Internet-Draft hpke-secp256k1-kem October 2023
Wabhy Expires 17 April 2024 [Page]
Workgroup:
Crypto Forum
Internet-Draft:
draft-wahby-cfrg-hpke-kem-secp256k1-01
Published:
Intended Status:
Informational
Expires:
Author:
R. S. Wabhy
Carnegie Mellon University

secp256k1-based DHKEM for HPKE

Abstract

This memo defines DHKEM-secp256k1, a variant of HPKE DHKEM (RFC9180) built on the secp256k1 elliptic curve.

About This Document

This note is to be removed before publishing as an RFC.

The latest revision of this draft can be found at https://github.com/kwantam/draft-wahby-cfrg-hpke-kem-secp256k1/. Status information for this document may be found at https://datatracker.ietf.org/doc/draft-wahby-cfrg-hpke-kem-secp256k1/.

Discussion of this document takes place on the Crypto Forum Research Group mailing list (mailto:cfrg@ietf.org), which is archived at https://mailarchive.ietf.org/arch/search/?email_list=cfrg. Subscribe at https://www.ietf.org/mailman/listinfo/cfrg/.

Source for this draft and an issue tracker can be found at https://github.com/kwantam/draft-wahby-cfrg-hpke-kem-secp256k1.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on 17 April 2024.

1. Introduction

1.1. Motivation

The secp256k1 elliptic curve is widely used in blockchain applications. To date, several proposals have sought to allow users to use their keys for encryption. To enable this application, this document specifies a DHKEM mode for use with the secp256k1 elliptic curve. Several implementations appear to have sprung up ad-hoc; this document is written in hope of avoiding fragmentation in the ecosystem, particularly around HPKE KEM suite-id assignments.

2. Conventions and Definitions

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.

3. Construction

The secp256k1 elliptic curve is specified in [SEC2v2], Section 2.4.1. DHKEM is specified in [RFC9180], Section 4. In particular, the Decap, Encap, AuthDecap, and AuthEncap functions for DHKEM are defined in Section 4.1 of that document.

The secp256k1 DHKEM construction closely follows NIST-P256 DHKEM. See Section 5 for the precise specification.

3.1. Serializing and deserializing keys

Conversion functions in this section are defined in [SEC1v2].

  • The SerializePublicKey() function uses the uncompressed Elliptic-Curve-Point-to-Octet-String conversion.
  • The DeserializePublicKey() function uses the uncompressed Octet-String-to-Elliptic-Curve-Point conversion. Deserialized public keys MUST be validated before they can be used in a manner analogous to the one for NIST-P256 in [RFC9180], Section 7.1.4.
  • The SerializePrivateKey() function uses the Field-Element-to-Octet-String conversion. If the private key is an integer outside the range [0, order-1], where 'order' is the order of the curve being used, the private key MUST be reduced to its representative in [0, order-1].
  • The DeserializePrivateKey() function uses the Octet-String-to-Field-Element conversion.

3.2. DeriveKeyPair

The DeriveKeyPair() function is as described in [RFC9180], Section 7.1.3. For this curve, the bitmask value 0xff should be used. The order of the secp256k1 curve as defined in [SEC2v2], Section 2.4.1, is 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141.

4. Security Considerations

Please consult the security considerations from [RFC9180].

5. IANA Considerations

This document requests/registers a new entry to the "HPKE KEM Identifiers" registry.

Value:

0x0016 (please)

KEM:

DHKEM(secp256k1, HKDF-SHA256)

Nsecret:

32

Nenc:

65

Npk:

65

Nsk:

32

Auth:

yes

Reference:

[SEC2v2], [RFC9180]

6. Normative References

[RFC2119]
Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, , <https://www.rfc-editor.org/rfc/rfc2119>.
[RFC8174]
Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, , <https://www.rfc-editor.org/rfc/rfc8174>.
[RFC9180]
Barnes, R., Bhargavan, K., Lipp, B., and C. Wood, "Hybrid Public Key Encryption", RFC 9180, DOI 10.17487/RFC9180, , <https://www.rfc-editor.org/rfc/rfc9180>.
[SEC1v2]
"SEC 1: Elliptic Curve Cryptography", , <https://secg.org/sec1-v2.pdf>.
[SEC2v2]
"SEC 2: Recommended Elliptic Curve Domain Parameters", , <https://secg.org/sec2-v2.pdf>.

Appendix A. Acknowledgements

The author would like to thank Christopher Wood for his input.

Appendix B. Test Vectors

This section contains test vectors formatted similary to the ones found in [RFC9180]. These test vectors cover both Base and Auth setup for each of AES-128-GCM, AES-256-GCM, and ChaCha20-Poly1305. (PSK and AuthPSK are elided because their DHKEM operations are identical to Base and Auth, respectively.)

B.1. DHKEM(Secp256k1, HKDF-SHA256) HKDF-SHA256 AES-128-GCM

B.1.1. Base

info: 17adde3164d65a90d077fd9a0fdba665152c3336
ikmE: 4e627f7d755a76961e60ee218c2ab33ee877c49a2363bf03ae4dea2c811bf3c6
skEm: 30fbc0d41cd01885333211ff53b9ed29bcbdccc3ff13625a82db61a7bb8eae19
pkEm: 04591775168f328a2adbcb887acd287d55a1025d7d2b15e1937278a5efd1d48b
19c00cf07559320e6d278a71c9e58bae5d9ab041d7905c66291f4d08459c946e18
ikmR: 1020a03f4ec8eaf31018ee2c06774580fa5c6a1d5ead187bbcaf1412d003e381
skRm: a795c287c132154a8b96dc81dc8b4e2f02bbbad78dab0567b59db1d1540751f6
pkRm: 043ee7314407753d1ba296de29f07b2cd5505ca94b614f127e71f3c19fc7845d
af49c9bb4bf4d00d3b5411c8eb86d59a2dcadc5a13115fa9fef44d1e0b7ef11cab
shared_secret: 7eabf4bab973fc9cc8b3bb2fdaa4d7f154309c31d11214cc48b4a8f
3d65236f7
key: c508c44d920152fb8dd597c8edce4cd1
base_nonce: 4ac4413d13c5713d6c76fad2
exporter_secret: dd82a88bd58f05bc453a77495898af2df905be8b6ffe096a071b8
0edf3428d1c
info: 1cdae379030a0423b12fc76ee1354749bede74e0
ikmE: e1528622348377db6d394241993bb5f4a743c94b2790a2e7546c1588ba4fd317
skEm: 0e102a20d5cad700fb7742f40d6fee95097216e75a9ab73150302a8aceaa0382
pkEm: 04f5b22e73b6050cbea5a1d1710474cdcda39d0d9e207a1dabb60ae430e7a4e2
392272b8d7e91741a4390f89657fd41b2e644153769d09eed9b61876a4a7b77166
ikmR: 01e6a31592cdb561760965669c453c12b8e0feb70fa73267ca5071a67fa4ffe4
skRm: 7c6ae8a1ef902bb0d9b5a7e1283d046970d4181ac3b744d8c9a471ced7ac2b24
pkRm: 04b7ee178b04df46a09ab4259d551f2d21f3cd69d6ae03d0f491177aaaa3bccc
28849506f7f426ed67f4e1c6e12c385c17140765ef5646af821f97f954f05c0613
shared_secret: 4587f2880b50184847f4e74f237f608c4c3821c16ba18d909e3cb2f
04f73df63
key: 5dd9cb6c744727bb6bc0b21c98e55e3f
base_nonce: 384ba8b643938841034d978f
exporter_secret: 66c6a00fd170192358866776800c295416771932ad82e5f780e62
3258a4ff4fe
info: d7306d0a1fd86999ef883c941e02c4975ec29f00
ikmE: 521029f944906302688dc165f61c3d75eaabcf96f26a30251e7d14f7d2162ff1
skEm: b9b79736c1e17734d3f8d212786a038791c0189a000e4d575056e55ee1e46054
pkEm: 04ae021bcdc823096bd7f3cf14b39f4718e5be40ea8312b01af7adc217ac3ff1
9e538ad0b6a7be9737228d9730855f0f29ebbf0c34005a586e7556a636b0836f8d
ikmR: f4027ea850c3b82daeddf7697e86be92ebb276a10b1eab7748acc024ca5d2c56
skRm: b94abd6542c300051737cc7eb324f5d04310fd329caa22ca30612e4f46bee3ef
pkRm: 04d390f6ff008e96bab5ad35f25d543d6760f65608e799e268f472f0772145ba
eeb03f4e8edc6fe1c638da86d0301b5d044f51a5d2975efb6083fda69dde6b4854
shared_secret: c879be0bba5934a054b44c13acd489d6b5be2b9ef37ad683ad08c29
46e3a40cb
key: e436ac946f4d01edb49780bc75b5784c
base_nonce: 14b3d065afc24c2205808d88
exporter_secret: 579bedf120431519f6f82ccdd1cb16ef0fc2460db1f7d38bee090
7bd4b55ad5d

B.1.2. Auth

info: 70aa544b76a9d75a2b98682243489b1a2a315cc2
ikmE: 4c74b4c2bf105ba4390c23399b43a0f08de95686133e90288deafcea786f313e
skEm: be124a18ba7956629489da30493aae91a51ad2bd1a41f34b39ec6b28de946576
pkEm: 048f1100da3b5413c417e224262b45f146884e21691c0ffff11cd04a762598c5
e739f8c5d460a328de39c94a1ab922c9419be89cc36d262cb7ce8a28f850f8e8ff
ikmR: f3dc9707eac8feb1a86c96279e23318fae9f3e2c04aca5ca9e2ace204488bd35
skRm: 040fc95447fff5a811321da69ff4655d185d58edef93453ab23dfb1be2f02702
pkRm: 04a3935d9f2ea9c4b23cdf49f4761625b2acbc1fc89532fe2c3af9d1b1c61b9f
167f61ba6125d47151df26e2ecfa851bd79719c99ff354c9b9e9619f25cb6ba6d7
ikmS: 9fbf7fcf111cc65b6079290c65d0839396104f2dfd39ad34196a4b29d4122383
skSm: 040fc95447fff5a811321da69ff4655d185d58edef93453ab23dfb1be2f02702
pkSm: 04a3935d9f2ea9c4b23cdf49f4761625b2acbc1fc89532fe2c3af9d1b1c61b9f
167f61ba6125d47151df26e2ecfa851bd79719c99ff354c9b9e9619f25cb6ba6d7
shared_secret: a2dad1b68920ce1052742b1f293d819735a6486a2ebe7443a655105
9a538bfdc
key: 56fe074940f495dc98c84b6328be4ebc
base_nonce: 86a7381e39a2385c9a1c3118
exporter_secret: e0abbed4f7753f450466fa5e4d37fe32ee72c5b17b0ec8de79d14
37b49646ac2
info: 1d49ad98eb394f251ca6ae5c0badb0573c85bcfd
ikmE: 769a0a841620dd1dbe74b394259ff53c8921a18cd839dd1dfc689efb6f0a50df
skEm: 22ce73fde1d929fa60debc5e09bde0dc05a84657c550d62a864b422b00e6ddca
pkEm: 0418faf0d455e8b565932bba553517f2e5648ab5caa96f3cde6e536f516dfaee
9752a3a0b7495c87157540f760e4da15905c40a5fad8844b439cd50161a5fa01b5
ikmR: a19c255f687911e217deac27b4719003010c98fae415b7e1247f09357bdf8f10
skRm: 231b758bae09399a9c4933e314e65d30c6df2e735f4d8e0a3165e5cdd2ff0ea7
pkRm: 0470b0633389d768176915fd0e1ee091ad8f8c1eb2e31a11f11896a0ddb38bc1
6abb1bfe5c171517544bfd748d482a2ed373d6ecbd2da0f03a790601af33ad8684
ikmS: eda7668b68703bac51603156c64b2e5a5d8958d7f501130b105ee7438593a7c2
skSm: 231b758bae09399a9c4933e314e65d30c6df2e735f4d8e0a3165e5cdd2ff0ea7
pkSm: 0470b0633389d768176915fd0e1ee091ad8f8c1eb2e31a11f11896a0ddb38bc1
6abb1bfe5c171517544bfd748d482a2ed373d6ecbd2da0f03a790601af33ad8684
shared_secret: 92bb5f23fa0ff749330cb744af8ab7b99e89c721e623ef70e37a6d7
674453935
key: 35b7fd94f255eb4c760b2388c513bd7b
base_nonce: 1d960dd240d63fa036c34956
exporter_secret: b9d96dbff3ea25237adee470214d26f6033db829e5e8cd74de0c9
7e1ddc41293
info: 8820687431c25b9b93bfa0b397bc1ab2f0dfe94f
ikmE: 0b4aed6b990fe00241d80c0bc417c08e3ebd9468371b1b96dc938c9ee2fb4a6c
skEm: e8d53705b5fc12b6d37c30a2b0b8ec2cead7ecaa413cf98d88884837b4adb41a
pkEm: 04336072155d3ece3a03a18508e9196fb4ee31768a00858ad157b493dff9a81c
476e83faa94252d2cba58ec2cca9aa157e292e73e86b0603930d86f38fe5453f68
ikmR: 73740fb056be371fe34c0e638d766c0553e80a10b325145aa73694b899932522
skRm: 995c9a7bb1e0f85b01734b966fc6e41281aaac32b7142ad18c8aacd7215d6619
pkRm: 04382f87d0d37c7fc59f2831f60b90565feaacfab11facb3d902056dd1815928
1b948028a2fecffa4eda96c365a3b3a0852fa8bafb64863a369b0c954e3ac8f6a1
ikmS: 6cfc950b8d36c5f06ced5a70bba7b936269aa30f7c122728eff2525099f3eb27
skSm: 995c9a7bb1e0f85b01734b966fc6e41281aaac32b7142ad18c8aacd7215d6619
pkSm: 04382f87d0d37c7fc59f2831f60b90565feaacfab11facb3d902056dd1815928
1b948028a2fecffa4eda96c365a3b3a0852fa8bafb64863a369b0c954e3ac8f6a1
shared_secret: c7ef717fb680bd421bd36279228a4c164f8ea860846fb779afee15c
a7596c1f7
key: a4430c9849caddeadac9e36619572984
base_nonce: cee547962ec2914771d81fad
exporter_secret: 09db3c29fc8c1889965ea252352dc6c805ba74bcb761a1e2e4903
d03002ce773

B.2. DHKEM(Secp256k1, HKDF-SHA256) HKDF-SHA256 AES-256-GCM

B.2.1. Base

info: b546c00cece2e2ff0815eb0f8124fb9028c66e80
ikmE: 41233637379f346f4e70e9ca44c31e7ee284d42a5bfd72572ae8884a09aa355e
skEm: 8979ee752423d020085c75cce1644959f819464a4c1c4e9a28ce4dd482991c1c
pkEm: 040de7712da136d40779452a32e70ec834fa092ee8e3f26450786c6cd51396e8
596c958065594d30432e812fc7a53a10d7fce2ce9bf52ccce72cbad4c79d3b17f6
ikmR: 323c89b1ca03ca9c4ac6316d02f4604f2f6804665a13d8635786281f00f18006
skRm: 024be5fda9036a2d81f8c634193b5ce83e65bfc4373ae8b7a960fea8770d1f8f
pkRm: 040986ec455812ddd870414c2753f75dadaefda155bc7bd18c4ab6ff3dd61b2e
a3bee4ab2a0160b8e330757fc6d81d88ece7051bd9a07fa7e5368ea579e2e6c0e6
shared_secret: ad889cd7b11e8881252f8f12539be9f5e36d2b95c96c875fb0e449c
711e8bc0d
key: da2f3e53e24306c97331e92f564b6c207246e9ab4dea07a472401702d0af5c53
base_nonce: d4d0dcfeeb6767d808f319e4
exporter_secret: 3edae43083bb52033f9ff2eea2bf5a8bdc8bbd5509e5958b09c47
7b32d2432ae
info: 237b97992f7d59a4fa96f628b6ddb8d8fe9b74ef
ikmE: e94e2130878a3afb37d7a8447e7f8c3b83036c842c34710a46bc125cdb67207d
skEm: 4ec1abbf0a8b5a8193f800f937c5d2f3dba07b21d787c273d5a04a3ca36d2ae2
pkEm: 04ec5d5055fef3d087b945edd7b7929ca654ac7f28125abbfcd10b8c1611e229
0aa807451086f66ae9346c5bfeda63b098166dbee3851c0e5e0d798ecb4b1ab00b
ikmR: b93e2e31319435db36e3f59a7b27743d2beb3cc5c782d0cea69521d403b0e0c5
skRm: 92fe8b8b8e343dd483227c8fbe3b6c400b995c427464a46c9529f0b23bcf7640
pkRm: 0423b3a51484936f310bd30ee7ca6d8ddd2c218fa706877165445b1d852676b2
85ca4162e704a2595d4b6f7fc411d1c2610ef3a64b8b318c797787b73b1008c1e8
shared_secret: ac59cd63169bf1a7dee04c3826de9620bea20439ae0014a6aef019d
9c2f908a3
key: 75ad242135d5592bd3f903a248ce1c76b1059011a1110cb080223190b47bb1c4
base_nonce: d9b549e5777926737decd367
exporter_secret: cfa9e09c696d5b277a82576822f160a8e0154ac165c9dcfe6ad4b
99fe14b5933
info: a2bb7b11f256061eaff55351e70f6feb1b584c05
ikmE: 8eaaded2e37e7ce4f15d161a6b0df3b83314c04238c7f766553f7c9f6710f700
skEm: efcf9e3ae3eb2e16dc93f69cfb1049e7e5fdb15a72e7a3d75ba67f5533fce2de
pkEm: 0454d07e51db25cfdaabcfcb9899058556bc2d5368ecf670232f82501fdfb701
fc85825be30bb0e6942eb4e9957efcf8b5118ed5508c0ae7dde01dbdbfb21f43d6
ikmR: 6590a304421bb59ec56fe898a9c551f31ae24ac2b342200cd16ff338f6142065
skRm: bd8150f2eb51c76d9651849cb9447d91282290d50a7cbe15cbea20f8b79e3430
pkRm: 04dbbeff50553f1b320862e4eb5d7a695fd0237cedaabbe458ca3bd12154d5c2
579dc94ff3eb6d160076f1569354be758db949dc78176e5b59c6605dd4e799d946
shared_secret: df215ff78aa76de1e4ca71498295008da4db44899625423bb4f4c2f
cd49f89e4
key: 271e4c0be542d8b2240d53a3624052f4fcf7105870106b633478d00c052f5ec7
base_nonce: 1dbe7972d32c82968c616b80
exporter_secret: 0e5e5d69f8700632e14be0904eb145f619535fccfbddf3845c007
2aeac376159

B.2.2. Auth

info: 5d5e00224d79f2a0890265c0038cb8b95fa2cc2d
ikmE: 3e1ad67e84680247c9918dbfd60751b1b1a16191929c1f4302c18947b61980ea
skEm: c958968d81e6827bc18c64511c60598411da2c21e3b74ba7e030f2d6f41d83b3
pkEm: 0459c8cec477bfb5eb8c8f91caf1b892ee89ee56f59364c19daf0153d93da0cb
87bf76ba75bb479cf37594eea19697a459f469ed75e649de8e39cc562cad59eccc
ikmR: e536c3b25ca8e60c44a1788eca0d3cc74c143afa8418170f0219390d3c4bc291
skRm: 45ea3cf6c4fcf5d9874b58f3d7a518584e4e5349756b41d79f76fdbd280259f8
pkRm: 04376203ae7189b010cf97c5df7f8451c836bc4bfe9572d62c88858e1fb58179
9c762a0157f5f15055c91da4ece1bd536d28cd2cdffd233ee9632b3f8a9c237861
ikmS: 88ddb133402f64de19356158d08deb4f26c1b03e0a7d86dd9bdf6811c5fcd131
skSm: 45ea3cf6c4fcf5d9874b58f3d7a518584e4e5349756b41d79f76fdbd280259f8
pkSm: 04376203ae7189b010cf97c5df7f8451c836bc4bfe9572d62c88858e1fb58179
9c762a0157f5f15055c91da4ece1bd536d28cd2cdffd233ee9632b3f8a9c237861
shared_secret: df2175829001db870da7e0c91f44950281600f01eb7544a684130bd
3316d0cac
key: c7134d59f91f41b3c8ce764fef3aa93881ada3a6238c1e2cfc75e1c14dd6845a
base_nonce: e5c60c8e0a64f115803e85de
exporter_secret: 1801bd0baf8879470b9652c68e53dea9061d31f658a3bf2196628
6dd511b2858
info: d6660fbfc7e847dd12b5fcbe7a2fd2cbf89213a7
ikmE: f0d45729871415f0a9bf35c7f8d571cfe888e630e9dce11dd99b52fa1cfb4fda
skEm: bfa1d9e9da1c0197945f00e66503f98ed2649867eddb545c999c3fd97584ab51
pkEm: 04369ad68d24312192dd3d1c61a8706a9c9eb54d5228d71f94d344cc2f92970e
b8f0dae8afb82a219573a985d2dda6f92ba2a5d426663449e9a6999539a5d9f9d5
ikmR: 0cc37e627d373599331c3db629be6d25dd0484abaccca3797280e4e32a5c1b5e
skRm: 9cb30e13f8f41a412d2826ef1d71579c986562de7c17a09a87ffe28bc95f13ac
pkRm: 04babd0c1957808bfc98fdcc195c01cfd1c70797983b25cbddae3537e8e36a5b
ee6d9cbf0a9229f35429c2f19b614f76264b91e8998dc4d2902b8cfc465a1a95d0
ikmS: 81f8f68edca7e035e2ee951bbe9bfe23ee9c9728827b859e8ccd680fa6dd87e5
skSm: 9cb30e13f8f41a412d2826ef1d71579c986562de7c17a09a87ffe28bc95f13ac
pkSm: 04babd0c1957808bfc98fdcc195c01cfd1c70797983b25cbddae3537e8e36a5b
ee6d9cbf0a9229f35429c2f19b614f76264b91e8998dc4d2902b8cfc465a1a95d0
shared_secret: 14824b9713858a209a3d2a68ec26a8a6e7621a713e6dbb6047e5129
f9c8dfe6d
key: 378ccc8c5c73b198bf749b11a9744609337369223da982aa17028cf9e072227b
base_nonce: 38e90c2b03354ecb8c9396bc
exporter_secret: 04cab076925a1107c87b100674b8d329f89af0df06278a96740f0
90806f59a85
info: f9b3f2ca40d56439b72c07ea5c06886c4acc683f
ikmE: 2206f1169f0d68e199a2a9bb2cf484d83090cae9b593eba1635f80e6c0435cf0
skEm: 582a80b7e7b3c91d82df5a6b9b17b92e661cdc513e46fe112ed88afc0efbb4bb
pkEm: 04b47ace4817e039a6241377fa0afb7395af9bf9f8993959cff9e0872db8a314
1c22c7ceb49884bb3ab1bf9afe70cbcde0221a75d2ef405f80a741fba9c8fb274d
ikmR: 3c45964e1d076031406ce364ff2fce2271ef1b3966fe6596a7adf132bb00399f
skRm: c77d7063296c1b35074a58b2a282c07caadb5b576cba83a4d41349b26e1a0093
pkRm: 046db554ec0a179d3f43fa71202d711d346ce16c09066b4e212d7ea98e51ede8
90de889dc65c90e47afecd00435d4fcacc6a6d1f57384ae5d1a913658b02f9d40a
ikmS: be586f34314201e16cf2f1e0d94a49e772c99ce77ae04670fd496bf361c68e2b
skSm: c77d7063296c1b35074a58b2a282c07caadb5b576cba83a4d41349b26e1a0093
pkSm: 046db554ec0a179d3f43fa71202d711d346ce16c09066b4e212d7ea98e51ede8
90de889dc65c90e47afecd00435d4fcacc6a6d1f57384ae5d1a913658b02f9d40a
shared_secret: 100cb3cfb6dbc5895a187929369a13e75a1f1699858adf57d6b1db9
6f00c26f2
key: ff066011ab54788cdd3262ed6bf8ef450e3027d750cb0f2c3176da8f788090ca
base_nonce: 4d3ca64e83d78bcd349aeb73
exporter_secret: 5572a00abeb0270246014c02b00985c5e19de0b872a1d7d8a1b20
bb744c7d794

B.3. DHKEM(Secp256k1, HKDF-SHA256) HKDF-SHA256 ChaCha20-Poly1305

B.3.1. Base

info: 609dcb9844f8412343191f93add1177186c03a36
ikmE: 77caf1617fb3723972a56cd2085081c9f66baae825ce5f363c0a86ec87013fa0
skEm: 1300156862599d00ecbb066644bf4d4505b56a9b235eae7a8632defc4335d5c0
pkEm: 0471788be0ccf916302c4f2225bba89a0ff3832df1fe50b48d8ccb910be74e30
241428ba6de731ccf538ded2913febdfe14b2648fafb8fdd35b8aa91804c706076
ikmR: 71b530bed75fc3fa2f8e8bb163203e6ee676565cc61cd59d66352676341c0688
skRm: 4a99cf59fb6af25c324299a39fef2db3931667ee89528e3aacc8b61d591ad643
pkRm: 04e660b55a28899c472ca023dce35f23da3cf16677dbdce9ed25353bd8b70cbb
8bee0abd2cc8936aee263a08d5b2a15d29a16d12b75fda63b9c614c477af165e2d
shared_secret: a81a3ccf56f48c699eb9f393e0701692836f9ac2e06b493ccbf99ac
68a792bbe
key: 4c260fe82e8c3737e7a70c3223cb16fc205682255389ad4bc3e7fae42c46b062
base_nonce: e035bbf3c39ff5a7196cfe84
exporter_secret: 83e82aad90186ddd7e1db090c840ee70eb6cac7531b64dc52a129
97462c8d0d8
info: 325c816adeee49bea410f0db92947892378f6e0c
ikmE: 597ba1fe9a4db02225bbb3e4cd150ceb68636e84d80e728f1be6b22e8aeefcb0
skEm: 29e4ff54b558f0a5b3c8f7c016736f6b784ed71d1395bbee07ae4320919465d1
pkEm: 04a3f4964462ee117c47ed7c129ce25c574d1cd97aa2fde60abdb8616be0f5c1
a6fe12c847b07ffca907c8e3f7eb58fe94042b78a90f27318d5421e96af9acab7a
ikmR: 9cabb8ddac5293c96ffcdaa3aa1c797ecba36f9c2d21ce27495f52ea80497a5c
skRm: dad1397389c4ff7fa014068bcfbf0c2ea2e24d78b0395fa3de9e88802bc8a684
pkRm: 04be3e5d3dfcc77e81f96f90c5fa3ce7f6f7f7005acaf39a2c3d7d47f1ac1cf1
0bcd06191d07366e706a2ca77e2e0571e11bfc2cbd471904ef0d999af757939da1
shared_secret: 9edafcdb619dabc578d8f7b7b055ac66d5cfb6219b90f69d13d297e
d49f3aaf3
key: 6e771cd99a23e82ddbd972ecc1b7d3bcd5d6f961370ac2ff785e6776b47b2d53
base_nonce: 208b33e382b39dfc1ebb2c95
exporter_secret: ead4fa0d88885cc36792039cbf75110d57eac32e883395eae3ccd
eba0a53b3d4
info: 5d274e2436d921573ba466fb5ebef86bd5f77f34
ikmE: 149db0ca6bd0bdabbfca4a61c4a6507efff33eedd844d9e1c299cbaab3a1d006
skEm: a342069714f97f18a844495779cf41e82ffa7e98c197ffd1276a8d74823c2519
pkEm: 0460cb3f0f85591f7b804fe91882b442837b9b535ea9c9fbd2d3adda128967d9
374ba8c7da87e8af31a32a326da570bc96044a731e1857246b881051b8d86779ea
ikmR: 2d00ee3b22d16bd33224c2cd32158437bd0e0e3c053307d697b70e55f578f009
skRm: 1ef5ec4b4482951fca257b0a0709f376f08c30a647cefa10f9b150a6839385ff
pkRm: 04706fd6e62dbf8a440f9f77bc47eb0703177f0f80275ce4be175c9c86953677
9a64806dff22c83ceb9b4a87302415a161b7d30a55521d181a6d01974c0648773e
shared_secret: fffa60534552d71101540d8022cd1ffe896da801fe55e194b9d71f1
ce882b6ff
key: ebe85898642db23679f83ae4a81efdea5feb4103553b9834cb1f4f602bcef495
base_nonce: ea1e6ce9451d45f9295189c2
exporter_secret: 92ea7629022c39382b333c1dcdc2dbed9cd2de4fe1d5732012557
7231aa35203

B.3.2. Auth

info: 42bb2361c10ad20c7f7403d3e048f8f74139258a
ikmE: f402a160b0dd43a5490e9315dd8ea386eb3b2bde9e252857e8a3132fa084506b
skEm: 338693112ca52e24b33c8211cf654ed6c9c44d1e74f344c724728cd9a4554053
pkEm: 04de99438fc76aaec2117df2346593c16f0a70ea9695ca7651aff895463b91e3
f3c846925784ddabd6b00b5094c10ba3b11bb9ff8b11ff2e853ac03373f09d9109
ikmR: d574268376eddb281b0dd1a5fda3f073d1b7b070a90387727e7433d87ec80d6d
skRm: 38aca581ad6a6a202fa89ac49f89650fac018b7f1d724a72040fea497ed95b84
pkRm: 04a6e334bb434dcf340fa2a8267ed828b23632de1f346b8acd7a5b8e83b9bc3f
58bbfabfc27dad4cbc30230de97bada0568c73f1ee877a885f5a3754bfc2287c84
ikmS: e9e68de251a00dcf0d91ca20883153bb69b912df0ba9c20938407c787f44ea67
skSm: 38aca581ad6a6a202fa89ac49f89650fac018b7f1d724a72040fea497ed95b84
pkSm: 04a6e334bb434dcf340fa2a8267ed828b23632de1f346b8acd7a5b8e83b9bc3f
58bbfabfc27dad4cbc30230de97bada0568c73f1ee877a885f5a3754bfc2287c84
shared_secret: 9b61edd3a878a5c4386bd6c42c4f2334a1ad4029e62b4cd24b16b3d
b41f4cb0f
key: f18103a860ae1eee5147aec66c2111ccc937529f9e0ba499038471326daa205e
base_nonce: a1172b6040d1f7da83916d94
exporter_secret: 89125c238053ad3cefb2a0acdb8da1ce89785dba613a0ca83ed78
035c51f3667
info: e15ab879ecc83017469ec2bf48a288adc97035a3
ikmE: 744f6bf36c108984aab7c03eea5feb427c03f4f3ecc4dca500f70c3a467c5cdd
skEm: 3748d1306a790e7f3776fbd17ebaae45c849de2b0f9122cfe9d85779a7923c3f
pkEm: 04be4687eb1e76e957285a08e4599cf31b4649e99b0b069bbb6f36572a6b366f
1b835a507ee14d8a6580e25a2e4ae8d7d8f4df9243e801b888953f324b93686527
ikmR: d11ebff931558abd86811790816a9163fe2bdb6f3c07e8157510e2bf73d7c3de
skRm: d61a862e6371a00a44b39f96cb754a14f53784c6458ee19f9a3613050a855613
pkRm: 04bf9683977dc086e89d461f7b34134e5889fbc872faa34121f5c16f304f5532
506c32882f37c2f7b0391daf6e2343191bc0ac639ff2d87fbedd0c9d71ef533ffa
ikmS: ea62965347a6e7dac5787b43623383a8e722f925bb81c88a58508433859847e8
skSm: d61a862e6371a00a44b39f96cb754a14f53784c6458ee19f9a3613050a855613
pkSm: 04bf9683977dc086e89d461f7b34134e5889fbc872faa34121f5c16f304f5532
506c32882f37c2f7b0391daf6e2343191bc0ac639ff2d87fbedd0c9d71ef533ffa
shared_secret: 3d648a64012a0dff200489823e2bb9f6b84adedc651f276d2fba82f
ef45ac12b
key: 8219ab2ae96460b3de411fd8bb4e68a9cef0c307be1e4564cd8267fb98d204d3
base_nonce: 7b5ae3238d6fabb7ff4b8525
exporter_secret: a93e33fbd26a6fafd97e195432c553d8a08b08993e62d7442e1d4
4b89acc17cd
info: 76984d45b8f9873c786889869e0520afdf0a1044
ikmE: 682d4606d4d401bce174fd98c88e6a395f79b903216eb8b2a38b7b2081f6709b
skEm: 2f53e5ac16cbf332beefd34482c332fa41dc675b2caa616c8dc7e30ecfa4abea
pkEm: 042624b24f16ad4366b316501472150f58e9d35e9c5e14781a5b7f79b69a7837
4599c681b0629c35fcecd761424cf234deb2565173dbb3fadb8ad480f4cdbe5b6b
ikmR: c92d590379d06dfe53f19c4785248a21efda81f3e2b39acd30dc088e110b86f9
skRm: 647400c833f994714a1dea157305117729a832bb81a44748437e59ac2376c027
pkRm: 044f69b9a4293a1c85504b724b33dcb690890c47d466ce49337942ad4551cc1b
5c718f2752f8e1beb1de18486caa36eb35cb33b2f462c03a7fad719d39fe65101e
ikmS: d4954c6a2ffdd1e7e8a87798abeb92b7133b0813df1fe32d3a04eb048d9e3068
skSm: 647400c833f994714a1dea157305117729a832bb81a44748437e59ac2376c027
pkSm: 044f69b9a4293a1c85504b724b33dcb690890c47d466ce49337942ad4551cc1b
5c718f2752f8e1beb1de18486caa36eb35cb33b2f462c03a7fad719d39fe65101e
shared_secret: 1a114e3937dc06ca7244dd98ca0a6bf8a5f2670158bab5c5a4f1b40
5a1070923
key: f05d8f2758709dc289c1b927f7962a57ba1f8c357e3ae39f091db11a0661a3ef
base_nonce: 819ca6581c15755e5253500f
exporter_secret: 1468983239658659d90f6e257769b5fd561d68f8096496400fb6d
b635108a210

Author's Address

Riad Wahby
Carnegie Mellon University