Hybrid Public Key Encryption
RFC 9180, “Hybrid Public Key Encryption”, is an Informational document published in February 2022 by R. Barnes, K. Bhargavan, B. Lipp, C. Wood. The canonical text is published by the RFC Editor.
Abstract
This document describes a scheme for hybrid public key encryption (HPKE). This scheme provides a variant of public key encryption of arbitrary-sized plaintexts for a recipient public key. It also includes three authenticated variants, including one that authenticates possession of a pre-shared key and two optional ones that authenticate possession of a key encapsulation mechanism (KEM) private key. HPKE works for any combination of an asymmetric KEM, key derivation function (KDF), and authenticated encryption with additional data (AEAD) encryption function. Some authenticated variants may not be supported by all KEMs. We provide instantiations of the scheme using widely used and efficient primitives, such as Elliptic Curve Diffie-Hellman (ECDH) key agreement, HMAC-based key derivation function (HKDF), and SHA2.
This document is a product of the Crypto Forum Research Group (CFRG) in the IRTF.
What “Informational” means
Published for the general information of the community. It does not define an IETF standard and carries no standards-track status.
The canonical text of RFC 9180 is hosted at rfc-editor.org. Available in HTML,TXT,PDF,XML.
- RFC 9179 A YANG Grouping for Geographic Locations
- RFC 9181 A Common YANG Data Model for Layer 2 and Layer 3 VPNs
- RFC 9178 Building Power-Efficient Constrained Application Protocol Devices for Cellular Networks
- RFC 9182 A YANG Network Data Model for Layer 3 VPNs
- RFC 9177 Constrained Application Protocol Block-Wise Transfer Options Supporting Robust Transmission
- RFC 9183 Single Nickname for an Area Border RBridge in Multilevel Transparent Interconnection of Lots of Links
- RFC 9176 Constrained RESTful Environments Resource Directory
- RFC 9184 BGP Extended Community Registries Update