Skip to main content

secp256k1-based DHKEM for HPKE
draft-wahby-cfrg-hpke-kem-secp256k1-00

The information below is for an old version of the document.
Document Type
This is an older version of an Internet-Draft whose latest revision state is "Expired".
Author Riad S. Wahby
Last updated 2023-07-23
RFC stream (None)
Formats
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state I-D Exists
Telechat date (None)
Responsible AD (None)
Send notices to (None)
draft-wahby-cfrg-hpke-kem-secp256k1-00
Crypto Forum                                                 R. S. Wabhy
Internet-Draft                                Carnegie Mellon University
Intended status: Informational                              23 July 2023
Expires: 24 January 2024

                     secp256k1-based DHKEM for HPKE
                 draft-wahby-cfrg-hpke-kem-secp256k1-00

Abstract

   This memo defines DHKEM-secp256k1, a variant of HPKE DHKEM (RFC9180)
   built on the secp256k1 elliptic curve.

About This Document

   This note is to be removed before publishing as an RFC.

   The latest revision of this draft can be found at
   https://github.com/kwantam/draft-wahby-cfrg-hpke-kem-secp256k1/.
   Status information for this document may be found at
   https://datatracker.ietf.org/doc/draft-wahby-cfrg-hpke-kem-
   secp256k1/.

   Discussion of this document takes place on the Crypto Forum Research
   Group mailing list (mailto:cfrg@ietf.org), which is archived at
   https://mailarchive.ietf.org/arch/search/?email_list=cfrg.  Subscribe
   at https://www.ietf.org/mailman/listinfo/cfrg/.

   Source for this draft and an issue tracker can be found at
   https://github.com/kwantam/draft-wahby-cfrg-hpke-kem-secp256k1.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on 24 January 2024.

Wabhy                    Expires 24 January 2024                [Page 1]
Internet-Draft             hpke-secp256k1-kem                  July 2023

Copyright Notice

   Copyright (c) 2023 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents (https://trustee.ietf.org/
   license-info) in effect on the date of publication of this document.
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
     1.1.  Motivation  . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Conventions and Definitions . . . . . . . . . . . . . . . . .   3
   3.  Construction  . . . . . . . . . . . . . . . . . . . . . . . .   3
     3.1.  Serializing and deserializing keys  . . . . . . . . . . .   3
     3.2.  DeriveKeyPair . . . . . . . . . . . . . . . . . . . . . .   3
   4.  Security Considerations . . . . . . . . . . . . . . . . . . .   4
   5.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   4
   6.  Normative References  . . . . . . . . . . . . . . . . . . . .   4
   Appendix A.  Acknowledgements . . . . . . . . . . . . . . . . . .   5
   Appendix B.  Test Vectors . . . . . . . . . . . . . . . . . . . .   5
     B.1.  DHKEM(Secp256k1, HKDF-SHA256) HKDF-SHA256 AES-128-GCM . .   5
       B.1.1.  Base  . . . . . . . . . . . . . . . . . . . . . . . .   5
       B.1.2.  Auth  . . . . . . . . . . . . . . . . . . . . . . . .   6
     B.2.  DHKEM(Secp256k1, HKDF-SHA256) HKDF-SHA256 AES-256-GCM . .   7
       B.2.1.  Base  . . . . . . . . . . . . . . . . . . . . . . . .   7
       B.2.2.  Auth  . . . . . . . . . . . . . . . . . . . . . . . .   9
     B.3.  DHKEM(Secp256k1, HKDF-SHA256) HKDF-SHA256
           ChaCha20-Poly1305 . . . . . . . . . . . . . . . . . . . .  10
       B.3.1.  Base  . . . . . . . . . . . . . . . . . . . . . . . .  10
       B.3.2.  Auth  . . . . . . . . . . . . . . . . . . . . . . . .  11
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .  13

1.  Introduction

1.1.  Motivation

   The secp256k1 elliptic curve is widely used in blockchain
   applications.  To date, several proposals have sought to allow users
   to use their keys for encryption.  To enable this application, this
   document specifies a DHKEM mode for use with the secp256k1 elliptic
   curve.  Several implementations appear to have sprung up ad-hoc; this
   document is written in hope of avoiding fragmentation in the
   ecosystem, particularly around HPKE KEM suite-id assignments.

Wabhy                    Expires 24 January 2024                [Page 2]
Internet-Draft             hpke-secp256k1-kem                  July 2023

2.  Conventions and Definitions

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described in
   BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
   capitals, as shown here.

3.  Construction

   The secp256k1 elliptic curve is specified in [SEC2v2], Section 2.4.1.
   DHKEM is specified in [RFC9180], Section 4.  In particular, the
   Decap, Encap, AuthDecap, and AuthEncap functions for DHKEM are
   defined in Section 4.1 of that document.

   The secp256k1 DHKEM construction closely follows NIST-P256 DHKEM.
   See Section 5 for the precise specification.

3.1.  Serializing and deserializing keys

   Conversion functions in this section are defined in [SEC1v2].

   *  The SerializePublicKey() function uses the uncompressed Elliptic-
      Curve-Point-to-Octet-String conversion.

   *  The DeserializePublicKey() function uses the uncompressed Octet-
      String-to-Elliptic-Curve-Point conversion.  Deserialized public
      keys MUST be validated before they can be used in a manner
      analogous to the one for NIST-P256 in [RFC9180], Section 7.1.4.

   *  The SerializePrivateKey() function uses the Field-Element-to-
      Octet-String conversion.  If the private key is an integer outside
      the range [0, order-1], where 'order' is the order of the curve
      being used, the private key MUST be reduced to its representative
      in [0, order-1].

   *  The DeserializePrivateKey() function uses the Octet-String-to-
      Field-Element conversion.

3.2.  DeriveKeyPair

   The DeriveKeyPair() function is as described in [RFC9180],
   Section 7.1.3.  For this curve, the bitmask value 0xff should be
   used.  The order of the secp256k1 curve as defined in [SEC2v2],
   Section 2.4.1, is
   0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141.

Wabhy                    Expires 24 January 2024                [Page 3]
Internet-Draft             hpke-secp256k1-kem                  July 2023

4.  Security Considerations

   Please consult the security considerations from [RFC9180].

5.  IANA Considerations

   This document requests/registers a new entry to the "HPKE KEM
   Identifiers" registry.

   Value:  0x0013 (please)

   KEM:  DHKEM(secp256k1, HKDF-SHA256)

   Nsecret:  32

   Nenc:  65

   Npk:  65

   Nsk:  32

   Auth:  yes

   Reference:  [SEC2v2], [RFC9180]

6.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <https://www.rfc-editor.org/rfc/rfc2119>.

   [RFC8174]  Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
              2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
              May 2017, <https://www.rfc-editor.org/rfc/rfc8174>.

   [RFC9180]  Barnes, R., Bhargavan, K., Lipp, B., and C. Wood, "Hybrid
              Public Key Encryption", RFC 9180, DOI 10.17487/RFC9180,
              February 2022, <https://www.rfc-editor.org/rfc/rfc9180>.

   [SEC1v2]   "SEC 1: Elliptic Curve Cryptography", 2009,
              <https://secg.org/sec1-v2.pdf>.

   [SEC2v2]   "SEC 2: Recommended Elliptic Curve Domain Parameters",
              2010, <https://secg.org/sec2-v2.pdf>.

Wabhy                    Expires 24 January 2024                [Page 4]
Internet-Draft             hpke-secp256k1-kem                  July 2023

Appendix A.  Acknowledgements

   The author would like to thank Christopher Wood for his input.

Appendix B.  Test Vectors

   This section contains test vectors formatted similary to the ones
   found in [RFC9180].  These test vectors cover both Base and Auth
   setup for each of AES-128-GCM, AES-256-GCM, and ChaCha20-Poly1305.
   (PSK and AuthPSK are elided because their DHKEM operations are
   identical to Base and Auth, respectively.)

B.1.  DHKEM(Secp256k1, HKDF-SHA256) HKDF-SHA256 AES-128-GCM

B.1.1.  Base

  info: 17adde3164d65a90d077fd9a0fdba665152c3336
  ikmE: 4e627f7d755a76961e60ee218c2ab33ee877c49a2363bf03ae4dea2c811bf3c6
  skEm: 3aa90cf5d3e08d7a153b0c4bc23913fd7eb59c936b5d17780d2f56f5dc58afb8
  pkEm: 04917de747a0cc3dbc3f5dcc43953bce63f8abfcb0c52194bcc0d06fafd3176b
  cabf5095aab38436368641df9fff17839c70774dbda7c9811a2ab7af3e66c88c49
  ikmR: 1020a03f4ec8eaf31018ee2c06774580fa5c6a1d5ead187bbcaf1412d003e381
  skRm: e1b5eca4c289765b68f24696466083b80f28b556fa9a7cd95a7e2c3b48ba5c96
  pkRm: 042cca5011df9c9d1a091b98ef8606ccabdf727969ab1385ccbbf67c8168cce9
  472fc1cdb426ecfd47185f9dd9c5bcffeaeb18b8f3ff93a3bcbaa38b4493b5465d
  shared_secret: 7425a21c31b2359df693c00e1baf6804d4585a52eaf474365bcc6c6
  50bb618bd
  key: 5573fa4b33098b2e149a7dc611d33423
  base_nonce: ebb56a270a01a914963d59db
  exporter_secret: 114594ee4124586291a43b134cfd3e7c4f92101f496b3b5ceaa73
  cc33adbbc5a

  info: 1cdae379030a0423b12fc76ee1354749bede74e0
  ikmE: e1528622348377db6d394241993bb5f4a743c94b2790a2e7546c1588ba4fd317
  skEm: f19780f805f1f79f5439176c05abd39520d4d9c3438a59107e045a02ac37b7f3
  pkEm: 046820789ecff937d62071faf1ad07a2aee7305a13ac4355e0776ce644ee313e
  7b942b150a696f2fb49bdb56305c0bcea1d1dc5d4d4cda0ffc3715ebd68cf98727
  ikmR: 01e6a31592cdb561760965669c453c12b8e0feb70fa73267ca5071a67fa4ffe4
  skRm: 9b2a6f416777c7616f3aa6ad2cb0ccbb184eab57001fdebdaeec76a71b718247
  pkRm: 04256656a2f1ead0b5ee419b46c79b3f3d8d58f60ca776460f7d7c29d2d65f3e
  cd311c15742d28e8b5e21c6e688b83cf58e72d7fe7573fc365941e856a23bd9021
  shared_secret: 303de8c4107fc806ae63dffacc17cfff804be96281377012685e635
  7b5bae4be
  key: 4c1fffd50efded12dd4a9f083a0c5e06
  base_nonce: 39ca05f47a52b7b941f9ac2f
  exporter_secret: 71d665e1adfc7c7727353778a50a2848b1ad6bcd8dfd1a42e585b
  f17982522f3

Wabhy                    Expires 24 January 2024                [Page 5]
Internet-Draft             hpke-secp256k1-kem                  July 2023

  info: d7306d0a1fd86999ef883c941e02c4975ec29f00
  ikmE: 521029f944906302688dc165f61c3d75eaabcf96f26a30251e7d14f7d2162ff1
  skEm: 470ac3e49a60dea044258efbb05294a348f9c47caf8480556d7d9e7cc48402bf
  pkEm: 046b6edc8ce9a1af75f2dd5093447d96dc7179907eec61cf3104756333655ff9
  a1bb3cde4ff87b85a1d1b145b4d030ab37cd961e8b3307c5eebef988593187b129
  ikmR: f4027ea850c3b82daeddf7697e86be92ebb276a10b1eab7748acc024ca5d2c56
  skRm: ef82b3f942608a8c9ff963e81ed6cfcb75c5ae60710785fd602af1e69efe76d2
  pkRm: 04e917708468776d0a9e73391a50bdde464116070c6633397672d6ed17f4dbfc
  0d529dcc48668fae09104bce796356a27f38d8fa7b30fe5a04b636b2fb79dcb401
  shared_secret: 33c875b50b787d848c44ba15f0254b06dc741960ebeef449785a825
  012877be9
  key: 7731d0c066a96aa186bdd737d82935b4
  base_nonce: ea769a21719af06c567b63f4
  exporter_secret: eb1acea6009f9a5501f7233aa4a026a7ccf93f5efa5941345054b
  d3ae3a72cdc

B.1.2.  Auth

  info: 70aa544b76a9d75a2b98682243489b1a2a315cc2
  ikmE: 4c74b4c2bf105ba4390c23399b43a0f08de95686133e90288deafcea786f313e
  skEm: b2bc74a68aff93ac1663bcd13b3ea8cf2f7eaac2db5f53ade7331aae04966d6c
  pkEm: 04a4302f170988ddaea1a5bf836ddf390f5529b6af2c71e8d76ca0cba42f5950
  a863ae8400c9e448ba17903347e0135a0024b026d766c3cbbe5b66771f4311946a
  ikmR: f3dc9707eac8feb1a86c96279e23318fae9f3e2c04aca5ca9e2ace204488bd35
  skRm: 466a2b469c3c3dc4807bad8b6ac545c166c7b777bcc2fa76019fe040d2a0be1f
  pkRm: 04645b93ec92234c66d93cc6c3c669a5cc594c29319fedeb048b72cb944f3697
  62134df193212ce0a97d0feea4833f1b9936463b6104d9122d4b77195faebccc15
  ikmS: 9fbf7fcf111cc65b6079290c65d0839396104f2dfd39ad34196a4b29d4122383
  skSm: 466a2b469c3c3dc4807bad8b6ac545c166c7b777bcc2fa76019fe040d2a0be1f
  pkSm: 04645b93ec92234c66d93cc6c3c669a5cc594c29319fedeb048b72cb944f3697
  62134df193212ce0a97d0feea4833f1b9936463b6104d9122d4b77195faebccc15
  shared_secret: b2586d302829fea413f105a83f1842245f7aefb84b36ac56e50a64f
  40601b06f
  key: 3454df84c690f0597f3829f0bc12dbd5
  base_nonce: 80a33a5387c80493033f7a54
  exporter_secret: 02b1ff73ac6784ded824c0a569cd309e8a136c780c8db8d8a07da
  d2bdbecd785

Wabhy                    Expires 24 January 2024                [Page 6]
Internet-Draft             hpke-secp256k1-kem                  July 2023

  info: 1d49ad98eb394f251ca6ae5c0badb0573c85bcfd
  ikmE: 769a0a841620dd1dbe74b394259ff53c8921a18cd839dd1dfc689efb6f0a50df
  skEm: 371e64199a6ac640a96fcdfd8beef995349997a5e68097e7b92e18191ebc8f9d
  pkEm: 048d4bc2572dda269bcf3c6467b271fba4721d45a6fb9f03ef258695598f94db
  4c9e027311a165178f600dd82dc640f7e244f925b2253da6c78a88c35ec94b722f
  ikmR: a19c255f687911e217deac27b4719003010c98fae415b7e1247f09357bdf8f10
  skRm: fa51e9412fc39776f0384073be48ed6238f369d51a381a2682613fb82bf6bd2f
  pkRm: 04a5b8e9c61db6166f8f17335e83963d1458bd768e4e3afaeab60a1141ef8bb7
  9d570f89c2292beb8029381368d1b8b9cd1c80e7710a7b71b03b0624c2cd6668af
  ikmS: eda7668b68703bac51603156c64b2e5a5d8958d7f501130b105ee7438593a7c2
  skSm: fa51e9412fc39776f0384073be48ed6238f369d51a381a2682613fb82bf6bd2f
  pkSm: 04a5b8e9c61db6166f8f17335e83963d1458bd768e4e3afaeab60a1141ef8bb7
  9d570f89c2292beb8029381368d1b8b9cd1c80e7710a7b71b03b0624c2cd6668af
  shared_secret: 59655c67610028531f8a2c36899f51b5598caba355bf50f4033c8ff
  1fbdf391b
  key: 2dfca01518b2f347f95f8dd6f3db2f33
  base_nonce: ce6cfbc92e5b148afa7128a6
  exporter_secret: 201c8b59ae2619271f4371a66385d7aeb63804f779d6f44a94e98
  e8c4d026ef4

  info: 8820687431c25b9b93bfa0b397bc1ab2f0dfe94f
  ikmE: 0b4aed6b990fe00241d80c0bc417c08e3ebd9468371b1b96dc938c9ee2fb4a6c
  skEm: c45c95e7277e1109f94b0c8aa268abb75eb3e8d74ff91158cccc748cad1dd45b
  pkEm: 04ec78a28688cb438ca226066e9e7d0df1066a148bde9a2305c8fefd9a05c141
  cdb903e57e02536e3635a2e16a693255a7bde7a1ea0d70a30cee540e6a540f7f1b
  ikmR: 73740fb056be371fe34c0e638d766c0553e80a10b325145aa73694b899932522
  skRm: 72849fc3dfb7b53978060772cc14c8e871a82b982acfe34d7f74cb3dc7617028
  pkRm: 0403e9ab311e10d754c7e03c763ec6b499c4f2dc574659386f2ad3e26a4a64fe
  4f77c370d7968e3d5dc0e8769f95518500d36e6587dde687be9e7eb577331b043d
  ikmS: 6cfc950b8d36c5f06ced5a70bba7b936269aa30f7c122728eff2525099f3eb27
  skSm: 72849fc3dfb7b53978060772cc14c8e871a82b982acfe34d7f74cb3dc7617028
  pkSm: 0403e9ab311e10d754c7e03c763ec6b499c4f2dc574659386f2ad3e26a4a64fe
  4f77c370d7968e3d5dc0e8769f95518500d36e6587dde687be9e7eb577331b043d
  shared_secret: 7bed3e599c24583efb8838556cf50fc4e416d2a430d2a51eb1e232e
  3fdd531a3
  key: 794086d4b282c51eda49e4ffadcc19bb
  base_nonce: dc0fc6ef83a464fc1f70d1c1
  exporter_secret: 5b2fcf2c82940888b706ebec2b1190ec49d2f307bb5e35e73b5cb
  6b0de785d26

B.2.  DHKEM(Secp256k1, HKDF-SHA256) HKDF-SHA256 AES-256-GCM

B.2.1.  Base

Wabhy                    Expires 24 January 2024                [Page 7]
Internet-Draft             hpke-secp256k1-kem                  July 2023

  info: b546c00cece2e2ff0815eb0f8124fb9028c66e80
  ikmE: 41233637379f346f4e70e9ca44c31e7ee284d42a5bfd72572ae8884a09aa355e
  skEm: eddc7691cdff94f51c313da2e6ff8c293ede60703a59d39c1a498ce078063ad0
  pkEm: 04c9775d6fcbffe6d1b12a9730cacbe0ff5e1e220fe3f69002cf7d3334c06beb
  8c397f8b6532796cdcc4d3337c6199ab115eee8cde246236cb9fc8eba2e1be8a17
  ikmR: 323c89b1ca03ca9c4ac6316d02f4604f2f6804665a13d8635786281f00f18006
  skRm: 9f1232cd2d35ce0cbaa2d1d92558e1081b04efdad1a80cad4cdd0ec7dd2345bd
  pkRm: 04d7381f1aff5516a3ed5a6f343145da73f94e758647da3c508228f25884f70f
  9f0c086be655dfecf7ad3d04122bde4332e31529634005f695e994a21d7d6f89b5
  shared_secret: 586317bcd60f082771d2b70aab94c46003e2290627f09c744f80a75
  bf0dbfead
  key: 0d88f6cfcf20cbb01e578de41b5c45ebf7218872b699ba805988c62d160d7e80
  base_nonce: 41700da231ff95814f4d769e
  exporter_secret: 8ea4244321527caa36e7519a6631a6751ccfad78526dd276f8027
  cc8413005ed

  info: 237b97992f7d59a4fa96f628b6ddb8d8fe9b74ef
  ikmE: e94e2130878a3afb37d7a8447e7f8c3b83036c842c34710a46bc125cdb67207d
  skEm: 23e8d5cfa01355398be06a507116ff3447048daf4ed93742691df96ec74f32de
  pkEm: 04c0b8e19829110ae8aa75239279f9718a9b7984ad68e306009b1314da5571d6
  6cc9b0a8a2105d1dc4c934dda6dd3a097363322957bcafb922e2e4569cd1ff30ef
  ikmR: b93e2e31319435db36e3f59a7b27743d2beb3cc5c782d0cea69521d403b0e0c5
  skRm: 0fa90333020235cd1497ab19f47be8e71f55b00d88448af653bce9d3387f751f
  pkRm: 04c6108ba390d63749526fccdd56e5fbdc40b5eca27c5017705ab0acbc1e2837
  5bbf53e9e5506680098651cf60ce9d75ea87939c5455696491ac8d4b38dd17bbf6
  shared_secret: 323224394ce7da76d643c6ea9d0bc4a08c0772e3865710bac7c02a9
  bb5ec2483
  key: c05c800d9e6806912ecea95e7136fe0fc31ce058ced2d9532e9a9cab3a049946
  base_nonce: 9039cfa7c4ed333871616aa3
  exporter_secret: ae96e41f29f016db9b09c3b5a8e0887c7efb9ad9376b400a453da
  981a70152b7

  info: a2bb7b11f256061eaff55351e70f6feb1b584c05
  ikmE: 8eaaded2e37e7ce4f15d161a6b0df3b83314c04238c7f766553f7c9f6710f700
  skEm: a3f541c0b9aea23b971b072726967e4094204f5894eceb3890a4a552071f9842
  pkEm: 04b94d970704fb8672628044c62590c2cbd686bb502871f5731eb0b61049ec6f
  341bc154b8e5bf2913962c396cc3390a4fbd903c375927e6b80614ccb40ff5a518
  ikmR: 6590a304421bb59ec56fe898a9c551f31ae24ac2b342200cd16ff338f6142065
  skRm: 2cc53dad017a973c1e2918f0efd3b61c6447d0fe7287069fa7a3ba13693e458a
  pkRm: 044b85b2b59a0f80d349050abe94f66c4f7795e27d0eec6406e63ccf96c97287
  f42acb17be68da1973c1b1a1ae8002407463256fe7776d3fbd48a71ccfb31f3420
  shared_secret: 3ac3f251fb170fb57ea81b25971f3402f6673235a9118487cde967a
  99a3e91f7
  key: e93e4030c32a3693ccb6ada22c46bceae3009e50c7dd4d41f50b29136a7c96bb
  base_nonce: 00231ce2b2a4d8778ebdbdbe
  exporter_secret: 7e647b832912ce9de4c8d7ce3542289d1360983f1ab88ccd4283e
  6ea626440c1

Wabhy                    Expires 24 January 2024                [Page 8]
Internet-Draft             hpke-secp256k1-kem                  July 2023

B.2.2.  Auth

  info: 5d5e00224d79f2a0890265c0038cb8b95fa2cc2d
  ikmE: 3e1ad67e84680247c9918dbfd60751b1b1a16191929c1f4302c18947b61980ea
  skEm: fcda5828cfc61f86afc9f3c439cdf75474adf1076dc3be9e22a33310ac6ab940
  pkEm: 044264fb48cba7475591708747be9b38662ed92e956a677095e7d2d9a954c85e
  a9a0128076bd80ad82cd3304ad722ba5299d214da46ff0957e5926298a1b635431
  ikmR: e536c3b25ca8e60c44a1788eca0d3cc74c143afa8418170f0219390d3c4bc291
  skRm: e169bc6207c6c7a7d41767ee4e19e26fb7a051c3a433de01c5a659bf472b4675
  pkRm: 04525a66bfaee2fb28fd7605686a75feedef823f69a5b9f726e6fc0447851084
  9af1044e21a281f793baff5e09daa10684f1f8f48ab0c083823903d85723ea1cc8
  ikmS: 88ddb133402f64de19356158d08deb4f26c1b03e0a7d86dd9bdf6811c5fcd131
  skSm: e169bc6207c6c7a7d41767ee4e19e26fb7a051c3a433de01c5a659bf472b4675
  pkSm: 04525a66bfaee2fb28fd7605686a75feedef823f69a5b9f726e6fc0447851084
  9af1044e21a281f793baff5e09daa10684f1f8f48ab0c083823903d85723ea1cc8
  shared_secret: 77ed3b0f0ed6f280e1528793b89e0db44d5ee9592963fbafb40c378
  5b08ff6df
  key: a3747040abc3ab5d7badf8a34295522a6df5fba9fadd0198e8363395e85b4869
  base_nonce: fc72732417a99dee3b4186c1
  exporter_secret: 619a415a68fc9c11149c0b30056cfb529d4c1111a81b41d60272a
  e10530171f7

  info: d6660fbfc7e847dd12b5fcbe7a2fd2cbf89213a7
  ikmE: f0d45729871415f0a9bf35c7f8d571cfe888e630e9dce11dd99b52fa1cfb4fda
  skEm: eb06c10831adad3f6eb26eeaa20dd21641df13bdbb3570caf54575a4b310a302
  pkEm: 049d6e8685ee9e0cf5710fadec235b48f0be768cdc208ea33b335b5a1f888d2d
  97efa1fe42532a52968fc9f728d81a12a404b2e78345309ab1fee32b023a010b0f
  ikmR: 0cc37e627d373599331c3db629be6d25dd0484abaccca3797280e4e32a5c1b5e
  skRm: 7f30e894edc38aa437536e467aaef80725a29bd96c6c6008b622ab2f044efb5e
  pkRm: 040c07a6ef58e5ff36ef8d2c5a92f746c40e4103225b54ae8b242549f7e1b327
  a13a7d8d3f3056cb8ab09b05ef89e0d79ae94b7c872960be75287ee6a970424832
  ikmS: 81f8f68edca7e035e2ee951bbe9bfe23ee9c9728827b859e8ccd680fa6dd87e5
  skSm: 7f30e894edc38aa437536e467aaef80725a29bd96c6c6008b622ab2f044efb5e
  pkSm: 040c07a6ef58e5ff36ef8d2c5a92f746c40e4103225b54ae8b242549f7e1b327
  a13a7d8d3f3056cb8ab09b05ef89e0d79ae94b7c872960be75287ee6a970424832
  shared_secret: 2b096d4102bd3434a1a0fa0819e9c4fd75cf7fe2e41a221ffcc4ff1
  33e987f2d
  key: d49b6734eba28e723971aa45ecf92c41dd37e349c4282f5c3b13112469879547
  base_nonce: f4aced0329318cb7f579efef
  exporter_secret: f53a997abaef4c11b9d3d832e0817deded7e430606230ace13d30
  6de04aa481c

Wabhy                    Expires 24 January 2024                [Page 9]
Internet-Draft             hpke-secp256k1-kem                  July 2023

  info: f9b3f2ca40d56439b72c07ea5c06886c4acc683f
  ikmE: 2206f1169f0d68e199a2a9bb2cf484d83090cae9b593eba1635f80e6c0435cf0
  skEm: 0c65212daab206080d681138bf627d1a61cca4c85ca6e10b4ef4fc8684b5cf45
  pkEm: 04c4ffebdf2032fb882cf940343a9c5331cdf7da987631ba66052ac08969d4c4
  cbd77188a4c0530e04ca543f95000c600b01dbcd78d70b2740b6b4f3520a6ad74c
  ikmR: 3c45964e1d076031406ce364ff2fce2271ef1b3966fe6596a7adf132bb00399f
  skRm: b8013cce7f7d142cd624a2c27bd4332d5958d8fe27ae60825bdddd5f9bd92fa2
  pkRm: 04f9d911550b105e990dd4a92c0ec6a79f85542bc205421118896879f5133f26
  bfd1042a617756035ac22de3a430f0d11ed5d460546a04918903f24a70a2a5b93c
  ikmS: be586f34314201e16cf2f1e0d94a49e772c99ce77ae04670fd496bf361c68e2b
  skSm: b8013cce7f7d142cd624a2c27bd4332d5958d8fe27ae60825bdddd5f9bd92fa2
  pkSm: 04f9d911550b105e990dd4a92c0ec6a79f85542bc205421118896879f5133f26
  bfd1042a617756035ac22de3a430f0d11ed5d460546a04918903f24a70a2a5b93c
  shared_secret: e0e1e73c593afcfa03fdbba4d6a1f58eb4889e3e919493a4aca8896
  904da119b
  key: 3a9ba5804887b3d6d25242de9aed14f7b5f18dfc219e0515fbe09c0499449417
  base_nonce: 1428dc91b7bd8fff443f9bfd
  exporter_secret: bffd0025b62ed7f387e34b74c9b169d87f42aa23908c05089cf7f
  7b7d7b6600b

B.3.  DHKEM(Secp256k1, HKDF-SHA256) HKDF-SHA256 ChaCha20-Poly1305

B.3.1.  Base

  info: 609dcb9844f8412343191f93add1177186c03a36
  ikmE: 77caf1617fb3723972a56cd2085081c9f66baae825ce5f363c0a86ec87013fa0
  skEm: 11c22e306f2b770cc1ce54371d1469c99ce0db728a76add54dba1376cbd98739
  pkEm: 0496dee83ccd93e02c32c1e9be45f6e828ba9c3607a46a17e009ba0b2c178360
  84c033be427ed83f47f6a2972d9e5bca25af7901870af748b4218c4315cdc5a330
  ikmR: 71b530bed75fc3fa2f8e8bb163203e6ee676565cc61cd59d66352676341c0688
  skRm: d542e67fb8ea5664326b25db7bd433c3fef73a844142a14714c8854de256a5a9
  pkRm: 04c89a433470030c26c2a52f6d5d45d45a26f0ae254ea0cc291cc5d14477bc98
  214c50dd7d302e6942e588620c2ecac94abdde5bff2ea56d1a7e2599b472d2275e
  shared_secret: 8bd3f75687f3ca96bce0abe3348aecebb30cdce6980a621fd513b20
  f2fe1db92
  key: 4849dc5df5ec0c934e561f8e37171d370b40dcff7365bdef69488c857c02268c
  base_nonce: d8511fcf67a99633dbaae70e
  exporter_secret: 31668ab75791e87802c98999aba6d4d2a0854ee10d9a4fd5c4014
  17daca1c5e9

Wabhy                    Expires 24 January 2024               [Page 10]
Internet-Draft             hpke-secp256k1-kem                  July 2023

  info: 325c816adeee49bea410f0db92947892378f6e0c
  ikmE: 597ba1fe9a4db02225bbb3e4cd150ceb68636e84d80e728f1be6b22e8aeefcb0
  skEm: 6e948979dcc6e1aebe16c3d79e7ecb581df3f57bc9cd865c2563d62d5252672f
  pkEm: 045dcee10c93c5992518bb45951453281d55e4d67b013eb786aa48bbbb34e3b5
  ec5b18de4f6f038396e962507fc1a96562eee6dfbb97de22cefa4601feca3d25b3
  ikmR: 9cabb8ddac5293c96ffcdaa3aa1c797ecba36f9c2d21ce27495f52ea80497a5c
  skRm: 6af3907b34d8cf648c06dbc56587a78e62c931ea0ac786f39506dfbcbcb99b1c
  pkRm: 0463d06169b2a496aaa66fdaa501e409476e8a2547ba57360268cf2f6ede05e0
  4505952830f140ddcf35c94523d1da083cffcc628d7931e82662c220396ca907df
  shared_secret: f7465f0a3b25a5319ed4ec251e217d401c4529e58bba2a65e224f9e
  fd741588f
  key: c17cf5cd4b4eb4a45e1379540dadba34ad350ce667cd24aa1708959bc8464fa7
  base_nonce: 1bf67f5a3578cae2fd7935f1
  exporter_secret: a4a6130cab42b879e0f35d0aee95a3f49bdb6d6ef1198eef31d20
  37859cf60c6

  info: 5d274e2436d921573ba466fb5ebef86bd5f77f34
  ikmE: 149db0ca6bd0bdabbfca4a61c4a6507efff33eedd844d9e1c299cbaab3a1d006
  skEm: f5bacfdc7be4046ee2ea74ae1eea9a3d0699e6de16e647596ef4ec5dd3b72dcc
  pkEm: 046cd1374db8f3101cead81f8f8cf696dc60fe8e7d82a615d0ea54068b853383
  78441b9e74fd3e2425c09021f20df5d7274b3158b46557d33384650d6a8f521882
  ikmR: 2d00ee3b22d16bd33224c2cd32158437bd0e0e3c053307d697b70e55f578f009
  skRm: e0bb959c437045817752ee1cda84b4ed58acbdc48c4101b42e02258f2b19fda0
  pkRm: 04aaa96b92e77fd8b0be3d4afc89238975d7d7c8207d7547bef99bcb20822399
  c6ea2f5024a23a7dfa00824a826edee87ba6d5b9e405988d06a8f9477ec6ea8290
  shared_secret: 2663987e21d3c0053a047ef0a73d90d177babb3ea725e821bfba4e3
  051e6ce79
  key: 58d49b7f63df4977c3ef09736ea1ae8d61cac2f97a96a92908c10977eb4efb78
  base_nonce: c6eddf28508a9d4d171053e5
  exporter_secret: 939c4610b1ed9dd59da29e24c5fbf3a324af1e303ed7e072eb9e6
  3ea5520e350

B.3.2.  Auth

Wabhy                    Expires 24 January 2024               [Page 11]
Internet-Draft             hpke-secp256k1-kem                  July 2023

  info: 42bb2361c10ad20c7f7403d3e048f8f74139258a
  ikmE: f402a160b0dd43a5490e9315dd8ea386eb3b2bde9e252857e8a3132fa084506b
  skEm: b028cafc5988d4bba52c854116043e9058f5eadf037b35340beb33fcf79ef5b4
  pkEm: 0495d048e3dcaf7c1898b0c236a485d32ed42f17001713df3c2b39be66220b8a
  a225d9d7f206914ee700bd8777fda3c939c50ed861cb96f7ad9bb6e59bb41ade91
  ikmR: d574268376eddb281b0dd1a5fda3f073d1b7b070a90387727e7433d87ec80d6d
  skRm: 4001b20a1b3a561cd253bf63b90bc610867b2cdde7fc733d1e85e1c21b982615
  pkRm: 04d5e06e6f3add1ad05dc74bbdec7021c79b0cbcf351f7d162aee7afc4d77d65
  524b39af1b2c27c3acdd4dae0d236b2f7c68d6708ba335e9ffae6dbf078834f1ee
  ikmS: e9e68de251a00dcf0d91ca20883153bb69b912df0ba9c20938407c787f44ea67
  skSm: 4001b20a1b3a561cd253bf63b90bc610867b2cdde7fc733d1e85e1c21b982615
  pkSm: 04d5e06e6f3add1ad05dc74bbdec7021c79b0cbcf351f7d162aee7afc4d77d65
  524b39af1b2c27c3acdd4dae0d236b2f7c68d6708ba335e9ffae6dbf078834f1ee
  shared_secret: 8e0daf42fd6a0007caab78e3b59045a698938ec0e189d2efa5d39c7
  a749f6537
  key: d03f8c98e989dfd22bafa4e23df563e47863485d60557a8d3848de16f7565952
  base_nonce: df175b40959a09af6f71f8aa
  exporter_secret: f7e947cfa40208be454c9a38f5adbe1ca049f60fc40881ab641c7
  90719553403

  info: e15ab879ecc83017469ec2bf48a288adc97035a3
  ikmE: 744f6bf36c108984aab7c03eea5feb427c03f4f3ecc4dca500f70c3a467c5cdd
  skEm: a125a293043809a318a73f3c793300f177dfa2077ad95f96e6ed5cc65791f8d9
  pkEm: 044147aa9174f84d146ada83ebd673c86286c28b0576d96123636487f7ca2fd9
  a5006ce8bc7b7592091a5668ccea1198b11dc67fa18f06fa8d427a2c42ea1c4921
  ikmR: d11ebff931558abd86811790816a9163fe2bdb6f3c07e8157510e2bf73d7c3de
  skRm: 484202867e52d3a6312a5896f136e94cdd5331799ebd7312d527969416a0af35
  pkRm: 0453fac7c67d79ac93a672222eeb6ac59b93c57e287a65759b64130c6dccf9b4
  70e55137bfbf2c033fb46481821cd9b6944bc361372a74e0504e3613b9f21aaff9
  ikmS: ea62965347a6e7dac5787b43623383a8e722f925bb81c88a58508433859847e8
  skSm: 484202867e52d3a6312a5896f136e94cdd5331799ebd7312d527969416a0af35
  pkSm: 0453fac7c67d79ac93a672222eeb6ac59b93c57e287a65759b64130c6dccf9b4
  70e55137bfbf2c033fb46481821cd9b6944bc361372a74e0504e3613b9f21aaff9
  shared_secret: caaa1cd976d03edb181cc9376ee4de022ef94fbd7c853bf21c8ac0d
  eb6938984
  key: d4106c4cb9203a20e0823dd39e22346b647bc765bf2177dc395544a1b591c599
  base_nonce: 004efacd84c23708001b4a7d
  exporter_secret: ac70932ea6d02317e90ddaf0bde1e1f555092c1df4199eb61a265
  b07db1b59a9

Wabhy                    Expires 24 January 2024               [Page 12]
Internet-Draft             hpke-secp256k1-kem                  July 2023

  info: 76984d45b8f9873c786889869e0520afdf0a1044
  ikmE: 682d4606d4d401bce174fd98c88e6a395f79b903216eb8b2a38b7b2081f6709b
  skEm: 95e2227ea4331b97b62d5cbd1fcaee4f3f0388194a92b0d67f99a01c1af976c8
  pkEm: 04c8d753c3c17d6459a0a8cef9d63a8d92e7eff14eb0e1e45743ac0e92fdd9fa
  ef71d7a2b6b65b89b68794e34050a3b78b0bf2d8d840b680f0eaf077fc7e989d93
  ikmR: c92d590379d06dfe53f19c4785248a21efda81f3e2b39acd30dc088e110b86f9
  skRm: d5f3113e0c49fc1804b0d5688288f0ede262622fa1d74f762916e9ec0232a565
  pkRm: 04609183acc9ba7e9cf7910e04f532d52c6fa2d8233966cb8c4684bcf183309f
  12c6f7e4ebe593bedc4caf3bf30352ea417f8d816d405c543ef4a16c9e6df4a71c
  ikmS: d4954c6a2ffdd1e7e8a87798abeb92b7133b0813df1fe32d3a04eb048d9e3068
  skSm: d5f3113e0c49fc1804b0d5688288f0ede262622fa1d74f762916e9ec0232a565
  pkSm: 04609183acc9ba7e9cf7910e04f532d52c6fa2d8233966cb8c4684bcf183309f
  12c6f7e4ebe593bedc4caf3bf30352ea417f8d816d405c543ef4a16c9e6df4a71c
  shared_secret: 13ec3257b4a09bb13ee6c203e7171f0899a50648bd4288f6c7cc6bf
  8e84cbcf4
  key: 1417c6db2e575b59aad121371a8af4ed63d2cf59463db732fc0269549860569b
  base_nonce: 26fb5a652305c50006bf4dd9
  exporter_secret: d75874c10ae072e48be6288b360154d488d3d19bceab2f27abea0
  15eab166eb2

Author's Address

   Riad Wahby
   Carnegie Mellon University
   Email: riad@cmu.edu

Wabhy                    Expires 24 January 2024               [Page 13]