0a9e73391a50bdde464116070c6633397672d6ed17f4dbfc 0d529dcc48668fae09104bce796356a27f38d8fa7b30fe5a04b636b2fb79dcb401 shared_secret: 33c875b50b787d848c44ba15f0254b06dc741960ebeef449785a825 012877be9 key: 7731d0c066a96aa186bdd737d82935b4 base_nonce: ea769a21719af06c567b63f4 exporter_secret: eb1acea6009f9a5501f7233aa4a026a7ccf93f5efa5941345054b d3ae3a72cdc B.1.2. Auth info: 70aa544b76a9d75a2b98682243489b1a2a315cc2 ikmE: 4c74b4c2bf105ba4390c23399b43a0f08de95686133e90288deafcea786f313e skEm: b2bc74a68aff93ac1663bcd13b3ea8cf2f7eaac2db5f53ade7331aae04966d6c pkEm: 04a4302f170988ddaea1a5bf836ddf390f5529b6af2c71e8d76ca0cba42f5950 a863ae8400c9e448ba17903347e0135a0024b026d766c3cbbe5b66771f4311946a ikmR: f3dc9707eac8feb1a86c96279e23318fae9f3e2c04aca5ca9e2ace204488bd35 skRm: 466a2b469c3c3dc4807bad8b6ac545c166c7b777bcc2fa76019fe040d2a0be1f pkRm: 04645b93ec92234c66d93cc6c3c669a5cc594c29319fedeb048b72cb944f3697 62134df193212ce0a97d0feea4833f1b9936463b6104d9122d4b77195faebccc15 ikmS: 9fbf7fcf111cc65b6079290c65d0839396104f2dfd39ad34196a4b29d4122383 skSm: 466a2b469c3c3dc4807bad8b6ac545c166c7b777bcc2fa76019fe040d2a0be1f pkSm: 04645b93ec92234c66d93cc6c3c669a5cc594c29319fedeb048b72cb944f3697 62134df193212ce0a97d0feea4833f1b9936463b6104d9122d4b77195faebccc15 shared_secret: b2586d302829fea413f105a83f1842245f7aefb84b36ac56e50a64f 40601b06f key: 3454df84c690f0597f3829f0bc12dbd5 base_nonce: 80a33a5387c80493033f7a54 exporter_secret: 02b1ff73ac6784ded824c0a569cd309e8a136c780c8db8d8a07da d2bdbecd785 Wabhy Expires 24 January 2024 [Page 6] Internet-Draft hpke-secp256k1-kem July 2023 info: 1d49ad98eb394f251ca6ae5c0badb0573c85bcfd ikmE: 769a0a841620dd1dbe74b394259ff53c8921a18cd839dd1dfc689efb6f0a50df skEm: 371e64199a6ac640a96fcdfd8beef995349997a5e68097e7b92e18191ebc8f9d pkEm: 048d4bc2572dda269bcf3c6467b271fba4721d45a6fb9f03ef258695598f94db 4c9e027311a165178f600dd82dc640f7e244f925b2253da6c78a88c35ec94b722f ikmR: a19c255f687911e217deac27b4719003010c98fae415b7e1247f09357bdf8f10 skRm: fa51e9412fc39776f0384073be48ed6238f369d51a381a2682613fb82bf6bd2f pkRm: 04a5b8e9c61db6166f8f17335e83963d1458bd768e4e3afaeab60a1141ef8bb7 9d570f89c2292beb8029381368d1b8b9cd1c80e7710a7b71b03b0624c2cd6668af ikmS: eda7668b68703bac51603156c64b2e5a5d8958d7f501130b105ee7438593a7c2 skSm: fa51e9412fc39776f0384073be48ed6238f369d51a381a2682613fb82bf6bd2f pkSm: 04a5b8e9c61db6166f8f17335e83963d1458bd768e4e3afaeab60a1141ef8bb7 9d570f89c2292beb8029381368d1b8b9cd1c80e7710a7b71b03b0624c2cd6668af shared_secret: 59655c67610028531f8a2c36899f51b5598caba355bf50f4033c8ff 1fbdf391b key: 2dfca01518b2f347f95f8dd6f3db2f33 base_nonce: ce6cfbc92e5b148afa7128a6 exporter_secret: 201c8b59ae2619271f4371a66385d7aeb63804f779d6f44a94e98 e8c4d026ef4 info: 8820687431c25b9b93bfa0b397bc1ab2f0dfe94f ikmE: 0b4aed6b990fe00241d80c0bc417c08e3ebd9468371b1b96dc938c9ee2fb4a6c skEm: c45c95e7277e1109f94b0c8aa268abb75eb3e8d74ff91158cccc748cad1dd45b pkEm: 04ec78a28688cb438ca226066e9e7d0df1066a148bde9a2305c8fefd9a05c141 cdb903e57e02536e3635a2e16a693255a7bde7a1ea0d70a30cee540e6a540f7f1b ikmR: 73740fb056be371fe34c0e638d766c0553e80a10b325145aa73694b899932522 skRm: 72849fc3dfb7b53978060772cc14c8e871a82b982acfe34d7f74cb3dc7617028 pkRm: 0403e9ab311e10d754c7e03c763ec6b499c4f2dc574659386f2ad3e26a4a64fe 4f77c370d7968e3d5dc0e8769f95518500d36e6587dde687be9e7eb577331b043d ikmS: 6cfc950b8d36c5f06ced5a70bba7b936269aa30f7c122728eff2525099f3eb27 skSm: 72849fc3dfb7b53978060772cc14c8e871a82b982acfe34d7f74cb3dc7617028 pkSm: 0403e9ab311e10d754c7e03c763ec6b499c4f2dc574659386f2ad3e26a4a64fe 4f77c370d7968e3d5dc0e8769f95518500d36e6587dde687be9e7eb577331b043d shared_secret: 7bed3e599c24583efb8838556cf50fc4e416d2a430d2a51eb1e232e 3fdd531a3 key: 794086d4b282c51eda49e4ffadcc19bb base_nonce: dc0fc6ef83a464fc1f70d1c1 exporter_secret: 5b2fcf2c82940888b706ebec2b1190ec49d2f307bb5e35e73b5cb 6b0de785d26 B.2. DHKEM(Secp256k1, HKDF-SHA256) HKDF-SHA256 AES-256-GCM B.2.1. Base Wabhy Expires 24 January 2024 [Page 7] Internet-Draft hpke-secp256k1-kem July 2023 info: b546c00cece2e2ff0815eb0f8124fb9028c66e80 ikmE: 41233637379f346f4e70e9ca44c31e7ee284d42a5bfd72572ae8884a09aa355e skEm: eddc7691cdff94f51c313da2e6ff8c293ede60703a59d39c1a498ce078063ad0 pkEm: 04c9775d6fcbffe6d1b12a9730cacbe0ff5e1e220fe3f69002cf7d3334c06beb 8c397f8b6532796cdcc4d3337c6199ab115eee8cde246236cb9fc8eba2e1be8a17 ikmR: 323c89b1ca03ca9c4ac6316d02f4604f2f6804665a13d8635786281f00f18006 skRm: 9f1232cd2d35ce0cbaa2d1d92558e1081b04efdad1a80cad4cdd0ec7dd2345bd pkRm: 04d7381f1aff5516a3ed5a6f343145da73f94e758647da3c508228f25884f70f 9f0c086be655dfecf7ad3d04122bde4332e31529634005f695e994a21d7d6f89b5 shared_secret: 586317bcd60f082771d2b70aab94c46003e2290627f09c744f80a75 bf0dbfead key: 0d88f6cfcf20cbb01e578de41b5c45ebf7218872b699ba805988c62d160d7e80 base_nonce: 41700da231ff95814f4d769e exporter_secret: 8ea4244321527caa36e7519a6631a6751ccfad78526dd276f8027 cc8413005ed info: 237b97992f7d59a4fa96f628b6ddb8d8fe9b74ef ikmE: e94e2130878a3afb37d7a8447e7f8c3b83036c842c34710a46bc125cdb67207d skEm: 23e8d5cfa01355398be06a507116ff3447048daf4ed93742691df96ec74f32de pkEm: 04c0b8e19829110ae8aa75239279f9718a9b7984ad68e306009b1314da5571d6 6cc9b0a8a2105d1dc4c934dda6dd3a097363322957bcafb922e2e4569cd1ff30ef ikmR: b93e2e31319435db36e3f59a7b27743d2beb3cc5c782d0cea69521d403b0e0c5 skRm: 0fa90333020235cd1497ab19f47be8e71f55b00d88448af653bce9d3387f751f pkRm: 04c6108ba390d63749526fccdd56e5fbdc40b5eca27c5017705ab0acbc1e2837 5bbf53e9e5506680098651cf60ce9d75ea87939c5455696491ac8d4b38dd17bbf6 shared_secret: 323224394ce7da76d643c6ea9d0bc4a08c0772e3865710bac7c02a9 bb5ec2483 key: c05c800d9e6806912ecea95e7136fe0fc31ce058ced2d9532e9a9cab3a049946 base_nonce: 9039cfa7c4ed333871616aa3 exporter_secret: ae96e41f29f016db9b09c3b5a8e0887c7efb9ad9376b400a453da 981a70152b7 info: a2bb7b11f256061eaff55351e70f6feb1b584c05 ikmE: 8eaaded2e37e7ce4f15d161a6b0df3b83314c04238c7f766553f7c9f6710f700 skEm: a3f541c0b9aea23b971b072726967e4094204f5894eceb3890a4a552071f9842 pkEm: 04b94d970704fb8672628044c62590c2cbd686bb502871f5731eb0b61049ec6f 341bc154b8e5bf2913962c396cc3390a4fbd903c375927e6b80614ccb40ff5a518 ikmR: 6590a304421bb59ec56fe898a9c551f31ae24ac2b342200cd16ff338f6142065 skRm: 2cc53dad017a973c1e2918f0efd3b61c6447d0fe7287069fa7a3ba13693e458a pkRm: 044b85b2b59a0f80d349050abe94f66c4f7795e27d0eec6406e63ccf96c97287 f42acb17be68da1973c1b1a1ae8002407463256fe7776d3fbd48a71ccfb31f3420 shared_secret: 3ac3f251fb170fb57ea81b25971f3402f6673235a9118487cde967a 99a3e91f7 key: e93e4030c32a3693ccb6ada22c46bceae3009e50c7dd4d41f50b29136a7c96bb base_nonce: 00231ce2b2a4d8778ebdbdbe exporter_secret: 7e647b832912ce9de4c8d7ce3542289d1360983f1ab88ccd4283e 6ea626440c1 Wabhy Expires 24 January 2024 [Page 8] Internet-Draft hpke-secp256k1-kem July 2023 B.2.2. Auth info: 5d5e00224d79f2a0890265c0038cb8b95fa2cc2d ikmE: 3e1ad67e84680247c9918dbfd60751b1b1a16191929c1f4302c18947b61980ea skEm: fcda5828cfc61f86afc9f3c439cdf75474adf1076dc3be9e22a33310ac6ab940 pkEm: 044264fb48cba7475591708747be9b38662ed92e956a677095e7d2d9a954c85e a9a0128076bd80ad82cd3304ad722ba5299d214da46ff0957e5926298a1b635431 ikmR: e536c3b25ca8e60c44a1788eca0d3cc74c143afa8418170f0219390d3c4bc291 skRm: e169bc6207c6c7a7d41767ee4e19e26fb7a051c3a433de01c5a659bf472b4675 pkRm: 04525a66bfaee2fb28fd7605686a75feedef823f69a5b9f726e6fc0447851084 9af1044e21a281f793baff5e09daa10684f1f8f48ab0c083823903d85723ea1cc8 ikmS: 88ddb133402f64de19356158d08deb4f26c1b03e0a7d86dd9bdf6811c5fcd131 skSm: e169bc6207c6c7a7d41767ee4e19e26fb7a051c3a433de01c5a659bf472b4675 pkSm: 04525a66bfaee2fb28fd7605686a75feedef823f69a5b9f726e6fc0447851084 9af1044e21a281f793baff5e09daa10684f1f8f48ab0c083823903d85723ea1cc8 shared_secret: 77ed3b0f0ed6f280e1528793b89e0db44d5ee9592963fbafb40c378 5b08ff6df key: a3747040abc3ab5d7badf8a34295522a6df5fba9fadd0198e8363395e85b4869 base_nonce: fc72732417a99dee3b4186c1 exporter_secret: 619a415a68fc9c11149c0b30056cfb529d4c1111a81b41d60272a e10530171f7 info: d6660fbfc7e847dd12b5fcbe7a2fd2cbf89213a7 ikmE: f0d45729871415f0a9bf35c7f8d571cfe888e630e9dce11dd99b52fa1cfb4fda skEm: eb06c10831adad3f6eb26eeaa20dd21641df13bdbb3570caf54575a4b310a302 pkEm: 049d6e8685ee9e0cf5710fadec235b48f0be768cdc208ea33b335b5a1f888d2d 97efa1fe42532a52968fc9f728d81a12a404b2e78345309ab1fee32b023a010b0f ikmR: 0cc37e627d373599331c3db629be6d25dd0484abaccca3797280e4e32a5c1b5e skRm: 7f30e894edc38aa437536e467aaef80725a29bd96c6c6008b622ab2f044efb5e pkRm: 040c07a6ef58e5ff36ef8d2c5a92f746c40e4103225b54ae8b242549f7e1b327 a13a7d8d3f3056cb8ab09b05ef89e0d79ae94b7c872960be75287ee6a970424832 ikmS: 81f8f68edca7e035e2ee951bbe9bfe23ee9c9728827b859e8ccd680fa6dd87e5 skSm: 7f30e894edc38aa437536e467aaef80725a29bd96c6c6008b622ab2f044efb5e pkSm: 040c07a6ef58e5ff36ef8d2c5a92f746c40e4103225b54ae8b242549f7e1b327 a13a7d8d3f3056cb8ab09b05ef89e0d79ae94b7c872960be75287ee6a970424832 shared_secret: 2b096d4102bd3434a1a0fa0819e9c4fd75cf7fe2e41a221ffcc4ff1 33e987f2d key: d49b6734eba28e723971aa45ecf92c41dd37e349c4282f5c3b13112469879547 base_nonce: f4aced0329318cb7f579efef exporter_secret: f53a997abaef4c11b9d3d832e0817deded7e430606230ace13d30 6de04aa481c Wabhy Expires 24 January 2024 [Page 9] Internet-Draft hpke-secp256k1-kem July 2023 info: f9b3f2ca40d56439b72c07ea5c06886c4acc683f ikmE: 2206f1169f0d68e199a2a9bb2cf484d83090cae9b593eba1635f80e6c0435cf0 skEm: 0c65212daab206080d681138bf627d1a61cca4c85ca6e10b4ef4fc8684b5cf45 pkEm: 04c4ffebdf2032fb882cf940343a9c5331cdf7da987631ba66052ac08969d4c4 cbd77188a4c0530e04ca543f95000c600b01dbcd78d70b2740b6b4f3520a6ad74c ikmR: 3c45964e1d076031406ce364ff2fce2271ef1b3966fe6596a7adf132bb00399f skRm: b8013cce7f7d142cd624a2c27bd4332d5958d8fe27ae60825bdddd5f9bd92fa2 pkRm: 04f9d911550b105e990dd4a92c0ec6a79f85542bc205421118896879f5133f26 bfd1042a617756035ac22de3a430f0d11ed5d460546a04918903f24a70a2a5b93c ikmS: be586f34314201e16cf2f1e0d94a49e772c99ce77ae04670fd496bf361c68e2b skSm: b8013cce7f7d142cd624a2c27bd4332d5958d8fe27ae60825bdddd5f9bd92fa2 pkSm: 04f9d911550b105e990dd4a92c0ec6a79f85542bc205421118896879f5133f26 bfd1042a617756035ac22de3a430f0d11ed5d460546a04918903f24a70a2a5b93c shared_secret: e0e1e73c593afcfa03fdbba4d6a1f58eb4889e3e919493a4aca8896 904da119b key: 3a9ba5804887b3d6d25242de9aed14f7b5f18dfc219e0515fbe09c0499449417 base_nonce: 1428dc91b7bd8fff443f9bfd exporter_secret: bffd0025b62ed7f387e34b74c9b169d87f42aa23908c05089cf7f 7b7d7b6600b B.3. DHKEM(Secp256k1, HKDF-SHA256) HKDF-SHA256 ChaCha20-Poly1305 B.3.1. Base info: 609dcb9844f8412343191f93add1177186c03a36 ikmE: 77caf1617fb3723972a56cd2085081c9f66baae825ce5f363c0a86ec87013fa0 skEm: 11c22e306f2b770cc1ce54371d1469c99ce0db728a76add54dba1376cbd98739 pkEm: 0496dee83ccd93e02c32c1e9be45f6e828ba9c3607a46a17e009ba0b2c178360 84c033be427ed83f47f6a2972d9e5bca25af7901870af748b4218c4315cdc5a330 ikmR: 71b530bed75fc3fa2f8e8bb163203e6ee676565cc61cd59d66352676341c0688 skRm: d542e67fb8ea5664326b25db7bd433c3fef73a844142a14714c8854de256a5a9 pkRm: 04c89a433470030c26c2a52f6d5d45d45a26f0ae254ea0cc291cc5d14477bc98 214c50dd7d302e6942e588620c2ecac94abdde5bff2ea56d1a7e2599b472d2275e shared_secret: 8bd3f75687f3ca96bce0abe3348aecebb30cdce6980a621fd513b20 f2fe1db92 key: 4849dc5df5ec0c934e561f8e37171d370b40dcff7365bdef69488c857c02268c base_nonce: d8511fcf67a99633dbaae70e exporter_secret: 31668ab75791e87802c98999aba6d4d2a0854ee10d9a4fd5c4014 17daca1c5e9 Wabhy Expires 24 January 2024 [Page 10] Internet-Draft hpke-secp256k1-kem July 2023 info: 325c816adeee49bea410f0db92947892378f6e0c ikmE: 597ba1fe9a4db02225bbb3e4cd150ceb68636e84d80e728f1be6b22e8aeefcb0 skEm: 6e948979dcc6e1aebe16c3d79e7ecb581df3f57bc9cd865c2563d62d5252672f pkEm: 045dcee10c93c5992518bb45951453281d55e4d67b013eb786aa48bbbb34e3b5 ec5b18de4f6f038396e962507fc1a96562eee6dfbb97de22cefa4601feca3d25b3 ikmR: 9cabb8ddac5293c96ffcdaa3aa1c797ecba36f9c2d21ce27495f52ea80497a5c skRm: 6af3907b34d8cf648c06dbc56587a78e62c931ea0ac786f39506dfbcbcb99b1c pkRm: 0463d06169b2a496aaa66fdaa501e409476e8a2547ba57360268cf2f6ede05e0 4505952830f140ddcf35c94523d1da083cffcc628d7931e82662c220396ca907df shared_secret: f7465f0a3b25a5319ed4ec251e217d401c4529e58bba2a65e224f9e fd741588f key: c17cf5cd4b4eb4a45e1379540dadba34ad350ce667cd24aa1708959bc8464fa7 base_nonce: 1bf67f5a3578cae2fd7935f1 exporter_secret: a4a6130cab42b879e0f35d0aee95a3f49bdb6d6ef1198eef31d20 37859cf60c6 info: 5d274e2436d921573ba466fb5ebef86bd5f77f34 ikmE: 149db0ca6bd0bdabbfca4a61c4a6507efff33eedd844d9e1c299cbaab3a1d006 skEm: f5bacfdc7be4046ee2ea74ae1eea9a3d0699e6de16e647596ef4ec5dd3b72dcc pkEm: 046cd1374db8f3101cead81f8f8cf696dc60fe8e7d82a615d0ea54068b853383 78441b9e74fd3e2425c09021f20df5d7274b3158b46557d33384650d6a8f521882 ikmR: 2d00ee3b22d16bd33224c2cd32158437bd0e0e3c053307d697b70e55f578f009 skRm: e0bb959c437045817752ee1cda84b4ed58acbdc48c4101b42e02258f2b19fda0 pkRm: 04aaa96b92e77fd8b0be3d4afc89238975d7d7c8207d7547bef99bcb20822399 c6ea2f5024a23a7dfa00824a826edee87ba6d5b9e405988d06a8f9477ec6ea8290 shared_secret: 2663987e21d3c0053a047ef0a73d90d177babb3ea725e821bfba4e3 051e6ce79 key: 58d49b7f63df4977c3ef09736ea1ae8d61cac2f97a96a92908c10977eb4efb78 base_nonce: c6eddf28508a9d4d171053e5 exporter_secret: 939c4610b1ed9dd59da29e24c5fbf3a324af1e303ed7e072eb9e6 3ea5520e350 B.3.2. Auth Wabhy Expires 24 January 2024 [Page 11] Internet-Draft hpke-secp256k1-kem July 2023 info: 42bb2361c10ad20c7f7403d3e048f8f74139258a ikmE: f402a160b0dd43a5490e9315dd8ea386eb3b2bde9e252857e8a3132fa084506b skEm: b028cafc5988d4bba52c854116043e9058f5eadf037b35340beb33fcf79ef5b4 pkEm: 0495d048e3dcaf7c1898b0c236a485d32ed42f17001713df3c2b39be66220b8a a225d9d7f206914ee700bd8777fda3c939c50ed861cb96f7ad9bb6e59bb41ade91 ikmR: d574268376eddb281b0dd1a5fda3f073d1b7b070a90387727e7433d87ec80d6d skRm: 4001b20a1b3a561cd253bf63b90bc610867b2cdde7fc733d1e85e1c21b982615 pkRm: 04d5e06e6f3add1ad05dc74bbdec7021c79b0cbcf351f7d162aee7afc4d77d65 524b39af1b2c27c3acdd4dae0d236b2f7c68d6708ba335e9ffae6dbf078834f1ee ikmS: e9e68de251a00dcf0d91ca20883153bb69b912df0ba9c20938407c787f44ea67 skSm: 4001b20a1b3a561cd253bf63b90bc610867b2cdde7fc733d1e85e1c21b982615 pkSm: 04d5e06e6f3add1ad05dc74bbdec7021c79b0cbcf351f7d162aee7afc4d77d65 524b39af1b2c27c3acdd4dae0d236b2f7c68d6708ba335e9ffae6dbf078834f1ee shared_secret: 8e0daf42fd6a0007caab78e3b59045a698938ec0e189d2efa5d39c7 a749f6537 key: d03f8c98e989dfd22bafa4e23df563e47863485d60557a8d3848de16f7565952 base_nonce: df175b40959a09af6f71f8aa exporter_secret: f7e947cfa40208be454c9a38f5adbe1ca049f60fc40881ab641c7 90719553403 info: e15ab879ecc83017469ec2bf48a288adc97035a3 ikmE: 744f6bf36c108984aab7c03eea5feb427c03f4f3ecc4dca500f70c3a467c5cdd skEm: a125a293043809a318a73f3c793300f177dfa2077ad95f96e6ed5cc65791f8d9 pkEm: 044147aa9174f84d146ada83ebd673c86286c28b0576d96123636487f7ca2fd9 a5006ce8bc7b7592091a5668ccea1198b11dc67fa18f06fa8d427a2c42ea1c4921 ikmR: d11ebff931558abd86811790816a9163fe2bdb6f3c07e8157510e2bf73d7c3de skRm: 484202867e52d3a6312a5896f136e94cdd5331799ebd7312d527969416a0af35 pkRm: 0453fac7c67d79ac93a672222eeb6ac59b93c57e287a65759b64130c6dccf9b4 70e55137bfbf2c033fb46481821cd9b6944bc361372a74e0504e3613b9f21aaff9 ikmS: ea62965347a6e7dac5787b43623383a8e722f925bb81c88a58508433859847e8 skSm: 484202867e52d3a6312a5896f136e94cdd5331799ebd7312d527969416a0af35 pkSm: 0453fac7c67d79ac93a672222eeb6ac59b93c57e287a65759b64130c6dccf9b4 70e55137bfbf2c033fb46481821cd9b6944bc361372a74e0504e3613b9f21aaff9 shared_secret: caaa1cd976d03edb181cc9376ee4de022ef94fbd7c853bf21c8ac0d eb6938984 key: d4106c4cb9203a20e0823dd39e22346b647bc765bf2177dc395544a1b591c599 base_nonce: 004efacd84c23708001b4a7d exporter_secret: ac70932ea6d02317e90ddaf0bde1e1f555092c1df4199eb61a265 b07db1b59a9 Wabhy Expires 24 January 2024 [Page 12] Internet-Draft hpke-secp256k1-kem July 2023 info: 76984d45b8f9873c786889869e0520afdf0a1044 ikmE: 682d4606d4d401bce174fd98c88e6a395f79b903216eb8b2a38b7b2081f6709b skEm: 95e2227ea4331b97b62d5cbd1fcaee4f3f0388194a92b0d67f99a01c1af976c8 pkEm: 04c8d753c3c17d6459a0a8cef9d63a8d92e7eff14eb0e1e45743ac0e92fdd9fa ef71d7a2b6b65b89b68794e34050a3b78b0bf2d8d840b680f0eaf077fc7e989d93 ikmR: c92d590379d06dfe53f19c4785248a21efda81f3e2b39acd30dc088e110b86f9 skRm: d5f3113e0c49fc1804b0d5688288f0ede262622fa1d74f762916e9ec0232a565 pkRm: 04609183acc9ba7e9cf7910e04f532d52c6fa2d8233966cb8c4684bcf183309f 12c6f7e4ebe593bedc4caf3bf30352ea417f8d816d405c543ef4a16c9e6df4a71c ikmS: d4954c6a2ffdd1e7e8a87798abeb92b7133b0813df1fe32d3a04eb048d9e3068 skSm: d5f3113e0c49fc1804b0d5688288f0ede262622fa1d74f762916e9ec0232a565 pkSm: 04609183acc9ba7e9cf7910e04f532d52c6fa2d8233966cb8c4684bcf183309f 12c6f7e4ebe593bedc4caf3bf30352ea417f8d816d405c543ef4a16c9e6df4a71c shared_secret: 13ec3257b4a09bb13ee6c203e7171f0899a50648bd4288f6c7cc6bf 8e84cbcf4 key: 1417c6db2e575b59aad121371a8af4ed63d2cf59463db732fc0269549860569b base_nonce: 26fb5a652305c50006bf4dd9 exporter_secret: d75874c10ae072e48be6288b360154d488d3d19bceab2f27abea0 15eab166eb2 Author's Address Riad Wahby Carnegie Mellon University Email: riad@cmu.edu Wabhy Expires 24 January 2024 [Page 13]