Search RFCs
RFC 9180
Hybrid Public Key Encryption,February 2022
- File formats:
- Also available:XML file for editing
- Status:
- INFORMATIONAL
- Authors:
- R. Barnes
K. Bhargavan
B. Lipp
C. Wood - Stream:
- IRTF
Cite this RFC:TXT | XML | BibTeX
DOI: https://doi.org/10.17487/RFC9180
Discuss this RFC: Send questions or comments to the mailing listcfrg@irtf.org
Other actions:View Errata | Submit Errata | Find IPR Disclosures from the IETF | View History of RFC 9180
Abstract
This document describes a scheme for hybrid public key encryption(HPKE). This scheme provides a variant of public key encryption ofarbitrary-sized plaintexts for a recipient public key. It alsoincludes three authenticated variants, including one thatauthenticates possession of a pre-shared key and two optional onesthat authenticate possession of a key encapsulation mechanism (KEM)private key. HPKE works for any combination of an asymmetric KEM, keyderivation function (KDF), and authenticated encryption withadditional data (AEAD) encryption function. Some authenticatedvariants may not be supported by all KEMs. We provide instantiationsof the scheme using widely used and efficient primitives, such asElliptic Curve Diffie-Hellman (ECDH) key agreement, HMAC-based keyderivation function (HKDF), and SHA2.
This document is a product of the Crypto Forum Research Group (CFRG)in the IRTF.
For the definition ofStatus,seeRFC 2026.
For the definition ofStream, seeRFC 8729.