Internet DRAFT - draft-westerbaan-cfrg-hpke-xyber768d00
draft-westerbaan-cfrg-hpke-xyber768d00
Crypto Forum B. E. Westerbaan
Internet-Draft C. A. Wood
Intended status: Informational Cloudflare
Expires: 24 October 2023 22 April 2023
X25519Kyber768Draft00 hybrid post-quantum KEM for HPKE
draft-westerbaan-cfrg-hpke-xyber768d00-02
Abstract
This memo defines X25519Kyber768Draft00, a hybrid post-quantum KEM,
for HPKE (RFC9180). This KEM does not support the authenticated
modes of HPKE.
About This Document
This note is to be removed before publishing as an RFC.
The latest revision of this draft can be found at
https://bwesterb.github.io/draft-westerbaan-cfrg-hpke-xyber768d00/
draft-westerbaan-cfrg-hpke-xyber768d00.html. Status information for
this document may be found at https://datatracker.ietf.org/doc/draft-
westerbaan-cfrg-hpke-xyber768d00/.
Discussion of this document takes place on the Crypto Forum Research
Group mailing list (mailto:cfrg@ietf.org), which is archived at
https://mailarchive.ietf.org/arch/search/?email_list=cfrg. Subscribe
at https://www.ietf.org/mailman/listinfo/cfrg/.
Source for this draft and an issue tracker can be found at
https://github.com/bwesterb/draft-westerbaan-cfrg-hpke-xyber768d00.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
Westerbaan & Wood Expires 24 October 2023 [Page 1]
�
Internet-Draft hpke-xyber768d00 April 2023
This Internet-Draft will expire on 24 October 2023.
Copyright Notice
Copyright (c) 2023 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Motivation . . . . . . . . . . . . . . . . . . . . . . . 2
1.2. Not an authenticated KEM . . . . . . . . . . . . . . . . 3
2. Conventions and Definitions . . . . . . . . . . . . . . . . . 3
3. Construction . . . . . . . . . . . . . . . . . . . . . . . . 3
3.1. SerializePublicKey and DeserializePublicKey . . . . . . . 3
3.2. SerializePrivateKey and DeserializePrivateKey . . . . . . 4
3.3. DeriveKeyPair . . . . . . . . . . . . . . . . . . . . . . 4
3.4. Encap and Decap . . . . . . . . . . . . . . . . . . . . . 5
3.5. AuthEncap and AuthDecap . . . . . . . . . . . . . . . . . 6
4. Security Considerations . . . . . . . . . . . . . . . . . . . 6
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6
6. References . . . . . . . . . . . . . . . . . . . . . . . . . 7
6.1. Normative References . . . . . . . . . . . . . . . . . . 7
6.2. Informative References . . . . . . . . . . . . . . . . . 7
Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 8
Appendix B. Change log . . . . . . . . . . . . . . . . . . . . . 8
B.1. Since draft-westerbaan-cfrg-hpke-xyber768d00-01 . . . . . 8
B.2. Since draft-westerbaan-cfrg-hpke-xyber768d00-00 . . . . . 8
Appendix C. Test Vectors . . . . . . . . . . . . . . . . . . . . 9
C.1. X25519Kyber768Draft00, HKDF-SHA256, AES-128-GCM . . . . . 9
C.1.1. Base Setup Information . . . . . . . . . . . . . . . 9
C.1.2. PSK Setup Information . . . . . . . . . . . . . . . . 14
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 19
1. Introduction
1.1. Motivation
The final draft for Kyber is expected in 2024. There is a desire to
deploy post-quantum cryptography earlier than that. To promote
interoperability of early implementations, this document specifies a
preliminary hybrid post-quantum key agreement.
Westerbaan & Wood Expires 24 October 2023 [Page 2]
�
Internet-Draft hpke-xyber768d00 April 2023
1.2. Not an authenticated KEM
Kyber is a plain KEM that does not support the static-ephemeral key
exchange that allows HPKE based on Diffie-Hellman based KEMs its
(optional) authenticated modes.
2. Conventions and Definitions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
3. Construction
In short, X25519Kyber768Draft00 is the parallel combination of
DHKEM(X25519, HKDF-SHA256) [RFC9180] [RFC7748] and Kyber768Draft00
[KYBER]: wire encodings of public key, private key, cipher texts and
shared secrets are simple concatenations.
A KEM private key is a tuple of an DHKEM(X25519, HKDF-SHA256) private
key and Kyber768Draft00 private key, where each is an octet string of
length 32 and 2400 bytes, respectively. Similarly, a KEM public key
is a tuple of an DHKEM(X25519, HKDF-SHA256) public key and
Kyber768Draft00 public key.
Kyber768Draft00 is Kyber768 as submitted to the third round of the
NIST PQC process [KyberV302], where it is also known as v3.02.
Note that this hybrid KEM is different from the one defined in
[TLS-XYBER] based on [HYBRID] for TLS, as raw X25519 shared secrets
can be used, thanks to the message transcript.
We use HKDF-SHA256 as the HPKE HKDF. We denote the DHKEM(X25519,
HKDF-SHA256) KEM as DHKEM throughout the document.
3.1. SerializePublicKey and DeserializePublicKey
SerializePublicKey and DeserializePublicKey encode and decode
X25519Kyber768Draft00 public keys to and from their wire format
representation. Their implementation is described below.
Note that DHKEM public keys MUST be validated before they can be used
as stipulated in Section 7.1.1 of [RFC9180].
Westerbaan & Wood Expires 24 October 2023 [Page 3]
�
Internet-Draft hpke-xyber768d00 April 2023
def SerializePublicKey(pkX):
(pkA, pkB) = pkX
return concat(
DHKEM.SerializePublicKey(pkA),
pkB
)
def DeserializePublicKey(pkXm):
return (
DHKEM.DeserializePublicKey(pkXm[0:32]),
pkXm[32:1216]
)
DHKEM.SerializePublicKey() and DHKEM.DeserializePublicKey() are
SerializePublicKey() and respectively DeserializePublicKey() as
defined for DHKEM in Section 7.1.1 of [RFC9180].
3.2. SerializePrivateKey and DeserializePrivateKey
SerializePrivateKey and DeserializePrivateKey encode and decode
X25519Kyber768Draft00 private keys to and from their wire format
representation. Their implementation is described below.
def SerializePrivateKey(skX):
(skA, skB) = skX
return concat(
DHKEM.SerializePrivateKey(skA),
skB
)
def DeserializePrivateKey(skXm):
return (
DHKEM.DeserializePrivateKey(skXm[0:32]),
skXm[32:2432]
)
DHKEM.SerializePrivateKey() and DHKEM.DeserializePrivateKey() are
SerializePrivateKey() and respectively DeserializePrivateKey() as
defined for DHKEM in Section 7.1.2 of [RFC9180].
3.3. DeriveKeyPair
DeriveKeyPair deterministically derives a X25519Kyber768Draft00
private and public key pair from a fixed-length seed. In particular,
a single seed is stretched and passed to the relevant key derivation
functions for DHKEM and Kyber768Draft00.
Westerbaan & Wood Expires 24 October 2023 [Page 4]
�
Internet-Draft hpke-xyber768d00 April 2023
def DeriveKeyPair(ikm):
dkp_prk = LabeledExtract("", "dkp_prk", ikm)
seed = LabeledExpand(dkp_prk, "sk", 32 + 64)
seed1 = seed[0:32]
seed2 = seed[32:96]
sk1, pk1 = DHKEM.DeriveKeyPair(seed1)
sk2, pk2 = Kyber768Draft00.DeriveKeyPair(seed2)
return (concat(sk1, sk2), concat(pk1, pk2))
DHKEM.DeriveKeyPair() is DeriveKeyPair() defined for DHKEM in
Section 7.1.3 of [RFC9180]. Kyber768Draft00.DeriveKeyPair() is the
key generation as defined in Section 11.1 of [KYBER].
The suite_id used implicitly in LabeledExtract() and LabeledExpand()
on lines 2 and 3, is derived from the KEM identifier of the hybrid
(0x0030).
The suite_id used implicitly in LabeledExpand() and LabeledExtract()
within DHKEM.DeriveKeyPair() is the KEM identifier of DHKEM (0x0020).
ikm SHOULD be at least 32 octets in length. (This is contrary to
[RFC9180] which stipulates it should be at least Nsk=2432 octets in
length.)
3.4. Encap and Decap
Encap and Decap are the primary KEM functions. Their implementation
is described below.
def Encap(pkR):
(pkA, pkB) = pkR
(ss1, enc1) = DHKEM.Encap(pkA)
(ss2, enc2) = Kyber768Draft00.Encap(pkB)
return (
concat(ss1, ss2),
concat(enc1, enc2)
)
def Decap(enc, skR):
(skA, skB) = skR
enc1 = enc[0:32]
enc2 = enc[32:1120]
ss1 = DHKEM.Decap(enc1, skA)
ss2 = Kyber768Draft00.Decap(enc2, skB)
return concat(ss1, ss2)
Westerbaan & Wood Expires 24 October 2023 [Page 5]
�
Internet-Draft hpke-xyber768d00 April 2023
The suite_id used implicitly in the LabeledExtract() and
LabeledExpand() within DHKEM.Encap() and DHKEM.Decap() is the one
derived from the KEM id of DHKEM (0x0020).
3.5. AuthEncap and AuthDecap
X25519Kyber768Draft00 is not an authenticeted KEM and does not
support AuthEncap() or AuthDecap(), see Section 1.2.
4. Security Considerations
We aim for IND-CCA2 robustness: that means that if either constituent
KEM is not IND-CCA2 secure, but the other is, the combined hybrid
remains IND-CCA2 secure.
In general [GHP18] [COMBINERS] this requires a combiner that mixes in
the cipher texts, such as, assuming fixed-length cipher texts and
shared secrets:
HKDF(concat(ss1, ss2, enc1, enc2)).
In the present case, DHKEM(X25519, -) and Kyber768Draft00 already mix
in the respective cipher texts into their shared secrets. Thus we
can forgo mixing in the cipher texts a second time.
Furthermore, in HPKE, the shared secret is never used directly, but
passed through HKDF (via KeySchedule), and thus we can forgo the call
to HKDF as well.
5. IANA Considerations
This document requests/registers a new entry to the "HPKE KEM
Identifiers" registry.
Value: 0x0030 (please)
KEM: X25519Kyber768Draft00
Nsecret: 64
Nenc: 1120
Npk: 1216
Nsk: 2432
Auth: no
Westerbaan & Wood Expires 24 October 2023 [Page 6]
�
Internet-Draft hpke-xyber768d00 April 2023
Reference: This document
6. References
6.1. Normative References
[KYBER] Schwabe, P. and B. Westerbaan, "Kyber Post-Quantum KEM",
Work in Progress, Internet-Draft, draft-cfrg-schwabe-
kyber-02, 31 March 2023,
<https://datatracker.ietf.org/doc/html/draft-cfrg-schwabe-
kyber-02>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/rfc/rfc2119>.
[RFC7748] Langley, A., Hamburg, M., and S. Turner, "Elliptic Curves
for Security", RFC 7748, DOI 10.17487/RFC7748, January
2016, <https://www.rfc-editor.org/rfc/rfc7748>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/rfc/rfc8174>.
[RFC9180] Barnes, R., Bhargavan, K., Lipp, B., and C. Wood, "Hybrid
Public Key Encryption", RFC 9180, DOI 10.17487/RFC9180,
February 2022, <https://www.rfc-editor.org/rfc/rfc9180>.
6.2. Informative References
[COMBINERS]
Ounsworth, M., Wussler, A., and S. Kousidis, "Combiner
function for hybrid key encapsulation mechanisms (Hybrid
KEMs)", Work in Progress, Internet-Draft, draft-ounsworth-
cfrg-kem-combiners-03, 13 March 2023,
<https://datatracker.ietf.org/doc/html/draft-ounsworth-
cfrg-kem-combiners-03>.
[GHP18] Giacon, F., Heuer, F., and B. Poettering, "KEM Combiners",
2018, <https://doi.org/10.1007/978-3-319-76578-5_7>.
[HYBRID] Stebila, D., Fluhrer, S., and S. Gueron, "Hybrid key
exchange in TLS 1.3", Work in Progress, Internet-Draft,
draft-ietf-tls-hybrid-design-06, 27 February 2023,
<https://datatracker.ietf.org/doc/html/draft-ietf-tls-
hybrid-design-06>.
Westerbaan & Wood Expires 24 October 2023 [Page 7]
�
Internet-Draft hpke-xyber768d00 April 2023
[KyberV302]
Avanzi, R., Bos, J., Ducas, L., Kiltz, E., Lepoint, T.,
Lyubashevsky, V., Schanck, J., Schwabe, P., Seiler, G.,
and D. Stehle, "CRYSTALS-Kyber, Algorithm Specification
And Supporting Documentation (version 3.02)", 2021,
<https://pq-crystals.org/kyber/data/kyber-specification-
round3-20210804.pdf>.
[TLS-XYBER]
Westerbaan, B. and D. Stebila, "X25519Kyber768Draft00
hybrid post-quantum key agreement", Work in Progress,
Internet-Draft, draft-tls-westerbaan-xyber768d00-02, 31
March 2023, <https://datatracker.ietf.org/doc/html/draft-
tls-westerbaan-xyber768d00-02>.
Appendix A. Acknowledgements
The authors would like to thank P. Kampanakis, I. Liusvaara, T.
Wiggers, and S. Farrell for their input.
Appendix B. Change log
*RFC Editor's Note:* Please remove this section prior to
publication of a final version of this document.
B.1. Since draft-westerbaan-cfrg-hpke-xyber768d00-01
* Corrected test vectors. In particular, specify randomness used
during encapsulation, and clarify why there is no such thing as an
ephemeral keypair.
* Clarify correct value of implicit suite_id.
B.2. Since draft-westerbaan-cfrg-hpke-xyber768d00-00
* Add acknowledgements.
* Elaborate on missing authenticated modes.
* Add test vectors for the PSK mode.
Westerbaan & Wood Expires 24 October 2023 [Page 8]
�
Internet-Draft hpke-xyber768d00 April 2023
Appendix C. Test Vectors
This section contains test vectors formatted similary to that which
are found in [RFC9180], with two changes. First, we only provide
vectors for the non-authenticated modes of operation. Secondly, as
Kyber encapsulation does not involve an ephemeral keypair, we omit
the ikmE, skEm, pkEm entries and provide an ier entry instead. The
value of ier is the randomness used to encapsulate. To wit: the
ephemeral X25519 keypair used in DHKEM.Encap() is
DHKEM.DeriveKeyPair(ier[0:32]) and ier[32:64] is the seed that is fed
to H in the first step of Kyber encapsulation [KYBER].
C.1. X25519Kyber768Draft00, HKDF-SHA256, AES-128-GCM
C.1.1. Base Setup Information
mode: 0
kem_id: 48
kdf_id: 1
aead_id: 1
info: 486561722068656172
ikmR:
3cb1eea988004b93103cfb0aeefd2a686e01fa4a58e8a3639ca8a1e3f9ae57e2
pkRm: a3aa882fee0de0059cec0569c8e1b4872fb6cb4d82361b72ee1148dc7ddc0c
2b210747403222b16597f4881d694c12366c53fde2b3d346b7ee87b16dd42f44ec59
4cea6ba78b256092cbbc16baaf6ccc46f2386da22de9d142f593739eb9c245018e0c
61975514ac42639d3c5b0299b772acd59d55520a5d660f135075e33a673fd5b9e2d5
6803889fc62b0362f8cbe9990cb36b4cdef17586c8cc58d72d84fb9398f1c1efb0a6
282508083c23965a9851acb89afc723e7a6c60bc4007a41ad1950c4590a2f8d2bb3b
832f5db1707ad8bad1c4c426aaa7da97b34a921283415851f19b0f01ca3924754dba
6596f9329454b1e3d9b5f357a66c59bf5fc4a045908b5eb107d3302f0cb9be0af958
4846c1475b92d3c16051935dc7411acaa64c80c836b0643fd72b38cb0a33feb11f48
13b66f705268b3838b8974e28c12b4f9bbc8623c936b32a015262d4a33172b7f3a69
b6c2fab5a3c18ffdab2927e77598d1556d51a8559550c251796290b617ac9804167b
d9a76e9d8bba64059d165acfe2483e9ed0cbc11cb71dd148776aa1cb862ce2b1026e
773600d101a300671a70710a877a5c1732275c362085b2b8cc66206b3ec37c82ac87
3d1ec1862a8aa457fc9776960b396c23768c931cdc77731792c569c2088c52ddb5cc
0c90ab9187c1e0ca2c98818859aa86fe44801be483cc1469d636cd3e019267c1cc68
4640359ca67c5abd1dc100c4d3c5924acf1b988d3b5019e7b06ef238412b7608dd23
115c6047a59b4b1d7a731126925728c645c140aa4704c1b808b6c401be736bf18bb7
d654342c6576236565c6c5b0727b25ae773c5fb76be794304dc1b672aa5909659b6b
b8a1f430a141882b0f9753662794e625885782154dc148e632b6b2079087958d83c6
c82cf55a47eb4ed819a409d94ceb0c74e8d497b95975a0a5c659f5bf0a033d2adca9
8a693304413fff95342319a09fd62f263b91a2c6540d2196dd2ba90dd113042428ae
eb15156c03949660776b80bc1501b0d80a946a623906291ed3668f3c99c1889d3ae3
c59819c38f6b0c46558c2ca520c2107c166452b917cea53bb50c4cb839a99f60e54e
9236c6a419a8de5508f4e3545409499b97939ee940a9d48ed5547003350e391b4c96
d657cb395b5c035370e9c8ece32c83b3cff347ca16bb1e2943669f370f48e70462d4
Westerbaan & Wood Expires 24 October 2023 [Page 9]
�
Internet-Draft hpke-xyber768d00 April 2023
369a07804bc09fcf399bc2d11b47b0370660916944a179423519a310cc0737407c55
ef09255530c7ec817999c95e20aa23f8f6782aa820d34c89c2299ff0ec9a9021b6f7
dbbd19503fa6f170d8770e12875d558bbb2ca66fd1136e0e5729ef30346109cd289a
1ce0c531a493581ed64533e1749fc818b85ab664255bbfe4a641f6bdf43ac1695c28
ab2b58b3bab5bed5893439455b669b63d65ceff75b8c5857f4ba5cf767cf57aa8e28
691cc6dc67fca434e3b1560c6c53ce37c2a2f14764c1cf1e5697cd8757a544b05b76
6f4400cef7ecc46ec29a1d679d7fe385c4366579db06d1d840c9911fab8b6b5df203
5cb95410f79b861411b4eb5a4119208f8872674639617452f6b6394c94c6d6f5b833
690dd98406b5e7c0827b1a3617a03ba90c3d185a954252f1ba5b157a3f61749548e2
81fc543dec205e757932bcc717b99b7df7123500f3bcc660c080093b3fbac56ff51b
9c3b037f76e3f43c0e46b5588cf617f4de85044390a9947daacba87cd5
skRm: cf61f1a7b05c83f9c2a4b27dc0e9bdbf4e52ba1bbd906cb3776ac12268a9f4
d0c348342d192f0458ab53d19c1dc135d11b48978c878bca6d7d1bc91428259e43aa
dc9700b76aa9aa66a65db91a77d72513e40697226557b53400bb6752fb4e11a5ba2f
e12644698a48c9948ec121cc9c9ce7384c65f798012c9df8f5ac0cd371d7d19d9a24
c30cb0909c665e43c89328735fe95a62653352fad3cfe6330b436a4f72c9ac9323ba
bd912cf5970222eb0dd178c810bcc79beba0813039ec4333c33b13d4cc5183b6b14d
c09cb9604d46242353a1a1df82999e4a4929f28f498c330d552ac64156cf123cceeb
bccf81b2fd86218f2a9112040943a359d7a858cd641467e54b25f03d66b9a150fbcf
3f19bbd1791abec47269b2a72f4083a79c2559fbb6d0500208a78baa7392874443c3
9c38577b4c40db6220ca5c84b148ffb344164c723df1c0fb37ae52c0854bea023e2a
45efaa8869c924ecf360008607e7079187978fdac30e8b76a3110349de272b25f549
0dc87e3d8caf59a5a51a57230ea702dfda0f5d2c0fe94442254834b0f6aa71852601
a8c5b7b211f108c1de2b1092e9b89df4a9feea882aa00ab97235940924e8a81d8f83
597f72383f7a1b99c3c8481953be917fef0b44e32b0aa1f862eedc8d0d94030ae92e
73097cde1b34de9b8279293322e0b5f9564395cb4998810818544ad2025018c40deb
f0b97bca2f1d861f8d5b51a2a84f35503cb37112b280ad0a4c99a2eb9c43300ce7c6
6eb89cb4443a44edc40869b8c2d90c5d484554557c408da7b46752bec14876815334
b783207f60943d1738b5183d64394e27bb8f1dbb6ed9c58aa338171967bf5a613e91
94c13395573615cee02012438a68aa104afd56a943d05caefc7f20a0104e2cced2a5
191a1a68fe431920e1844a8154fc42a73d70c82f26846ec332fda50c340c1c503796
5daaccd3cacfcab3c85a7516d712890fd6a2b1f5cb7c745cf1798dc0a49ed7571763
0c78d56bb8db272a85a009b2685ca9f4840c948226d224de1a0385565e569b8901c4
508ae7b9214b88b6c2ac63807710d85e593a01ba20541cd03fa8364b4cb79f110745
b30818521a7d0b6015a20483dde33188e94fc4aa224558bd53d384a9f6916964bbef
0b0770b11e7b4117f41639bbe0c9ce119c8f8aab451608c2f06a8cd85f37519b7e3c
1f9f07a6449059a972260cf80c23e52fe1b559e11c723b2618752672bfab67305358
e7f048960475f1c720d8ba5fe4883981065c462c5062757bddd2666de67265990d00
53229693a8bfd8811c84494853095c875639dcbcfcc02785910e35643f5bb4b0aa59
af7a86ae94dcc01f952eb1d151c4ba1aa4da02c100b461904229f7b11aac35d307ab
187255baa32eed32b3b262aaf2db6019089ad4250079280a0efb109ab27a364135ac
3067ace5c82dea1fafb04dfedba9fabc196832878eb7b4314556e8aa8210e2c72959
723e23176b703d4db42aabba62229790f6a743a2ec3c43dc8dbe0b4c36dc2323ec0e
f21c116941b43bb12763460eed032a7a039185e36dcbf69d88f645e6728d3ba79dae
0a25ddd4c3a8bba8334aa8fb6658a9dca99a8cc6362745d6080b0fd8af6af71e9f75
2d7b763035ec40c0fc98326081ea4c36cdf992e73a16719b9fb7c06e6c1bb7210747
403222b16597f4881d694c12366c53fde2b3d346b7ee87b16dd42f44ec594cea6ba7
8b256092cbbc16baaf6ccc46f2386da22de9d142f593739eb9c245018e0c61975514
Westerbaan & Wood Expires 24 October 2023 [Page 10]
�
Internet-Draft hpke-xyber768d00 April 2023
ac42639d3c5b0299b772acd59d55520a5d660f135075e33a673fd5b9e2d56803889f
c62b0362f8cbe9990cb36b4cdef17586c8cc58d72d84fb9398f1c1efb0a628250808
3c23965a9851acb89afc723e7a6c60bc4007a41ad1950c4590a2f8d2bb3b832f5db1
707ad8bad1c4c426aaa7da97b34a921283415851f19b0f01ca3924754dba6596f932
9454b1e3d9b5f357a66c59bf5fc4a045908b5eb107d3302f0cb9be0af9584846c147
5b92d3c16051935dc7411acaa64c80c836b0643fd72b38cb0a33feb11f4813b66f70
5268b3838b8974e28c12b4f9bbc8623c936b32a015262d4a33172b7f3a69b6c2fab5
a3c18ffdab2927e77598d1556d51a8559550c251796290b617ac9804167bd9a76e9d
8bba64059d165acfe2483e9ed0cbc11cb71dd148776aa1cb862ce2b1026e773600d1
01a300671a70710a877a5c1732275c362085b2b8cc66206b3ec37c82ac873d1ec186
2a8aa457fc9776960b396c23768c931cdc77731792c569c2088c52ddb5cc0c90ab91
87c1e0ca2c98818859aa86fe44801be483cc1469d636cd3e019267c1cc684640359c
a67c5abd1dc100c4d3c5924acf1b988d3b5019e7b06ef238412b7608dd23115c6047
a59b4b1d7a731126925728c645c140aa4704c1b808b6c401be736bf18bb7d654342c
6576236565c6c5b0727b25ae773c5fb76be794304dc1b672aa5909659b6bb8a1f430
a141882b0f9753662794e625885782154dc148e632b6b2079087958d83c6c82cf55a
47eb4ed819a409d94ceb0c74e8d497b95975a0a5c659f5bf0a033d2adca98a693304
413fff95342319a09fd62f263b91a2c6540d2196dd2ba90dd113042428aeeb15156c
03949660776b80bc1501b0d80a946a623906291ed3668f3c99c1889d3ae3c59819c3
8f6b0c46558c2ca520c2107c166452b917cea53bb50c4cb839a99f60e54e9236c6a4
19a8de5508f4e3545409499b97939ee940a9d48ed5547003350e391b4c96d657cb39
5b5c035370e9c8ece32c83b3cff347ca16bb1e2943669f370f48e70462d4369a0780
4bc09fcf399bc2d11b47b0370660916944a179423519a310cc0737407c55ef092555
30c7ec817999c95e20aa23f8f6782aa820d34c89c2299ff0ec9a9021b6f7dbbd1950
3fa6f170d8770e12875d558bbb2ca66fd1136e0e5729ef30346109cd289a1ce0c531
a493581ed64533e1749fc818b85ab664255bbfe4a641f6bdf43ac1695c28ab2b58b3
bab5bed5893439455b669b63d65ceff75b8c5857f4ba5cf767cf57aa8e28691cc6dc
67fca434e3b1560c6c53ce37c2a2f14764c1cf1e5697cd8757a544b05b766f4400ce
f7ecc46ec29a1d679d7fe385c4366579db06d1d840c9911fab8b6b5df2035cb95410
f79b861411b4eb5a4119208f8872674639617452f6b6394c94c6d6f5b833690dd984
06b5e7c0827b1a3617a03ba90c3d185a954252f1ba5b157a3f61749548e281fc543d
ec205e757932bcc717b99b7df7123500f3bcc660c080093b3fbac56ff51b9c3b037f
76e3f43c0e46b5588cf617f4de85044390a9947daacba87cd5137b60651b30bf805d
a1597faef1bc8b2645cda273144c4af1d13eaa2ad9101c7b58b14601aff81754afc7
76f8b7f7b9324d420b66706b96ea7f99f8fa11bed3
ier: 35b8cc873c23dc62b8d260169afa2f75ab916a58d974918835d25e6a435085b
2badfd6dfaac359a5efbb7bcc4b59d538df9a04302e10c8bc1cbf1a0b3a5120ea
enc: 1d06980e46fd3842db6b87226231eedd2cc9684ee98a1d9d902bd9300e2c4d4
1b64fba47a50fe32dd0df3b0a75801c11022cd98a6ff5a83a8472ade82bdd6f1e8a6
5a94a88523ada0d8275165f707f1067a6a576e54525d9141e95223f5713456bda7ec
5eb558adfc6b7f0d80de46222579a3274e45ab43fad14f7e9855a872d2716e8dc78d
4c12027bef3184904476c8961552fd031361358f2d9deae8ad98194047a142229476
12972574c57514266e9e67a3b6dd89972cc8a0882be7474f4923549dfcd944dcbe58
b088079aa8b70c8f291cb4e45066bad4a832ccd8f40e51861f7a25b6a2358842f1bb
e8108a6a6f0ae93153a2e7f9f53e180a90532531a632367b81bf08ed97effcf0140d
d0e92cc438f6be7e6f3d97a9f7787f7e3981f971617f0bfb618caa7db1e453f33a38
6c3863b16d462229c41f4946b49e4e49c27e0f35d77e21304b6ad238a55a51e9e370
dd39e713d626044fb970bb7c2af7d7b9cb9004394741a0ea2de592816359006f24ab
Westerbaan & Wood Expires 24 October 2023 [Page 11]
�
Internet-Draft hpke-xyber768d00 April 2023
dfc2aa890720b00b2f7b8bb240120f22bdb84f9fc5c8fdc7ca7047ae633868c184c4
d75e9e107eb9c6d8fe879415926457d818bc31e88b87a5881584a5650859e88b06fa
a2cfe1bde95dfa344af14f214cedecde4d89c87334c33e2d7ee3ab40d5df396cf0ff
5a99588e0dcd205f1d876b380b963f5baccc0baeae569892a8d252f5eeeb7c751f66
3eb906ac99a165656224281add3ab271ff4f406b6932cbf1afff62109794f52ff3e7
23f5cdd706e3715d1d2d421bdac73fa047b5d9761569534fb2dd57b86a608f79db7d
4ab99847490e76eaf0c683bdc54d12f2f2664a79de6a2f25bec3f43584f98ec41ad3
fb19ba5ba936c3c893e9c0994b412ba3d07329086c20b04e1cd1d9b4f24a82f8c1f7
b5db58b4056a4b4e27b60c957f5af8081bffab98d8455cab97e35042ed636c995931
fd304b3d02fcf545df360cc421be64adc3d7a121ea75ab3440a9eba74fba1c5b40bd
b66b54583ff2f76304ccaeae99ed94fb332d30d771fe0e45acb9e966f497b1629f5a
5df15cea507d2fd1aa045a171e84bec932e4049639477f16fb9afdd107668f9b3531
c3c7eb1d67753ac652c575b526e6f2965f1e4500e99f38ae1d34bce151a68e278f14
405ad76f580b549d025b03be98b6a737f10238b9f84f1694173544ba2c97f811a174
85129a146084bc5382e2086aaf51b11a4918bdb5485bf28a9be2d2c9d69468268fa0
4fa071c39942b43a0caf561278cfc1b47781fa9ef559f86b2dad703141b78b7ddb35
c9c9ff4c1134580da26367dbf3db7eaf039dfbae238959c4cf55d40d78a2c5597ba0
38f2be5f994d60c79e8a92121fb0488eef9690d550ef9fa40b1774221aac8c8c1dcf
97faa07c28e840feb9daf0bf3bed277a6e10a33490c0bee7e5fa318638f5b80a2272
700e591ffc14985d0ed19876725c2bec9356b45ca96d295e30bce86effc626a2bd78
39af05ae373801af510cfb378ce42088607909c91ceb4a90e4d7b2b6288b9cdfa262
570ffda8692b58f0b05a7c7899a717a3a97b6e64489f56323b000793f807ca75ca99
1
shared_secret: 1368d71518fadbe42fb75fbd356e016b0aaad6b4d3d91ce7f2070
73e4fb08c537217aba238aea92a7f855820518a8342b3a31f82ebbcdb479f33ad82b
dcdc953
key_schedule_context: 009f749a195d1c8b3eaa8d5c3f571dc7231aafbbc0405e
4b484738352667c484867584e32e844cdf74d17b4ee224cc521bbc8bed221f21f34f
8ccc9842772686cb
secret:
95f863934be4d0ef683770c7bd385839d19e525b467a332f47ae715c54183e1d
key: 6bb5532badb078ce8f326daa6cfaef84
base_nonce: ff2b9a604a84754614e9e772
exporter_secret:
fb6ca36cfb7881cf11dbcb8fde201f698f80d0b941b642bc0a6a3101c97b7fad
C.1.1.1. Encryptions
Westerbaan & Wood Expires 24 October 2023 [Page 12]
�
Internet-Draft hpke-xyber768d00 April 2023
sequence number: 0
pt:
546f2074686520756e6976657273616c206465706c6f796d656e74206f6620505143
aad: 436f756e742d30
nonce: ff2b9a604a84754614e9e772
ct: a78ab8f057becc31cb3a5cff2fe2b18983b93ce74c6e7c45e0a57c4acc1976ee
f755c08547564ceede3e5169f959ea6ad498
sequence number: 1
pt:
546f2074686520756e6976657273616c206465706c6f796d656e74206f6620505143
aad: 436f756e742d31
nonce: ff2b9a604a84754614e9e773
ct: c7e392bb20d256f0020ba0888996c4b0e2518b486ad5873263834e7f30fc43e6
f712ee8e42846179db284a56baba6252d38f
sequence number: 2
pt:
546f2074686520756e6976657273616c206465706c6f796d656e74206f6620505143
aad: 436f756e742d32
nonce: ff2b9a604a84754614e9e770
ct: 86eeadf1593871435b643b7dde3d5a18b4dcb8d706c21abb69ae057af2a788a6
72198d46facadd396fa9fa6e1072c43a4f74
sequence number: 4
pt:
546f2074686520756e6976657273616c206465706c6f796d656e74206f6620505143
aad: 436f756e742d34
nonce: ff2b9a604a84754614e9e776
ct: 4aef2a67f307cb23dbe6d9ea2875add1e4bb0db6519836a2f1adca1d75a33bef
6df198b63f916385107677eef4e542e2c337
sequence number: 255
pt:
546f2074686520756e6976657273616c206465706c6f796d656e74206f6620505143
aad: 436f756e742d323535
nonce: ff2b9a604a84754614e9e78d
ct: 94ab72b1e767b26e3cd2b2a862bdc52cdcb4140fc7b0133e4ca4f6c65b190527
1c971d2b5092204825683191f2ecdd0ec4e1
sequence number: 256
pt:
546f2074686520756e6976657273616c206465706c6f796d656e74206f6620505143
aad: 436f756e742d323536
nonce: ff2b9a604a84754614e9e672
ct: ca0612fa2d3b4ff5c6daafddbc9a359efd44ca3ffe2385d63ba1b4fb5b75b89d
e55355dc4132399d3e7ae2676c4fb52418df
Westerbaan & Wood Expires 24 October 2023 [Page 13]
�
Internet-Draft hpke-xyber768d00 April 2023
C.1.1.2. Exported Values
exporter_context:
L: 32
exported_value:
0d15e6f37d0791a924c5b8a5c766db83d95703ddae889e6240c73926168ae6a8
exporter_context: 00
L: 32
exported_value:
6f7bc144a46519b718c93a86a4ce74dad186816c88791eeee4f39fd0a2dbcef2
exporter_context: 54657374436f6e74657874
L: 32
exported_value:
3a0064f88b02de081e9d5f4398093e016b00b01816db91f0686d50330a9886b2
C.1.2. PSK Setup Information
mode: 1
kem_id: 48
kdf_id: 1
aead_id: 1
info: 486561722068656172
ikmR:
3cb1eea988004b93103cfb0aeefd2a686e01fa4a58e8a3639ca8a1e3f9ae57e2
pkRm: a3aa882fee0de0059cec0569c8e1b4872fb6cb4d82361b72ee1148dc7ddc0c
2b210747403222b16597f4881d694c12366c53fde2b3d346b7ee87b16dd42f44ec59
4cea6ba78b256092cbbc16baaf6ccc46f2386da22de9d142f593739eb9c245018e0c
61975514ac42639d3c5b0299b772acd59d55520a5d660f135075e33a673fd5b9e2d5
6803889fc62b0362f8cbe9990cb36b4cdef17586c8cc58d72d84fb9398f1c1efb0a6
282508083c23965a9851acb89afc723e7a6c60bc4007a41ad1950c4590a2f8d2bb3b
832f5db1707ad8bad1c4c426aaa7da97b34a921283415851f19b0f01ca3924754dba
6596f9329454b1e3d9b5f357a66c59bf5fc4a045908b5eb107d3302f0cb9be0af958
4846c1475b92d3c16051935dc7411acaa64c80c836b0643fd72b38cb0a33feb11f48
13b66f705268b3838b8974e28c12b4f9bbc8623c936b32a015262d4a33172b7f3a69
b6c2fab5a3c18ffdab2927e77598d1556d51a8559550c251796290b617ac9804167b
d9a76e9d8bba64059d165acfe2483e9ed0cbc11cb71dd148776aa1cb862ce2b1026e
773600d101a300671a70710a877a5c1732275c362085b2b8cc66206b3ec37c82ac87
3d1ec1862a8aa457fc9776960b396c23768c931cdc77731792c569c2088c52ddb5cc
0c90ab9187c1e0ca2c98818859aa86fe44801be483cc1469d636cd3e019267c1cc68
4640359ca67c5abd1dc100c4d3c5924acf1b988d3b5019e7b06ef238412b7608dd23
115c6047a59b4b1d7a731126925728c645c140aa4704c1b808b6c401be736bf18bb7
d654342c6576236565c6c5b0727b25ae773c5fb76be794304dc1b672aa5909659b6b
b8a1f430a141882b0f9753662794e625885782154dc148e632b6b2079087958d83c6
c82cf55a47eb4ed819a409d94ceb0c74e8d497b95975a0a5c659f5bf0a033d2adca9
8a693304413fff95342319a09fd62f263b91a2c6540d2196dd2ba90dd113042428ae
eb15156c03949660776b80bc1501b0d80a946a623906291ed3668f3c99c1889d3ae3
Westerbaan & Wood Expires 24 October 2023 [Page 14]
�
Internet-Draft hpke-xyber768d00 April 2023
c59819c38f6b0c46558c2ca520c2107c166452b917cea53bb50c4cb839a99f60e54e
9236c6a419a8de5508f4e3545409499b97939ee940a9d48ed5547003350e391b4c96
d657cb395b5c035370e9c8ece32c83b3cff347ca16bb1e2943669f370f48e70462d4
369a07804bc09fcf399bc2d11b47b0370660916944a179423519a310cc0737407c55
ef09255530c7ec817999c95e20aa23f8f6782aa820d34c89c2299ff0ec9a9021b6f7
dbbd19503fa6f170d8770e12875d558bbb2ca66fd1136e0e5729ef30346109cd289a
1ce0c531a493581ed64533e1749fc818b85ab664255bbfe4a641f6bdf43ac1695c28
ab2b58b3bab5bed5893439455b669b63d65ceff75b8c5857f4ba5cf767cf57aa8e28
691cc6dc67fca434e3b1560c6c53ce37c2a2f14764c1cf1e5697cd8757a544b05b76
6f4400cef7ecc46ec29a1d679d7fe385c4366579db06d1d840c9911fab8b6b5df203
5cb95410f79b861411b4eb5a4119208f8872674639617452f6b6394c94c6d6f5b833
690dd98406b5e7c0827b1a3617a03ba90c3d185a954252f1ba5b157a3f61749548e2
81fc543dec205e757932bcc717b99b7df7123500f3bcc660c080093b3fbac56ff51b
9c3b037f76e3f43c0e46b5588cf617f4de85044390a9947daacba87cd5
skRm: cf61f1a7b05c83f9c2a4b27dc0e9bdbf4e52ba1bbd906cb3776ac12268a9f4
d0c348342d192f0458ab53d19c1dc135d11b48978c878bca6d7d1bc91428259e43aa
dc9700b76aa9aa66a65db91a77d72513e40697226557b53400bb6752fb4e11a5ba2f
e12644698a48c9948ec121cc9c9ce7384c65f798012c9df8f5ac0cd371d7d19d9a24
c30cb0909c665e43c89328735fe95a62653352fad3cfe6330b436a4f72c9ac9323ba
bd912cf5970222eb0dd178c810bcc79beba0813039ec4333c33b13d4cc5183b6b14d
c09cb9604d46242353a1a1df82999e4a4929f28f498c330d552ac64156cf123cceeb
bccf81b2fd86218f2a9112040943a359d7a858cd641467e54b25f03d66b9a150fbcf
3f19bbd1791abec47269b2a72f4083a79c2559fbb6d0500208a78baa7392874443c3
9c38577b4c40db6220ca5c84b148ffb344164c723df1c0fb37ae52c0854bea023e2a
45efaa8869c924ecf360008607e7079187978fdac30e8b76a3110349de272b25f549
0dc87e3d8caf59a5a51a57230ea702dfda0f5d2c0fe94442254834b0f6aa71852601
a8c5b7b211f108c1de2b1092e9b89df4a9feea882aa00ab97235940924e8a81d8f83
597f72383f7a1b99c3c8481953be917fef0b44e32b0aa1f862eedc8d0d94030ae92e
73097cde1b34de9b8279293322e0b5f9564395cb4998810818544ad2025018c40deb
f0b97bca2f1d861f8d5b51a2a84f35503cb37112b280ad0a4c99a2eb9c43300ce7c6
6eb89cb4443a44edc40869b8c2d90c5d484554557c408da7b46752bec14876815334
b783207f60943d1738b5183d64394e27bb8f1dbb6ed9c58aa338171967bf5a613e91
94c13395573615cee02012438a68aa104afd56a943d05caefc7f20a0104e2cced2a5
191a1a68fe431920e1844a8154fc42a73d70c82f26846ec332fda50c340c1c503796
5daaccd3cacfcab3c85a7516d712890fd6a2b1f5cb7c745cf1798dc0a49ed7571763
0c78d56bb8db272a85a009b2685ca9f4840c948226d224de1a0385565e569b8901c4
508ae7b9214b88b6c2ac63807710d85e593a01ba20541cd03fa8364b4cb79f110745
b30818521a7d0b6015a20483dde33188e94fc4aa224558bd53d384a9f6916964bbef
0b0770b11e7b4117f41639bbe0c9ce119c8f8aab451608c2f06a8cd85f37519b7e3c
1f9f07a6449059a972260cf80c23e52fe1b559e11c723b2618752672bfab67305358
e7f048960475f1c720d8ba5fe4883981065c462c5062757bddd2666de67265990d00
53229693a8bfd8811c84494853095c875639dcbcfcc02785910e35643f5bb4b0aa59
af7a86ae94dcc01f952eb1d151c4ba1aa4da02c100b461904229f7b11aac35d307ab
187255baa32eed32b3b262aaf2db6019089ad4250079280a0efb109ab27a364135ac
3067ace5c82dea1fafb04dfedba9fabc196832878eb7b4314556e8aa8210e2c72959
723e23176b703d4db42aabba62229790f6a743a2ec3c43dc8dbe0b4c36dc2323ec0e
f21c116941b43bb12763460eed032a7a039185e36dcbf69d88f645e6728d3ba79dae
0a25ddd4c3a8bba8334aa8fb6658a9dca99a8cc6362745d6080b0fd8af6af71e9f75
Westerbaan & Wood Expires 24 October 2023 [Page 15]
�
Internet-Draft hpke-xyber768d00 April 2023
2d7b763035ec40c0fc98326081ea4c36cdf992e73a16719b9fb7c06e6c1bb7210747
403222b16597f4881d694c12366c53fde2b3d346b7ee87b16dd42f44ec594cea6ba7
8b256092cbbc16baaf6ccc46f2386da22de9d142f593739eb9c245018e0c61975514
ac42639d3c5b0299b772acd59d55520a5d660f135075e33a673fd5b9e2d56803889f
c62b0362f8cbe9990cb36b4cdef17586c8cc58d72d84fb9398f1c1efb0a628250808
3c23965a9851acb89afc723e7a6c60bc4007a41ad1950c4590a2f8d2bb3b832f5db1
707ad8bad1c4c426aaa7da97b34a921283415851f19b0f01ca3924754dba6596f932
9454b1e3d9b5f357a66c59bf5fc4a045908b5eb107d3302f0cb9be0af9584846c147
5b92d3c16051935dc7411acaa64c80c836b0643fd72b38cb0a33feb11f4813b66f70
5268b3838b8974e28c12b4f9bbc8623c936b32a015262d4a33172b7f3a69b6c2fab5
a3c18ffdab2927e77598d1556d51a8559550c251796290b617ac9804167bd9a76e9d
8bba64059d165acfe2483e9ed0cbc11cb71dd148776aa1cb862ce2b1026e773600d1
01a300671a70710a877a5c1732275c362085b2b8cc66206b3ec37c82ac873d1ec186
2a8aa457fc9776960b396c23768c931cdc77731792c569c2088c52ddb5cc0c90ab91
87c1e0ca2c98818859aa86fe44801be483cc1469d636cd3e019267c1cc684640359c
a67c5abd1dc100c4d3c5924acf1b988d3b5019e7b06ef238412b7608dd23115c6047
a59b4b1d7a731126925728c645c140aa4704c1b808b6c401be736bf18bb7d654342c
6576236565c6c5b0727b25ae773c5fb76be794304dc1b672aa5909659b6bb8a1f430
a141882b0f9753662794e625885782154dc148e632b6b2079087958d83c6c82cf55a
47eb4ed819a409d94ceb0c74e8d497b95975a0a5c659f5bf0a033d2adca98a693304
413fff95342319a09fd62f263b91a2c6540d2196dd2ba90dd113042428aeeb15156c
03949660776b80bc1501b0d80a946a623906291ed3668f3c99c1889d3ae3c59819c3
8f6b0c46558c2ca520c2107c166452b917cea53bb50c4cb839a99f60e54e9236c6a4
19a8de5508f4e3545409499b97939ee940a9d48ed5547003350e391b4c96d657cb39
5b5c035370e9c8ece32c83b3cff347ca16bb1e2943669f370f48e70462d4369a0780
4bc09fcf399bc2d11b47b0370660916944a179423519a310cc0737407c55ef092555
30c7ec817999c95e20aa23f8f6782aa820d34c89c2299ff0ec9a9021b6f7dbbd1950
3fa6f170d8770e12875d558bbb2ca66fd1136e0e5729ef30346109cd289a1ce0c531
a493581ed64533e1749fc818b85ab664255bbfe4a641f6bdf43ac1695c28ab2b58b3
bab5bed5893439455b669b63d65ceff75b8c5857f4ba5cf767cf57aa8e28691cc6dc
67fca434e3b1560c6c53ce37c2a2f14764c1cf1e5697cd8757a544b05b766f4400ce
f7ecc46ec29a1d679d7fe385c4366579db06d1d840c9911fab8b6b5df2035cb95410
f79b861411b4eb5a4119208f8872674639617452f6b6394c94c6d6f5b833690dd984
06b5e7c0827b1a3617a03ba90c3d185a954252f1ba5b157a3f61749548e281fc543d
ec205e757932bcc717b99b7df7123500f3bcc660c080093b3fbac56ff51b9c3b037f
76e3f43c0e46b5588cf617f4de85044390a9947daacba87cd5137b60651b30bf805d
a1597faef1bc8b2645cda273144c4af1d13eaa2ad9101c7b58b14601aff81754afc7
76f8b7f7b9324d420b66706b96ea7f99f8fa11bed3
ier: 35b8cc873c23dc62b8d260169afa2f75ab916a58d974918835d25e6a435085b
2badfd6dfaac359a5efbb7bcc4b59d538df9a04302e10c8bc1cbf1a0b3a5120ea
psk:
7f9c2ba4e88f827d616045507605853ed73b8093f6efbc88eb1a6eacfa66ef26
psk_id: 6265666f7265206576657279626f647920666f72206576657279626f6479
20666f722065766572797468696e67
enc: 1d06980e46fd3842db6b87226231eedd2cc9684ee98a1d9d902bd9300e2c4d4
1b64fba47a50fe32dd0df3b0a75801c11022cd98a6ff5a83a8472ade82bdd6f1e8a6
5a94a88523ada0d8275165f707f1067a6a576e54525d9141e95223f5713456bda7ec
5eb558adfc6b7f0d80de46222579a3274e45ab43fad14f7e9855a872d2716e8dc78d
Westerbaan & Wood Expires 24 October 2023 [Page 16]
�
Internet-Draft hpke-xyber768d00 April 2023
4c12027bef3184904476c8961552fd031361358f2d9deae8ad98194047a142229476
12972574c57514266e9e67a3b6dd89972cc8a0882be7474f4923549dfcd944dcbe58
b088079aa8b70c8f291cb4e45066bad4a832ccd8f40e51861f7a25b6a2358842f1bb
e8108a6a6f0ae93153a2e7f9f53e180a90532531a632367b81bf08ed97effcf0140d
d0e92cc438f6be7e6f3d97a9f7787f7e3981f971617f0bfb618caa7db1e453f33a38
6c3863b16d462229c41f4946b49e4e49c27e0f35d77e21304b6ad238a55a51e9e370
dd39e713d626044fb970bb7c2af7d7b9cb9004394741a0ea2de592816359006f24ab
dfc2aa890720b00b2f7b8bb240120f22bdb84f9fc5c8fdc7ca7047ae633868c184c4
d75e9e107eb9c6d8fe879415926457d818bc31e88b87a5881584a5650859e88b06fa
a2cfe1bde95dfa344af14f214cedecde4d89c87334c33e2d7ee3ab40d5df396cf0ff
5a99588e0dcd205f1d876b380b963f5baccc0baeae569892a8d252f5eeeb7c751f66
3eb906ac99a165656224281add3ab271ff4f406b6932cbf1afff62109794f52ff3e7
23f5cdd706e3715d1d2d421bdac73fa047b5d9761569534fb2dd57b86a608f79db7d
4ab99847490e76eaf0c683bdc54d12f2f2664a79de6a2f25bec3f43584f98ec41ad3
fb19ba5ba936c3c893e9c0994b412ba3d07329086c20b04e1cd1d9b4f24a82f8c1f7
b5db58b4056a4b4e27b60c957f5af8081bffab98d8455cab97e35042ed636c995931
fd304b3d02fcf545df360cc421be64adc3d7a121ea75ab3440a9eba74fba1c5b40bd
b66b54583ff2f76304ccaeae99ed94fb332d30d771fe0e45acb9e966f497b1629f5a
5df15cea507d2fd1aa045a171e84bec932e4049639477f16fb9afdd107668f9b3531
c3c7eb1d67753ac652c575b526e6f2965f1e4500e99f38ae1d34bce151a68e278f14
405ad76f580b549d025b03be98b6a737f10238b9f84f1694173544ba2c97f811a174
85129a146084bc5382e2086aaf51b11a4918bdb5485bf28a9be2d2c9d69468268fa0
4fa071c39942b43a0caf561278cfc1b47781fa9ef559f86b2dad703141b78b7ddb35
c9c9ff4c1134580da26367dbf3db7eaf039dfbae238959c4cf55d40d78a2c5597ba0
38f2be5f994d60c79e8a92121fb0488eef9690d550ef9fa40b1774221aac8c8c1dcf
97faa07c28e840feb9daf0bf3bed277a6e10a33490c0bee7e5fa318638f5b80a2272
700e591ffc14985d0ed19876725c2bec9356b45ca96d295e30bce86effc626a2bd78
39af05ae373801af510cfb378ce42088607909c91ceb4a90e4d7b2b6288b9cdfa262
570ffda8692b58f0b05a7c7899a717a3a97b6e64489f56323b000793f807ca75ca99
1
shared_secret: 1368d71518fadbe42fb75fbd356e016b0aaad6b4d3d91ce7f2070
73e4fb08c537217aba238aea92a7f855820518a8342b3a31f82ebbcdb479f33ad82b
dcdc953
key_schedule_context: 011c0e82b54d88402f8c14c546eb2c5d2ddf5c0ad00953
b8c7917e143a660122927584e32e844cdf74d17b4ee224cc521bbc8bed221f21f34f
8ccc9842772686cb
secret:
2398d859cca13a8e024a4303015d07b426f886cfb160104808d46afa3ed65c5d
key: 2abc7960081169220e5316e8b4ca25c8
base_nonce: 9f4404e9a8a83dcdad85aaa4
exporter_secret:
37c64a38386a73522e517063be8e5dbac2dda13748e7e0204ef4781d37db91b2
C.1.2.1. Encryptions
Westerbaan & Wood Expires 24 October 2023 [Page 17]
�
Internet-Draft hpke-xyber768d00 April 2023
sequence number: 0
pt:
546f2074686520756e6976657273616c206465706c6f796d656e74206f6620505143
aad: 436f756e742d30
nonce: 9f4404e9a8a83dcdad85aaa4
ct: 59ae4c0fe132882496ee546c59db8887d0ffa1e81c024f9f306e336c8b515aef
c100de05caad51b224b8446424371610e94f
sequence number: 1
pt:
546f2074686520756e6976657273616c206465706c6f796d656e74206f6620505143
aad: 436f756e742d31
nonce: 9f4404e9a8a83dcdad85aaa5
ct: 12ae854754ecf26efccd9a3d9006ccea7e58394314ac63537f71fa373475c9b5
def50550bd386a62a9f93dbb482aad08b83d
sequence number: 2
pt:
546f2074686520756e6976657273616c206465706c6f796d656e74206f6620505143
aad: 436f756e742d32
nonce: 9f4404e9a8a83dcdad85aaa6
ct: 44dfad98e654637c47ea943787622c39cff096515d95124947b93962d570fb09
8a725a681c00bd95329ae7c87e7476a14c23
sequence number: 4
pt:
546f2074686520756e6976657273616c206465706c6f796d656e74206f6620505143
aad: 436f756e742d34
nonce: 9f4404e9a8a83dcdad85aaa0
ct: b4daec06cb05cad7987257b000662e329879885981431d8758167449912f4862
73621502cb6b8917259d43c0741c2221157f
sequence number: 255
pt:
546f2074686520756e6976657273616c206465706c6f796d656e74206f6620505143
aad: 436f756e742d323535
nonce: 9f4404e9a8a83dcdad85aa5b
ct: a45db83de0836912b692a3ceb870d4ada3c59813031e52b7efd511bdb3766d70
94c556ca067adefea6c1690c226a12ddd7d0
sequence number: 256
pt:
546f2074686520756e6976657273616c206465706c6f796d656e74206f6620505143
aad: 436f756e742d323536
nonce: 9f4404e9a8a83dcdad85aba4
ct: aa047d5fa79b00a1d70f8044136c3717eeb86913e50092784b750020a51f410d
b12e47de6a7bae1596e6d21347a82cdc5ecd
Westerbaan & Wood Expires 24 October 2023 [Page 18]
�
Internet-Draft hpke-xyber768d00 April 2023
C.1.2.2. Exported Values
exporter_context:
L: 32
exported_value:
887a3f1c8097a127f3178ada5c83ba8c3c335b45b4b4be18a7885b669f7ba1e5
exporter_context: 00
L: 32
exported_value:
faf29bee28fb70c380b1495afec1f0f3ab26552b3c9b1ae4beddfd005f388562
exporter_context: 54657374436f6e74657874
L: 32
exported_value:
4e8ef9bdec7cec015c62d863681245dd630ed8c9debccc5bbea1d97e1c651261
Authors' Addresses
Bas Westerbaan
Cloudflare
Email: bas@cloudflare.com
Christopher A. Wood
Cloudflare
Email: caw@heapingbits.net
Westerbaan & Wood Expires 24 October 2023 [Page 19]
