[CFRG] new draft modifying HPKE

Dan Harkins <dharkins@lounge.org> Mon, 14 June 2021 18:08 UTC

Return-Path: <dharkins@lounge.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 535AA3A2CDE for <cfrg@ietfa.amsl.com>; Mon, 14 Jun 2021 11:08:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id V6fCEkAeEA4v for <cfrg@ietfa.amsl.com>; Mon, 14 Jun 2021 11:08:05 -0700 (PDT)
Received: from www.goatley.com (www.goatley.com []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3055F3A2CD7 for <cfrg@irtf.org>; Mon, 14 Jun 2021 11:08:05 -0700 (PDT)
Received: from trixy.bergandi.net (cpe-76-176-14-122.san.res.rr.com []) by wwwlocal.goatley.com (PMDF V6.8 #2433) with ESMTP id <0QUP0CXH2EDGMU@wwwlocal.goatley.com> for cfrg@irtf.org; Mon, 14 Jun 2021 13:08:04 -0500 (CDT)
Received: from blockhead.local ([]) by trixy.bergandi.net (PMDF V6.7-x01 #2433) with ESMTPSA id <0QUP003FVEBNV3@trixy.bergandi.net> for cfrg@irtf.org; Mon, 14 Jun 2021 11:07:00 -0700 (PDT)
Received: from 69-12-173-8.static.dsltransport.net ([] EXTERNAL) (EHLO blockhead.local) with TLS/SSL by trixy.bergandi.net ([]) (PreciseMail V3.3); Mon, 14 Jun 2021 11:07:00 -0700
Date: Mon, 14 Jun 2021 11:08:03 -0700
From: Dan Harkins <dharkins@lounge.org>
To: cfrg@irtf.org
Message-id: <ac30b613-d9db-7d43-4e11-f82a880a41e0@lounge.org>
MIME-version: 1.0
Content-type: text/plain; charset="utf-8"; format="flowed"
Content-language: en-US
Content-transfer-encoding: 8bit
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.7.1
X-PMAS-SPF: SPF check skipped for authenticated session (recv=trixy.bergandi.net, send-ip=
X-PMAS-External-Auth: 69-12-173-8.static.dsltransport.net [] (EHLO blockhead.local)
X-PMAS-Software: PreciseMail V3.3 [210614] (trixy.bergandi.net)
X-PMAS-Allowed: system rule (rule allow header:X-PMAS-External noexists)
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/GDwTJGfD-FnsfgYigWJ3thJP6ZI>
Subject: [CFRG] new draft modifying HPKE
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Jun 2021 18:08:09 -0000


   I know the cement on HPKE isn't quite dry yet but I wanted to get 
something ready
for when it is. As I've discussed on this list before I want to add 2 
things to HPKE:

   - compact output of the NIST curves
   - deterministic authenticated encryption

There's a new draft in the repository proposing just that:


Please take a look. Comments are welcome.

   Also, I implemented this in my HPKE code: 
The test vectors there are basically copied from the standard ones but I 
the KEM with the new KEM, compacted serialization, and encrypted with 
welcome any attempts at interoperation.



"The object of life is not to be on the side of the majority, but to
escape finding oneself in the ranks of the insane." -- Marcus Aurelius