Crypto Forum R. S. Wabhy Internet-Draft Carnegie Mellon University Intended status: Informational 15 October 2023 Expires: 17 April 2024 secp256k1-based DHKEM for HPKE draft-wahby-cfrg-hpke-kem-secp256k1-01 Abstract This memo defines DHKEM-secp256k1, a variant of HPKE DHKEM (RFC9180) built on the secp256k1 elliptic curve. About This Document This note is to be removed before publishing as an RFC. The latest revision of this draft can be found at https://github.com/kwantam/draft-wahby-cfrg-hpke-kem-secp256k1/. Status information for this document may be found at https://datatracker.ietf.org/doc/draft-wahby-cfrg-hpke-kem- secp256k1/. Discussion of this document takes place on the Crypto Forum Research Group mailing list (mailto:cfrg@ietf.org), which is archived at https://mailarchive.ietf.org/arch/search/?email_list=cfrg. Subscribe at https://www.ietf.org/mailman/listinfo/cfrg/. Source for this draft and an issue tracker can be found at https://github.com/kwantam/draft-wahby-cfrg-hpke-kem-secp256k1. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 17 April 2024. Wabhy Expires 17 April 2024 [Page 1] Internet-Draft hpke-secp256k1-kem October 2023 Copyright Notice Copyright (c) 2023 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Motivation . . . . . . . . . . . . . . . . . . . . . . . 2 2. Conventions and Definitions . . . . . . . . . . . . . . . . . 3 3. Construction . . . . . . . . . . . . . . . . . . . . . . . . 3 3.1. Serializing and deserializing keys . . . . . . . . . . . 3 3.2. DeriveKeyPair . . . . . . . . . . . . . . . . . . . . . . 3 4. Security Considerations . . . . . . . . . . . . . . . . . . . 4 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 6. Normative References . . . . . . . . . . . . . . . . . . . . 4 Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 5 Appendix B. Test Vectors . . . . . . . . . . . . . . . . . . . . 5 B.1. DHKEM(Secp256k1, HKDF-SHA256) HKDF-SHA256 AES-128-GCM . . 5 B.1.1. Base . . . . . . . . . . . . . . . . . . . . . . . . 5 B.1.2. Auth . . . . . . . . . . . . . . . . . . . . . . . . 6 B.2. DHKEM(Secp256k1, HKDF-SHA256) HKDF-SHA256 AES-256-GCM . . 7 B.2.1. Base . . . . . . . . . . . . . . . . . . . . . . . . 7 B.2.2. Auth . . . . . . . . . . . . . . . . . . . . . . . . 9 B.3. DHKEM(Secp256k1, HKDF-SHA256) HKDF-SHA256 ChaCha20-Poly1305 . . . . . . . . . . . . . . . . . . . . 10 B.3.1. Base . . . . . . . . . . . . . . . . . . . . . . . . 10 B.3.2. Auth . . . . . . . . . . . . . . . . . . . . . . . . 11 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 13 1. Introduction 1.1. Motivation The secp256k1 elliptic curve is widely used in blockchain applications. To date, several proposals have sought to allow users to use their keys for encryption. To enable this application, this document specifies a DHKEM mode for use with the secp256k1 elliptic curve. Several implementations appear to have sprung up ad-hoc; this document is written in hope of avoiding fragmentation in the ecosystem, particularly around HPKE KEM suite-id assignments. Wabhy Expires 17 April 2024 [Page 2] Internet-Draft hpke-secp256k1-kem October 2023 2. Conventions and Definitions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. 3. Construction The secp256k1 elliptic curve is specified in [SEC2v2], Section 2.4.1. DHKEM is specified in [RFC9180], Section 4. In particular, the Decap, Encap, AuthDecap, and AuthEncap functions for DHKEM are defined in Section 4.1 of that document. The secp256k1 DHKEM construction closely follows NIST-P256 DHKEM. See Section 5 for the precise specification. 3.1. Serializing and deserializing keys Conversion functions in this section are defined in [SEC1v2]. * The SerializePublicKey() function uses the uncompressed Elliptic- Curve-Point-to-Octet-String conversion. * The DeserializePublicKey() function uses the uncompressed Octet- String-to-Elliptic-Curve-Point conversion. Deserialized public keys MUST be validated before they can be used in a manner analogous to the one for NIST-P256 in [RFC9180], Section 7.1.4. * The SerializePrivateKey() function uses the Field-Element-to- Octet-String conversion. If the private key is an integer outside the range [0, order-1], where 'order' is the order of the curve being used, the private key MUST be reduced to its representative in [0, order-1]. * The DeserializePrivateKey() function uses the Octet-String-to- Field-Element conversion. 3.2. DeriveKeyPair The DeriveKeyPair() function is as described in [RFC9180], Section 7.1.3. For this curve, the bitmask value 0xff should be used. The order of the secp256k1 curve as defined in [SEC2v2], Section 2.4.1, is 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141. Wabhy Expires 17 April 2024 [Page 3] Internet-Draft hpke-secp256k1-kem October 2023 4. Security Considerations Please consult the security considerations from [RFC9180]. 5. IANA Considerations This document requests/registers a new entry to the "HPKE KEM Identifiers" registry. Value: 0x0016 (please) KEM: DHKEM(secp256k1, HKDF-SHA256) Nsecret: 32 Nenc: 65 Npk: 65 Nsk: 32 Auth: yes Reference: [SEC2v2], [RFC9180] 6. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, . [RFC9180] Barnes, R., Bhargavan, K., Lipp, B., and C. Wood, "Hybrid Public Key Encryption", RFC 9180, DOI 10.17487/RFC9180, February 2022, . [SEC1v2] "SEC 1: Elliptic Curve Cryptography", 2009, . [SEC2v2] "SEC 2: Recommended Elliptic Curve Domain Parameters", 2010, . Wabhy Expires 17 April 2024 [Page 4] Internet-Draft hpke-secp256k1-kem October 2023 Appendix A. Acknowledgements The author would like to thank Christopher Wood for his input. Appendix B. Test Vectors This section contains test vectors formatted similary to the ones found in [RFC9180]. These test vectors cover both Base and Auth setup for each of AES-128-GCM, AES-256-GCM, and ChaCha20-Poly1305. (PSK and AuthPSK are elided because their DHKEM operations are identical to Base and Auth, respectively.) B.1. DHKEM(Secp256k1, HKDF-SHA256) HKDF-SHA256 AES-128-GCM B.1.1. Base info: 17adde3164d65a90d077fd9a0fdba665152c3336 ikmE: 4e627f7d755a76961e60ee218c2ab33ee877c49a2363bf03ae4dea2c811bf3c6 skEm: 30fbc0d41cd01885333211ff53b9ed29bcbdccc3ff13625a82db61a7bb8eae19 pkEm: 04591775168f328a2adbcb887acd287d55a1025d7d2b15e1937278a5efd1d48b 19c00cf07559320e6d278a71c9e58bae5d9ab041d7905c66291f4d08459c946e18 ikmR: 1020a03f4ec8eaf31018ee2c06774580fa5c6a1d5ead187bbcaf1412d003e381 skRm: a795c287c132154a8b96dc81dc8b4e2f02bbbad78dab0567b59db1d1540751f6 pkRm: 043ee7314407753d1ba296de29f07b2cd5505ca94b614f127e71f3c19fc7845d af49c9bb4bf4d00d3b5411c8eb86d59a2dcadc5a13115fa9fef44d1e0b7ef11cab shared_secret: 7eabf4bab973fc9cc8b3bb2fdaa4d7f154309c31d11214cc48b4a8f 3d65236f7 key: c508c44d920152fb8dd597c8edce4cd1 base_nonce: 4ac4413d13c5713d6c76fad2 exporter_secret: dd82a88bd58f05bc453a77495898af2df905be8b6ffe096a071b8 0edf3428d1c info: 1cdae379030a0423b12fc76ee1354749bede74e0 ikmE: e1528622348377db6d394241993bb5f4a743c94b2790a2e7546c1588ba4fd317 skEm: 0e102a20d5cad700fb7742f40d6fee95097216e75a9ab73150302a8aceaa0382 pkEm: 04f5b22e73b6050cbea5a1d1710474cdcda39d0d9e207a1dabb60ae430e7a4e2 392272b8d7e91741a4390f89657fd41b2e644153769d09eed9b61876a4a7b77166 ikmR: 01e6a31592cdb561760965669c453c12b8e0feb70fa73267ca5071a67fa4ffe4 skRm: 7c6ae8a1ef902bb0d9b5a7e1283d046970d4181ac3b744d8c9a471ced7ac2b24 pkRm: 04b7ee178b04df46a09ab4259d551f2d21f3cd69d6ae03d0f491177aaaa3bccc 28849506f7f426ed67f4e1c6e12c385c17140765ef5646af821f97f954f05c0613 shared_secret: 4587f2880b50184847f4e74f237f608c4c3821c16ba18d909e3cb2f 04f73df63 key: 5dd9cb6c744727bb6bc0b21c98e55e3f base_nonce: 384ba8b643938841034d978f exporter_secret: 66c6a00fd170192358866776800c295416771932ad82e5f780e62 3258a4ff4fe Wabhy Expires 17 April 2024 [Page 5] Internet-Draft hpke-secp256k1-kem October 2023 info: d7306d0a1fd86999ef883c941e02c4975ec29f00 ikmE: 521029f944906302688dc165f61c3d75eaabcf96f26a30251e7d14f7d2162ff1 skEm: b9b79736c1e17734d3f8d212786a038791c0189a000e4d575056e55ee1e46054 pkEm: 04ae021bcdc823096bd7f3cf14b39f4718e5be40ea8312b01af7adc217ac3ff1 9e538ad0b6a7be9737228d9730855f0f29ebbf0c34005a586e7556a636b0836f8d ikmR: f4027ea850c3b82daeddf7697e86be92ebb276a10b1eab7748acc024ca5d2c56 skRm: b94abd6542c300051737cc7eb324f5d04310fd329caa22ca30612e4f46bee3ef pkRm: 04d390f6ff008e96bab5ad35f25d543d6760f65608e799e268f472f0772145ba eeb03f4e8edc6fe1c638da86d0301b5d044f51a5d2975efb6083fda69dde6b4854 shared_secret: c879be0bba5934a054b44c13acd489d6b5be2b9ef37ad683ad08c29 46e3a40cb key: e436ac946f4d01edb49780bc75b5784c base_nonce: 14b3d065afc24c2205808d88 exporter_secret: 579bedf120431519f6f82ccdd1cb16ef0fc2460db1f7d38bee090 7bd4b55ad5d B.1.2. Auth info: 70aa544b76a9d75a2b98682243489b1a2a315cc2 ikmE: 4c74b4c2bf105ba4390c23399b43a0f08de95686133e90288deafcea786f313e skEm: be124a18ba7956629489da30493aae91a51ad2bd1a41f34b39ec6b28de946576 pkEm: 048f1100da3b5413c417e224262b45f146884e21691c0ffff11cd04a762598c5 e739f8c5d460a328de39c94a1ab922c9419be89cc36d262cb7ce8a28f850f8e8ff ikmR: f3dc9707eac8feb1a86c96279e23318fae9f3e2c04aca5ca9e2ace204488bd35 skRm: 040fc95447fff5a811321da69ff4655d185d58edef93453ab23dfb1be2f02702 pkRm: 04a3935d9f2ea9c4b23cdf49f4761625b2acbc1fc89532fe2c3af9d1b1c61b9f 167f61ba6125d47151df26e2ecfa851bd79719c99ff354c9b9e9619f25cb6ba6d7 ikmS: 9fbf7fcf111cc65b6079290c65d0839396104f2dfd39ad34196a4b29d4122383 skSm: 040fc95447fff5a811321da69ff4655d185d58edef93453ab23dfb1be2f02702 pkSm: 04a3935d9f2ea9c4b23cdf49f4761625b2acbc1fc89532fe2c3af9d1b1c61b9f 167f61ba6125d47151df26e2ecfa851bd79719c99ff354c9b9e9619f25cb6ba6d7 shared_secret: a2dad1b68920ce1052742b1f293d819735a6486a2ebe7443a655105 9a538bfdc key: 56fe074940f495dc98c84b6328be4ebc base_nonce: 86a7381e39a2385c9a1c3118 exporter_secret: e0abbed4f7753f450466fa5e4d37fe32ee72c5b17b0ec8de79d14 37b49646ac2 Wabhy Expires 17 April 2024 [Page 6] Internet-Draft hpke-secp256k1-kem October 2023 info: 1d49ad98eb394f251ca6ae5c0badb0573c85bcfd ikmE: 769a0a841620dd1dbe74b394259ff53c8921a18cd839dd1dfc689efb6f0a50df skEm: 22ce73fde1d929fa60debc5e09bde0dc05a84657c550d62a864b422b00e6ddca pkEm: 0418faf0d455e8b565932bba553517f2e5648ab5caa96f3cde6e536f516dfaee 9752a3a0b7495c87157540f760e4da15905c40a5fad8844b439cd50161a5fa01b5 ikmR: a19c255f687911e217deac27b4719003010c98fae415b7e1247f09357bdf8f10 skRm: 231b758bae09399a9c4933e314e65d30c6df2e735f4d8e0a3165e5cdd2ff0ea7 pkRm: 0470b0633389d768176915fd0e1ee091ad8f8c1eb2e31a11f11896a0ddb38bc1 6abb1bfe5c171517544bfd748d482a2ed373d6ecbd2da0f03a790601af33ad8684 ikmS: eda7668b68703bac51603156c64b2e5a5d8958d7f501130b105ee7438593a7c2 skSm: 231b758bae09399a9c4933e314e65d30c6df2e735f4d8e0a3165e5cdd2ff0ea7 pkSm: 0470b0633389d768176915fd0e1ee091ad8f8c1eb2e31a11f11896a0ddb38bc1 6abb1bfe5c171517544bfd748d482a2ed373d6ecbd2da0f03a790601af33ad8684 shared_secret: 92bb5f23fa0ff749330cb744af8ab7b99e89c721e623ef70e37a6d7 674453935 key: 35b7fd94f255eb4c760b2388c513bd7b base_nonce: 1d960dd240d63fa036c34956 exporter_secret: b9d96dbff3ea25237adee470214d26f6033db829e5e8cd74de0c9 7e1ddc41293 info: 8820687431c25b9b93bfa0b397bc1ab2f0dfe94f ikmE: 0b4aed6b990fe00241d80c0bc417c08e3ebd9468371b1b96dc938c9ee2fb4a6c skEm: e8d53705b5fc12b6d37c30a2b0b8ec2cead7ecaa413cf98d88884837b4adb41a pkEm: 04336072155d3ece3a03a18508e9196fb4ee31768a00858ad157b493dff9a81c 476e83faa94252d2cba58ec2cca9aa157e292e73e86b0603930d86f38fe5453f68 ikmR: 73740fb056be371fe34c0e638d766c0553e80a10b325145aa73694b899932522 skRm: 995c9a7bb1e0f85b01734b966fc6e41281aaac32b7142ad18c8aacd7215d6619 pkRm: 04382f87d0d37c7fc59f2831f60b90565feaacfab11facb3d902056dd1815928 1b948028a2fecffa4eda96c365a3b3a0852fa8bafb64863a369b0c954e3ac8f6a1 ikmS: 6cfc950b8d36c5f06ced5a70bba7b936269aa30f7c122728eff2525099f3eb27 skSm: 995c9a7bb1e0f85b01734b966fc6e41281aaac32b7142ad18c8aacd7215d6619 pkSm: 04382f87d0d37c7fc59f2831f60b90565feaacfab11facb3d902056dd1815928 1b948028a2fecffa4eda96c365a3b3a0852fa8bafb64863a369b0c954e3ac8f6a1 shared_secret: c7ef717fb680bd421bd36279228a4c164f8ea860846fb779afee15c a7596c1f7 key: a4430c9849caddeadac9e36619572984 base_nonce: cee547962ec2914771d81fad exporter_secret: 09db3c29fc8c1889965ea252352dc6c805ba74bcb761a1e2e4903 d03002ce773 B.2. DHKEM(Secp256k1, HKDF-SHA256) HKDF-SHA256 AES-256-GCM B.2.1. Base Wabhy Expires 17 April 2024 [Page 7] Internet-Draft hpke-secp256k1-kem October 2023 info: b546c00cece2e2ff0815eb0f8124fb9028c66e80 ikmE: 41233637379f346f4e70e9ca44c31e7ee284d42a5bfd72572ae8884a09aa355e skEm: 8979ee752423d020085c75cce1644959f819464a4c1c4e9a28ce4dd482991c1c pkEm: 040de7712da136d40779452a32e70ec834fa092ee8e3f26450786c6cd51396e8 596c958065594d30432e812fc7a53a10d7fce2ce9bf52ccce72cbad4c79d3b17f6 ikmR: 323c89b1ca03ca9c4ac6316d02f4604f2f6804665a13d8635786281f00f18006 skRm: 024be5fda9036a2d81f8c634193b5ce83e65bfc4373ae8b7a960fea8770d1f8f pkRm: 040986ec455812ddd870414c2753f75dadaefda155bc7bd18c4ab6ff3dd61b2e a3bee4ab2a0160b8e330757fc6d81d88ece7051bd9a07fa7e5368ea579e2e6c0e6 shared_secret: ad889cd7b11e8881252f8f12539be9f5e36d2b95c96c875fb0e449c 711e8bc0d key: da2f3e53e24306c97331e92f564b6c207246e9ab4dea07a472401702d0af5c53 base_nonce: d4d0dcfeeb6767d808f319e4 exporter_secret: 3edae43083bb52033f9ff2eea2bf5a8bdc8bbd5509e5958b09c47 7b32d2432ae info: 237b97992f7d59a4fa96f628b6ddb8d8fe9b74ef ikmE: e94e2130878a3afb37d7a8447e7f8c3b83036c842c34710a46bc125cdb67207d skEm: 4ec1abbf0a8b5a8193f800f937c5d2f3dba07b21d787c273d5a04a3ca36d2ae2 pkEm: 04ec5d5055fef3d087b945edd7b7929ca654ac7f28125abbfcd10b8c1611e229 0aa807451086f66ae9346c5bfeda63b098166dbee3851c0e5e0d798ecb4b1ab00b ikmR: b93e2e31319435db36e3f59a7b27743d2beb3cc5c782d0cea69521d403b0e0c5 skRm: 92fe8b8b8e343dd483227c8fbe3b6c400b995c427464a46c9529f0b23bcf7640 pkRm: 0423b3a51484936f310bd30ee7ca6d8ddd2c218fa706877165445b1d852676b2 85ca4162e704a2595d4b6f7fc411d1c2610ef3a64b8b318c797787b73b1008c1e8 shared_secret: ac59cd63169bf1a7dee04c3826de9620bea20439ae0014a6aef019d 9c2f908a3 key: 75ad242135d5592bd3f903a248ce1c76b1059011a1110cb080223190b47bb1c4 base_nonce: d9b549e5777926737decd367 exporter_secret: cfa9e09c696d5b277a82576822f160a8e0154ac165c9dcfe6ad4b 99fe14b5933 info: a2bb7b11f256061eaff55351e70f6feb1b584c05 ikmE: 8eaaded2e37e7ce4f15d161a6b0df3b83314c04238c7f766553f7c9f6710f700 skEm: efcf9e3ae3eb2e16dc93f69cfb1049e7e5fdb15a72e7a3d75ba67f5533fce2de pkEm: 0454d07e51db25cfdaabcfcb9899058556bc2d5368ecf670232f82501fdfb701 fc85825be30bb0e6942eb4e9957efcf8b5118ed5508c0ae7dde01dbdbfb21f43d6 ikmR: 6590a304421bb59ec56fe898a9c551f31ae24ac2b342200cd16ff338f6142065 skRm: bd8150f2eb51c76d9651849cb9447d91282290d50a7cbe15cbea20f8b79e3430 pkRm: 04dbbeff50553f1b320862e4eb5d7a695fd0237cedaabbe458ca3bd12154d5c2 579dc94ff3eb6d160076f1569354be758db949dc78176e5b59c6605dd4e799d946 shared_secret: df215ff78aa76de1e4ca71498295008da4db44899625423bb4f4c2f cd49f89e4 key: 271e4c0be542d8b2240d53a3624052f4fcf7105870106b633478d00c052f5ec7 base_nonce: 1dbe7972d32c82968c616b80 exporter_secret: 0e5e5d69f8700632e14be0904eb145f619535fccfbddf3845c007 2aeac376159 Wabhy Expires 17 April 2024 [Page 8] Internet-Draft hpke-secp256k1-kem October 2023 B.2.2. Auth info: 5d5e00224d79f2a0890265c0038cb8b95fa2cc2d ikmE: 3e1ad67e84680247c9918dbfd60751b1b1a16191929c1f4302c18947b61980ea skEm: c958968d81e6827bc18c64511c60598411da2c21e3b74ba7e030f2d6f41d83b3 pkEm: 0459c8cec477bfb5eb8c8f91caf1b892ee89ee56f59364c19daf0153d93da0cb 87bf76ba75bb479cf37594eea19697a459f469ed75e649de8e39cc562cad59eccc ikmR: e536c3b25ca8e60c44a1788eca0d3cc74c143afa8418170f0219390d3c4bc291 skRm: 45ea3cf6c4fcf5d9874b58f3d7a518584e4e5349756b41d79f76fdbd280259f8 pkRm: 04376203ae7189b010cf97c5df7f8451c836bc4bfe9572d62c88858e1fb58179 9c762a0157f5f15055c91da4ece1bd536d28cd2cdffd233ee9632b3f8a9c237861 ikmS: 88ddb133402f64de19356158d08deb4f26c1b03e0a7d86dd9bdf6811c5fcd131 skSm: 45ea3cf6c4fcf5d9874b58f3d7a518584e4e5349756b41d79f76fdbd280259f8 pkSm: 04376203ae7189b010cf97c5df7f8451c836bc4bfe9572d62c88858e1fb58179 9c762a0157f5f15055c91da4ece1bd536d28cd2cdffd233ee9632b3f8a9c237861 shared_secret: df2175829001db870da7e0c91f44950281600f01eb7544a684130bd 3316d0cac key: c7134d59f91f41b3c8ce764fef3aa93881ada3a6238c1e2cfc75e1c14dd6845a base_nonce: e5c60c8e0a64f115803e85de exporter_secret: 1801bd0baf8879470b9652c68e53dea9061d31f658a3bf2196628 6dd511b2858 info: d6660fbfc7e847dd12b5fcbe7a2fd2cbf89213a7 ikmE: f0d45729871415f0a9bf35c7f8d571cfe888e630e9dce11dd99b52fa1cfb4fda skEm: bfa1d9e9da1c0197945f00e66503f98ed2649867eddb545c999c3fd97584ab51 pkEm: 04369ad68d24312192dd3d1c61a8706a9c9eb54d5228d71f94d344cc2f92970e b8f0dae8afb82a219573a985d2dda6f92ba2a5d426663449e9a6999539a5d9f9d5 ikmR: 0cc37e627d373599331c3db629be6d25dd0484abaccca3797280e4e32a5c1b5e skRm: 9cb30e13f8f41a412d2826ef1d71579c986562de7c17a09a87ffe28bc95f13ac pkRm: 04babd0c1957808bfc98fdcc195c01cfd1c70797983b25cbddae3537e8e36a5b ee6d9cbf0a9229f35429c2f19b614f76264b91e8998dc4d2902b8cfc465a1a95d0 ikmS: 81f8f68edca7e035e2ee951bbe9bfe23ee9c9728827b859e8ccd680fa6dd87e5 skSm: 9cb30e13f8f41a412d2826ef1d71579c986562de7c17a09a87ffe28bc95f13ac pkSm: 04babd0c1957808bfc98fdcc195c01cfd1c70797983b25cbddae3537e8e36a5b ee6d9cbf0a9229f35429c2f19b614f76264b91e8998dc4d2902b8cfc465a1a95d0 shared_secret: 14824b9713858a209a3d2a68ec26a8a6e7621a713e6dbb6047e5129 f9c8dfe6d key: 378ccc8c5c73b198bf749b11a9744609337369223da982aa17028cf9e072227b base_nonce: 38e90c2b03354ecb8c9396bc exporter_secret: 04cab076925a1107c87b100674b8d329f89af0df06278a96740f0 90806f59a85 Wabhy Expires 17 April 2024 [Page 9] Internet-Draft hpke-secp256k1-kem October 2023 info: f9b3f2ca40d56439b72c07ea5c06886c4acc683f ikmE: 2206f1169f0d68e199a2a9bb2cf484d83090cae9b593eba1635f80e6c0435cf0 skEm: 582a80b7e7b3c91d82df5a6b9b17b92e661cdc513e46fe112ed88afc0efbb4bb pkEm: 04b47ace4817e039a6241377fa0afb7395af9bf9f8993959cff9e0872db8a314 1c22c7ceb49884bb3ab1bf9afe70cbcde0221a75d2ef405f80a741fba9c8fb274d ikmR: 3c45964e1d076031406ce364ff2fce2271ef1b3966fe6596a7adf132bb00399f skRm: c77d7063296c1b35074a58b2a282c07caadb5b576cba83a4d41349b26e1a0093 pkRm: 046db554ec0a179d3f43fa71202d711d346ce16c09066b4e212d7ea98e51ede8 90de889dc65c90e47afecd00435d4fcacc6a6d1f57384ae5d1a913658b02f9d40a ikmS: be586f34314201e16cf2f1e0d94a49e772c99ce77ae04670fd496bf361c68e2b skSm: c77d7063296c1b35074a58b2a282c07caadb5b576cba83a4d41349b26e1a0093 pkSm: 046db554ec0a179d3f43fa71202d711d346ce16c09066b4e212d7ea98e51ede8 90de889dc65c90e47afecd00435d4fcacc6a6d1f57384ae5d1a913658b02f9d40a shared_secret: 100cb3cfb6dbc5895a187929369a13e75a1f1699858adf57d6b1db9 6f00c26f2 key: ff066011ab54788cdd3262ed6bf8ef450e3027d750cb0f2c3176da8f788090ca base_nonce: 4d3ca64e83d78bcd349aeb73 exporter_secret: 5572a00abeb0270246014c02b00985c5e19de0b872a1d7d8a1b20 bb744c7d794 B.3. DHKEM(Secp256k1, HKDF-SHA256) HKDF-SHA256 ChaCha20-Poly1305 B.3.1. Base info: 609dcb9844f8412343191f93add1177186c03a36 ikmE: 77caf1617fb3723972a56cd2085081c9f66baae825ce5f363c0a86ec87013fa0 skEm: 1300156862599d00ecbb066644bf4d4505b56a9b235eae7a8632defc4335d5c0 pkEm: 0471788be0ccf916302c4f2225bba89a0ff3832df1fe50b48d8ccb910be74e30 241428ba6de731ccf538ded2913febdfe14b2648fafb8fdd35b8aa91804c706076 ikmR: 71b530bed75fc3fa2f8e8bb163203e6ee676565cc61cd59d66352676341c0688 skRm: 4a99cf59fb6af25c324299a39fef2db3931667ee89528e3aacc8b61d591ad643 pkRm: 04e660b55a28899c472ca023dce35f23da3cf16677dbdce9ed25353bd8b70cbb 8bee0abd2cc8936aee263a08d5b2a15d29a16d12b75fda63b9c614c477af165e2d shared_secret: a81a3ccf56f48c699eb9f393e0701692836f9ac2e06b493ccbf99ac 68a792bbe key: 4c260fe82e8c3737e7a70c3223cb16fc205682255389ad4bc3e7fae42c46b062 base_nonce: e035bbf3c39ff5a7196cfe84 exporter_secret: 83e82aad90186ddd7e1db090c840ee70eb6cac7531b64dc52a129 97462c8d0d8 Wabhy Expires 17 April 2024 [Page 10] Internet-Draft hpke-secp256k1-kem October 2023 info: 325c816adeee49bea410f0db92947892378f6e0c ikmE: 597ba1fe9a4db02225bbb3e4cd150ceb68636e84d80e728f1be6b22e8aeefcb0 skEm: 29e4ff54b558f0a5b3c8f7c016736f6b784ed71d1395bbee07ae4320919465d1 pkEm: 04a3f4964462ee117c47ed7c129ce25c574d1cd97aa2fde60abdb8616be0f5c1 a6fe12c847b07ffca907c8e3f7eb58fe94042b78a90f27318d5421e96af9acab7a ikmR: 9cabb8ddac5293c96ffcdaa3aa1c797ecba36f9c2d21ce27495f52ea80497a5c skRm: dad1397389c4ff7fa014068bcfbf0c2ea2e24d78b0395fa3de9e88802bc8a684 pkRm: 04be3e5d3dfcc77e81f96f90c5fa3ce7f6f7f7005acaf39a2c3d7d47f1ac1cf1 0bcd06191d07366e706a2ca77e2e0571e11bfc2cbd471904ef0d999af757939da1 shared_secret: 9edafcdb619dabc578d8f7b7b055ac66d5cfb6219b90f69d13d297e d49f3aaf3 key: 6e771cd99a23e82ddbd972ecc1b7d3bcd5d6f961370ac2ff785e6776b47b2d53 base_nonce: 208b33e382b39dfc1ebb2c95 exporter_secret: ead4fa0d88885cc36792039cbf75110d57eac32e883395eae3ccd eba0a53b3d4 info: 5d274e2436d921573ba466fb5ebef86bd5f77f34 ikmE: 149db0ca6bd0bdabbfca4a61c4a6507efff33eedd844d9e1c299cbaab3a1d006 skEm: a342069714f97f18a844495779cf41e82ffa7e98c197ffd1276a8d74823c2519 pkEm: 0460cb3f0f85591f7b804fe91882b442837b9b535ea9c9fbd2d3adda128967d9 374ba8c7da87e8af31a32a326da570bc96044a731e1857246b881051b8d86779ea ikmR: 2d00ee3b22d16bd33224c2cd32158437bd0e0e3c053307d697b70e55f578f009 skRm: 1ef5ec4b4482951fca257b0a0709f376f08c30a647cefa10f9b150a6839385ff pkRm: 04706fd6e62dbf8a440f9f77bc47eb0703177f0f80275ce4be175c9c86953677 9a64806dff22c83ceb9b4a87302415a161b7d30a55521d181a6d01974c0648773e shared_secret: fffa60534552d71101540d8022cd1ffe896da801fe55e194b9d71f1 ce882b6ff key: ebe85898642db23679f83ae4a81efdea5feb4103553b9834cb1f4f602bcef495 base_nonce: ea1e6ce9451d45f9295189c2 exporter_secret: 92ea7629022c39382b333c1dcdc2dbed9cd2de4fe1d5732012557 7231aa35203 B.3.2. Auth Wabhy Expires 17 April 2024 [Page 11] Internet-Draft hpke-secp256k1-kem October 2023 info: 42bb2361c10ad20c7f7403d3e048f8f74139258a ikmE: f402a160b0dd43a5490e9315dd8ea386eb3b2bde9e252857e8a3132fa084506b skEm: 338693112ca52e24b33c8211cf654ed6c9c44d1e74f344c724728cd9a4554053 pkEm: 04de99438fc76aaec2117df2346593c16f0a70ea9695ca7651aff895463b91e3 f3c846925784ddabd6b00b5094c10ba3b11bb9ff8b11ff2e853ac03373f09d9109 ikmR: d574268376eddb281b0dd1a5fda3f073d1b7b070a90387727e7433d87ec80d6d skRm: 38aca581ad6a6a202fa89ac49f89650fac018b7f1d724a72040fea497ed95b84 pkRm: 04a6e334bb434dcf340fa2a8267ed828b23632de1f346b8acd7a5b8e83b9bc3f 58bbfabfc27dad4cbc30230de97bada0568c73f1ee877a885f5a3754bfc2287c84 ikmS: e9e68de251a00dcf0d91ca20883153bb69b912df0ba9c20938407c787f44ea67 skSm: 38aca581ad6a6a202fa89ac49f89650fac018b7f1d724a72040fea497ed95b84 pkSm: 04a6e334bb434dcf340fa2a8267ed828b23632de1f346b8acd7a5b8e83b9bc3f 58bbfabfc27dad4cbc30230de97bada0568c73f1ee877a885f5a3754bfc2287c84 shared_secret: 9b61edd3a878a5c4386bd6c42c4f2334a1ad4029e62b4cd24b16b3d b41f4cb0f key: f18103a860ae1eee5147aec66c2111ccc937529f9e0ba499038471326daa205e base_nonce: a1172b6040d1f7da83916d94 exporter_secret: 89125c238053ad3cefb2a0acdb8da1ce89785dba613a0ca83ed78 035c51f3667 info: e15ab879ecc83017469ec2bf48a288adc97035a3 ikmE: 744f6bf36c108984aab7c03eea5feb427c03f4f3ecc4dca500f70c3a467c5cdd skEm: 3748d1306a790e7f3776fbd17ebaae45c849de2b0f9122cfe9d85779a7923c3f pkEm: 04be4687eb1e76e957285a08e4599cf31b4649e99b0b069bbb6f36572a6b366f 1b835a507ee14d8a6580e25a2e4ae8d7d8f4df9243e801b888953f324b93686527 ikmR: d11ebff931558abd86811790816a9163fe2bdb6f3c07e8157510e2bf73d7c3de skRm: d61a862e6371a00a44b39f96cb754a14f53784c6458ee19f9a3613050a855613 pkRm: 04bf9683977dc086e89d461f7b34134e5889fbc872faa34121f5c16f304f5532 506c32882f37c2f7b0391daf6e2343191bc0ac639ff2d87fbedd0c9d71ef533ffa ikmS: ea62965347a6e7dac5787b43623383a8e722f925bb81c88a58508433859847e8 skSm: d61a862e6371a00a44b39f96cb754a14f53784c6458ee19f9a3613050a855613 pkSm: 04bf9683977dc086e89d461f7b34134e5889fbc872faa34121f5c16f304f5532 506c32882f37c2f7b0391daf6e2343191bc0ac639ff2d87fbedd0c9d71ef533ffa shared_secret: 3d648a64012a0dff200489823e2bb9f6b84adedc651f276d2fba82f ef45ac12b key: 8219ab2ae96460b3de411fd8bb4e68a9cef0c307be1e4564cd8267fb98d204d3 base_nonce: 7b5ae3238d6fabb7ff4b8525 exporter_secret: a93e33fbd26a6fafd97e195432c553d8a08b08993e62d7442e1d4 4b89acc17cd Wabhy Expires 17 April 2024 [Page 12] Internet-Draft hpke-secp256k1-kem October 2023 info: 76984d45b8f9873c786889869e0520afdf0a1044 ikmE: 682d4606d4d401bce174fd98c88e6a395f79b903216eb8b2a38b7b2081f6709b skEm: 2f53e5ac16cbf332beefd34482c332fa41dc675b2caa616c8dc7e30ecfa4abea pkEm: 042624b24f16ad4366b316501472150f58e9d35e9c5e14781a5b7f79b69a7837 4599c681b0629c35fcecd761424cf234deb2565173dbb3fadb8ad480f4cdbe5b6b ikmR: c92d590379d06dfe53f19c4785248a21efda81f3e2b39acd30dc088e110b86f9 skRm: 647400c833f994714a1dea157305117729a832bb81a44748437e59ac2376c027 pkRm: 044f69b9a4293a1c85504b724b33dcb690890c47d466ce49337942ad4551cc1b 5c718f2752f8e1beb1de18486caa36eb35cb33b2f462c03a7fad719d39fe65101e ikmS: d4954c6a2ffdd1e7e8a87798abeb92b7133b0813df1fe32d3a04eb048d9e3068 skSm: 647400c833f994714a1dea157305117729a832bb81a44748437e59ac2376c027 pkSm: 044f69b9a4293a1c85504b724b33dcb690890c47d466ce49337942ad4551cc1b 5c718f2752f8e1beb1de18486caa36eb35cb33b2f462c03a7fad719d39fe65101e shared_secret: 1a114e3937dc06ca7244dd98ca0a6bf8a5f2670158bab5c5a4f1b40 5a1070923 key: f05d8f2758709dc289c1b927f7962a57ba1f8c357e3ae39f091db11a0661a3ef base_nonce: 819ca6581c15755e5253500f exporter_secret: 1468983239658659d90f6e257769b5fd561d68f8096496400fb6d b635108a210 Author's Address Riad Wahby Carnegie Mellon University Email: riad@cmu.edu Wabhy Expires 17 April 2024 [Page 13]