RFC 9180
Hybrid Public Key Encryption, February 2022
- File formats:
- Also available: XML file for editing
- Status:
- INFORMATIONAL
- Authors:
- R. Barnes
K. Bhargavan
B. Lipp
C. Wood - Stream:
- IRTF
Cite this RFC: TXT | XML | BibTeX
DOI: https://doi.org/10.17487/RFC9180
Discuss this RFC: Send questions or comments to the mailing list cfrg@irtf.org
Other actions: View Errata | Submit Errata | Find IPR Disclosures from the IETF | View History of RFC 9180
Abstract
This document describes a scheme for hybrid public key encryption (HPKE). This scheme provides a variant of public key encryption of arbitrary-sized plaintexts for a recipient public key. It also includes three authenticated variants, including one that authenticates possession of a pre-shared key and two optional ones that authenticate possession of a key encapsulation mechanism (KEM) private key. HPKE works for any combination of an asymmetric KEM, key derivation function (KDF), and authenticated encryption with additional data (AEAD) encryption function. Some authenticated variants may not be supported by all KEMs. We provide instantiations of the scheme using widely used and efficient primitives, such as Elliptic Curve Diffie-Hellman (ECDH) key agreement, HMAC-based key derivation function (HKDF), and SHA2.
This document is a product of the Crypto Forum Research Group (CFRG) in the IRTF.
For the definition of Status, see RFC 2026.
For the definition of Stream, see RFC 8729.