Internet-Draft hpke-secp256k1-kem July 2023
Wabhy Expires 24 January 2024 [Page]
Workgroup:
Crypto Forum
Internet-Draft:
draft-wahby-cfrg-hpke-kem-secp256k1-00
Published:
Intended Status:
Informational
Expires:
Author:
R. S. Wabhy
Carnegie Mellon University

secp256k1-based DHKEM for HPKE

Abstract

This memo defines DHKEM-secp256k1, a variant of HPKE DHKEM (RFC9180) built on the secp256k1 elliptic curve.

About This Document

This note is to be removed before publishing as an RFC.

The latest revision of this draft can be found at https://github.com/kwantam/draft-wahby-cfrg-hpke-kem-secp256k1/. Status information for this document may be found at https://datatracker.ietf.org/doc/draft-wahby-cfrg-hpke-kem-secp256k1/.

Discussion of this document takes place on the Crypto Forum Research Group mailing list (mailto:cfrg@ietf.org), which is archived at https://mailarchive.ietf.org/arch/search/?email_list=cfrg. Subscribe at https://www.ietf.org/mailman/listinfo/cfrg/.

Source for this draft and an issue tracker can be found at https://github.com/kwantam/draft-wahby-cfrg-hpke-kem-secp256k1.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on 24 January 2024.

Table of Contents

1. Introduction

1.1. Motivation

The secp256k1 elliptic curve is widely used in blockchain applications. To date, several proposals have sought to allow users to use their keys for encryption. To enable this application, this document specifies a DHKEM mode for use with the secp256k1 elliptic curve. Several implementations appear to have sprung up ad-hoc; this document is written in hope of avoiding fragmentation in the ecosystem, particularly around HPKE KEM suite-id assignments.

2. Conventions and Definitions

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.

3. Construction

The secp256k1 elliptic curve is specified in [SEC2v2], Section 2.4.1. DHKEM is specified in [RFC9180], Section 4. In particular, the Decap, Encap, AuthDecap, and AuthEncap functions for DHKEM are defined in Section 4.1 of that document.

The secp256k1 DHKEM construction closely follows NIST-P256 DHKEM. See Section 5 for the precise specification.

3.1. Serializing and deserializing keys

Conversion functions in this section are defined in [SEC1v2].

  • The SerializePublicKey() function uses the uncompressed Elliptic-Curve-Point-to-Octet-String conversion.
  • The DeserializePublicKey() function uses the uncompressed Octet-String-to-Elliptic-Curve-Point conversion. Deserialized public keys MUST be validated before they can be used in a manner analogous to the one for NIST-P256 in [RFC9180], Section 7.1.4.
  • The SerializePrivateKey() function uses the Field-Element-to-Octet-String conversion. If the private key is an integer outside the range [0, order-1], where 'order' is the order of the curve being used, the private key MUST be reduced to its representative in [0, order-1].
  • The DeserializePrivateKey() function uses the Octet-String-to-Field-Element conversion.

3.2. DeriveKeyPair

The DeriveKeyPair() function is as described in [RFC9180], Section 7.1.3. For this curve, the bitmask value 0xff should be used. The order of the secp256k1 curve as defined in [SEC2v2], Section 2.4.1, is 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141.

4. Security Considerations

Please consult the security considerations from [RFC9180].

5. IANA Considerations

This document requests/registers a new entry to the "HPKE KEM Identifiers" registry.

Value:

0x0013 (please)

KEM:

DHKEM(secp256k1, HKDF-SHA256)

Nsecret:

32

Nenc:

65

Npk:

65

Nsk:

32

Auth:

yes

Reference:

[SEC2v2], [RFC9180]

6. Normative References

[RFC2119]
Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, , <https://www.rfc-editor.org/rfc/rfc2119>.
[RFC8174]
Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, , <https://www.rfc-editor.org/rfc/rfc8174>.
[RFC9180]
Barnes, R., Bhargavan, K., Lipp, B., and C. Wood, "Hybrid Public Key Encryption", RFC 9180, DOI 10.17487/RFC9180, , <https://www.rfc-editor.org/rfc/rfc9180>.
[SEC1v2]
"SEC 1: Elliptic Curve Cryptography", , <https://secg.org/sec1-v2.pdf>.
[SEC2v2]
"SEC 2: Recommended Elliptic Curve Domain Parameters", , <https://secg.org/sec2-v2.pdf>.

Appendix A. Acknowledgements

The author would like to thank Christopher Wood for his input.

Appendix B. Test Vectors

This section contains test vectors formatted similary to the ones found in [RFC9180]. These test vectors cover both Base and Auth setup for each of AES-128-GCM, AES-256-GCM, and ChaCha20-Poly1305. (PSK and AuthPSK are elided because their DHKEM operations are identical to Base and Auth, respectively.)

B.1. DHKEM(Secp256k1, HKDF-SHA256) HKDF-SHA256 AES-128-GCM

B.1.1. Base

info: 17adde3164d65a90d077fd9a0fdba665152c3336
ikmE: 4e627f7d755a76961e60ee218c2ab33ee877c49a2363bf03ae4dea2c811bf3c6
skEm: 3aa90cf5d3e08d7a153b0c4bc23913fd7eb59c936b5d17780d2f56f5dc58afb8
pkEm: 04917de747a0cc3dbc3f5dcc43953bce63f8abfcb0c52194bcc0d06fafd3176b
cabf5095aab38436368641df9fff17839c70774dbda7c9811a2ab7af3e66c88c49
ikmR: 1020a03f4ec8eaf31018ee2c06774580fa5c6a1d5ead187bbcaf1412d003e381
skRm: e1b5eca4c289765b68f24696466083b80f28b556fa9a7cd95a7e2c3b48ba5c96
pkRm: 042cca5011df9c9d1a091b98ef8606ccabdf727969ab1385ccbbf67c8168cce9
472fc1cdb426ecfd47185f9dd9c5bcffeaeb18b8f3ff93a3bcbaa38b4493b5465d
shared_secret: 7425a21c31b2359df693c00e1baf6804d4585a52eaf474365bcc6c6
50bb618bd
key: 5573fa4b33098b2e149a7dc611d33423
base_nonce: ebb56a270a01a914963d59db
exporter_secret: 114594ee4124586291a43b134cfd3e7c4f92101f496b3b5ceaa73
cc33adbbc5a
info: 1cdae379030a0423b12fc76ee1354749bede74e0
ikmE: e1528622348377db6d394241993bb5f4a743c94b2790a2e7546c1588ba4fd317
skEm: f19780f805f1f79f5439176c05abd39520d4d9c3438a59107e045a02ac37b7f3
pkEm: 046820789ecff937d62071faf1ad07a2aee7305a13ac4355e0776ce644ee313e
7b942b150a696f2fb49bdb56305c0bcea1d1dc5d4d4cda0ffc3715ebd68cf98727
ikmR: 01e6a31592cdb561760965669c453c12b8e0feb70fa73267ca5071a67fa4ffe4
skRm: 9b2a6f416777c7616f3aa6ad2cb0ccbb184eab57001fdebdaeec76a71b718247
pkRm: 04256656a2f1ead0b5ee419b46c79b3f3d8d58f60ca776460f7d7c29d2d65f3e
cd311c15742d28e8b5e21c6e688b83cf58e72d7fe7573fc365941e856a23bd9021
shared_secret: 303de8c4107fc806ae63dffacc17cfff804be96281377012685e635
7b5bae4be
key: 4c1fffd50efded12dd4a9f083a0c5e06
base_nonce: 39ca05f47a52b7b941f9ac2f
exporter_secret: 71d665e1adfc7c7727353778a50a2848b1ad6bcd8dfd1a42e585b
f17982522f3
info: d7306d0a1fd86999ef883c941e02c4975ec29f00
ikmE: 521029f944906302688dc165f61c3d75eaabcf96f26a30251e7d14f7d2162ff1
skEm: 470ac3e49a60dea044258efbb05294a348f9c47caf8480556d7d9e7cc48402bf
pkEm: 046b6edc8ce9a1af75f2dd5093447d96dc7179907eec61cf3104756333655ff9
a1bb3cde4ff87b85a1d1b145b4d030ab37cd961e8b3307c5eebef988593187b129
ikmR: f4027ea850c3b82daeddf7697e86be92ebb276a10b1eab7748acc024ca5d2c56
skRm: ef82b3f942608a8c9ff963e81ed6cfcb75c5ae60710785fd602af1e69efe76d2
pkRm: 04e917708468776d0a9e73391a50bdde464116070c6633397672d6ed17f4dbfc
0d529dcc48668fae09104bce796356a27f38d8fa7b30fe5a04b636b2fb79dcb401
shared_secret: 33c875b50b787d848c44ba15f0254b06dc741960ebeef449785a825
012877be9
key: 7731d0c066a96aa186bdd737d82935b4
base_nonce: ea769a21719af06c567b63f4
exporter_secret: eb1acea6009f9a5501f7233aa4a026a7ccf93f5efa5941345054b
d3ae3a72cdc

B.1.2. Auth

info: 70aa544b76a9d75a2b98682243489b1a2a315cc2
ikmE: 4c74b4c2bf105ba4390c23399b43a0f08de95686133e90288deafcea786f313e
skEm: b2bc74a68aff93ac1663bcd13b3ea8cf2f7eaac2db5f53ade7331aae04966d6c
pkEm: 04a4302f170988ddaea1a5bf836ddf390f5529b6af2c71e8d76ca0cba42f5950
a863ae8400c9e448ba17903347e0135a0024b026d766c3cbbe5b66771f4311946a
ikmR: f3dc9707eac8feb1a86c96279e23318fae9f3e2c04aca5ca9e2ace204488bd35
skRm: 466a2b469c3c3dc4807bad8b6ac545c166c7b777bcc2fa76019fe040d2a0be1f
pkRm: 04645b93ec92234c66d93cc6c3c669a5cc594c29319fedeb048b72cb944f3697
62134df193212ce0a97d0feea4833f1b9936463b6104d9122d4b77195faebccc15
ikmS: 9fbf7fcf111cc65b6079290c65d0839396104f2dfd39ad34196a4b29d4122383
skSm: 466a2b469c3c3dc4807bad8b6ac545c166c7b777bcc2fa76019fe040d2a0be1f
pkSm: 04645b93ec92234c66d93cc6c3c669a5cc594c29319fedeb048b72cb944f3697
62134df193212ce0a97d0feea4833f1b9936463b6104d9122d4b77195faebccc15
shared_secret: b2586d302829fea413f105a83f1842245f7aefb84b36ac56e50a64f
40601b06f
key: 3454df84c690f0597f3829f0bc12dbd5
base_nonce: 80a33a5387c80493033f7a54
exporter_secret: 02b1ff73ac6784ded824c0a569cd309e8a136c780c8db8d8a07da
d2bdbecd785
info: 1d49ad98eb394f251ca6ae5c0badb0573c85bcfd
ikmE: 769a0a841620dd1dbe74b394259ff53c8921a18cd839dd1dfc689efb6f0a50df
skEm: 371e64199a6ac640a96fcdfd8beef995349997a5e68097e7b92e18191ebc8f9d
pkEm: 048d4bc2572dda269bcf3c6467b271fba4721d45a6fb9f03ef258695598f94db
4c9e027311a165178f600dd82dc640f7e244f925b2253da6c78a88c35ec94b722f
ikmR: a19c255f687911e217deac27b4719003010c98fae415b7e1247f09357bdf8f10
skRm: fa51e9412fc39776f0384073be48ed6238f369d51a381a2682613fb82bf6bd2f
pkRm: 04a5b8e9c61db6166f8f17335e83963d1458bd768e4e3afaeab60a1141ef8bb7
9d570f89c2292beb8029381368d1b8b9cd1c80e7710a7b71b03b0624c2cd6668af
ikmS: eda7668b68703bac51603156c64b2e5a5d8958d7f501130b105ee7438593a7c2
skSm: fa51e9412fc39776f0384073be48ed6238f369d51a381a2682613fb82bf6bd2f
pkSm: 04a5b8e9c61db6166f8f17335e83963d1458bd768e4e3afaeab60a1141ef8bb7
9d570f89c2292beb8029381368d1b8b9cd1c80e7710a7b71b03b0624c2cd6668af
shared_secret: 59655c67610028531f8a2c36899f51b5598caba355bf50f4033c8ff
1fbdf391b
key: 2dfca01518b2f347f95f8dd6f3db2f33
base_nonce: ce6cfbc92e5b148afa7128a6
exporter_secret: 201c8b59ae2619271f4371a66385d7aeb63804f779d6f44a94e98
e8c4d026ef4
info: 8820687431c25b9b93bfa0b397bc1ab2f0dfe94f
ikmE: 0b4aed6b990fe00241d80c0bc417c08e3ebd9468371b1b96dc938c9ee2fb4a6c
skEm: c45c95e7277e1109f94b0c8aa268abb75eb3e8d74ff91158cccc748cad1dd45b
pkEm: 04ec78a28688cb438ca226066e9e7d0df1066a148bde9a2305c8fefd9a05c141
cdb903e57e02536e3635a2e16a693255a7bde7a1ea0d70a30cee540e6a540f7f1b
ikmR: 73740fb056be371fe34c0e638d766c0553e80a10b325145aa73694b899932522
skRm: 72849fc3dfb7b53978060772cc14c8e871a82b982acfe34d7f74cb3dc7617028
pkRm: 0403e9ab311e10d754c7e03c763ec6b499c4f2dc574659386f2ad3e26a4a64fe
4f77c370d7968e3d5dc0e8769f95518500d36e6587dde687be9e7eb577331b043d
ikmS: 6cfc950b8d36c5f06ced5a70bba7b936269aa30f7c122728eff2525099f3eb27
skSm: 72849fc3dfb7b53978060772cc14c8e871a82b982acfe34d7f74cb3dc7617028
pkSm: 0403e9ab311e10d754c7e03c763ec6b499c4f2dc574659386f2ad3e26a4a64fe
4f77c370d7968e3d5dc0e8769f95518500d36e6587dde687be9e7eb577331b043d
shared_secret: 7bed3e599c24583efb8838556cf50fc4e416d2a430d2a51eb1e232e
3fdd531a3
key: 794086d4b282c51eda49e4ffadcc19bb
base_nonce: dc0fc6ef83a464fc1f70d1c1
exporter_secret: 5b2fcf2c82940888b706ebec2b1190ec49d2f307bb5e35e73b5cb
6b0de785d26

B.2. DHKEM(Secp256k1, HKDF-SHA256) HKDF-SHA256 AES-256-GCM

B.2.1. Base

info: b546c00cece2e2ff0815eb0f8124fb9028c66e80
ikmE: 41233637379f346f4e70e9ca44c31e7ee284d42a5bfd72572ae8884a09aa355e
skEm: eddc7691cdff94f51c313da2e6ff8c293ede60703a59d39c1a498ce078063ad0
pkEm: 04c9775d6fcbffe6d1b12a9730cacbe0ff5e1e220fe3f69002cf7d3334c06beb
8c397f8b6532796cdcc4d3337c6199ab115eee8cde246236cb9fc8eba2e1be8a17
ikmR: 323c89b1ca03ca9c4ac6316d02f4604f2f6804665a13d8635786281f00f18006
skRm: 9f1232cd2d35ce0cbaa2d1d92558e1081b04efdad1a80cad4cdd0ec7dd2345bd
pkRm: 04d7381f1aff5516a3ed5a6f343145da73f94e758647da3c508228f25884f70f
9f0c086be655dfecf7ad3d04122bde4332e31529634005f695e994a21d7d6f89b5
shared_secret: 586317bcd60f082771d2b70aab94c46003e2290627f09c744f80a75
bf0dbfead
key: 0d88f6cfcf20cbb01e578de41b5c45ebf7218872b699ba805988c62d160d7e80
base_nonce: 41700da231ff95814f4d769e
exporter_secret: 8ea4244321527caa36e7519a6631a6751ccfad78526dd276f8027
cc8413005ed
info: 237b97992f7d59a4fa96f628b6ddb8d8fe9b74ef
ikmE: e94e2130878a3afb37d7a8447e7f8c3b83036c842c34710a46bc125cdb67207d
skEm: 23e8d5cfa01355398be06a507116ff3447048daf4ed93742691df96ec74f32de
pkEm: 04c0b8e19829110ae8aa75239279f9718a9b7984ad68e306009b1314da5571d6
6cc9b0a8a2105d1dc4c934dda6dd3a097363322957bcafb922e2e4569cd1ff30ef
ikmR: b93e2e31319435db36e3f59a7b27743d2beb3cc5c782d0cea69521d403b0e0c5
skRm: 0fa90333020235cd1497ab19f47be8e71f55b00d88448af653bce9d3387f751f
pkRm: 04c6108ba390d63749526fccdd56e5fbdc40b5eca27c5017705ab0acbc1e2837
5bbf53e9e5506680098651cf60ce9d75ea87939c5455696491ac8d4b38dd17bbf6
shared_secret: 323224394ce7da76d643c6ea9d0bc4a08c0772e3865710bac7c02a9
bb5ec2483
key: c05c800d9e6806912ecea95e7136fe0fc31ce058ced2d9532e9a9cab3a049946
base_nonce: 9039cfa7c4ed333871616aa3
exporter_secret: ae96e41f29f016db9b09c3b5a8e0887c7efb9ad9376b400a453da
981a70152b7
info: a2bb7b11f256061eaff55351e70f6feb1b584c05
ikmE: 8eaaded2e37e7ce4f15d161a6b0df3b83314c04238c7f766553f7c9f6710f700
skEm: a3f541c0b9aea23b971b072726967e4094204f5894eceb3890a4a552071f9842
pkEm: 04b94d970704fb8672628044c62590c2cbd686bb502871f5731eb0b61049ec6f
341bc154b8e5bf2913962c396cc3390a4fbd903c375927e6b80614ccb40ff5a518
ikmR: 6590a304421bb59ec56fe898a9c551f31ae24ac2b342200cd16ff338f6142065
skRm: 2cc53dad017a973c1e2918f0efd3b61c6447d0fe7287069fa7a3ba13693e458a
pkRm: 044b85b2b59a0f80d349050abe94f66c4f7795e27d0eec6406e63ccf96c97287
f42acb17be68da1973c1b1a1ae8002407463256fe7776d3fbd48a71ccfb31f3420
shared_secret: 3ac3f251fb170fb57ea81b25971f3402f6673235a9118487cde967a
99a3e91f7
key: e93e4030c32a3693ccb6ada22c46bceae3009e50c7dd4d41f50b29136a7c96bb
base_nonce: 00231ce2b2a4d8778ebdbdbe
exporter_secret: 7e647b832912ce9de4c8d7ce3542289d1360983f1ab88ccd4283e
6ea626440c1

B.2.2. Auth

info: 5d5e00224d79f2a0890265c0038cb8b95fa2cc2d
ikmE: 3e1ad67e84680247c9918dbfd60751b1b1a16191929c1f4302c18947b61980ea
skEm: fcda5828cfc61f86afc9f3c439cdf75474adf1076dc3be9e22a33310ac6ab940
pkEm: 044264fb48cba7475591708747be9b38662ed92e956a677095e7d2d9a954c85e
a9a0128076bd80ad82cd3304ad722ba5299d214da46ff0957e5926298a1b635431
ikmR: e536c3b25ca8e60c44a1788eca0d3cc74c143afa8418170f0219390d3c4bc291
skRm: e169bc6207c6c7a7d41767ee4e19e26fb7a051c3a433de01c5a659bf472b4675
pkRm: 04525a66bfaee2fb28fd7605686a75feedef823f69a5b9f726e6fc0447851084
9af1044e21a281f793baff5e09daa10684f1f8f48ab0c083823903d85723ea1cc8
ikmS: 88ddb133402f64de19356158d08deb4f26c1b03e0a7d86dd9bdf6811c5fcd131
skSm: e169bc6207c6c7a7d41767ee4e19e26fb7a051c3a433de01c5a659bf472b4675
pkSm: 04525a66bfaee2fb28fd7605686a75feedef823f69a5b9f726e6fc0447851084
9af1044e21a281f793baff5e09daa10684f1f8f48ab0c083823903d85723ea1cc8
shared_secret: 77ed3b0f0ed6f280e1528793b89e0db44d5ee9592963fbafb40c378
5b08ff6df
key: a3747040abc3ab5d7badf8a34295522a6df5fba9fadd0198e8363395e85b4869
base_nonce: fc72732417a99dee3b4186c1
exporter_secret: 619a415a68fc9c11149c0b30056cfb529d4c1111a81b41d60272a
e10530171f7
info: d6660fbfc7e847dd12b5fcbe7a2fd2cbf89213a7
ikmE: f0d45729871415f0a9bf35c7f8d571cfe888e630e9dce11dd99b52fa1cfb4fda
skEm: eb06c10831adad3f6eb26eeaa20dd21641df13bdbb3570caf54575a4b310a302
pkEm: 049d6e8685ee9e0cf5710fadec235b48f0be768cdc208ea33b335b5a1f888d2d
97efa1fe42532a52968fc9f728d81a12a404b2e78345309ab1fee32b023a010b0f
ikmR: 0cc37e627d373599331c3db629be6d25dd0484abaccca3797280e4e32a5c1b5e
skRm: 7f30e894edc38aa437536e467aaef80725a29bd96c6c6008b622ab2f044efb5e
pkRm: 040c07a6ef58e5ff36ef8d2c5a92f746c40e4103225b54ae8b242549f7e1b327
a13a7d8d3f3056cb8ab09b05ef89e0d79ae94b7c872960be75287ee6a970424832
ikmS: 81f8f68edca7e035e2ee951bbe9bfe23ee9c9728827b859e8ccd680fa6dd87e5
skSm: 7f30e894edc38aa437536e467aaef80725a29bd96c6c6008b622ab2f044efb5e
pkSm: 040c07a6ef58e5ff36ef8d2c5a92f746c40e4103225b54ae8b242549f7e1b327
a13a7d8d3f3056cb8ab09b05ef89e0d79ae94b7c872960be75287ee6a970424832
shared_secret: 2b096d4102bd3434a1a0fa0819e9c4fd75cf7fe2e41a221ffcc4ff1
33e987f2d
key: d49b6734eba28e723971aa45ecf92c41dd37e349c4282f5c3b13112469879547
base_nonce: f4aced0329318cb7f579efef
exporter_secret: f53a997abaef4c11b9d3d832e0817deded7e430606230ace13d30
6de04aa481c
info: f9b3f2ca40d56439b72c07ea5c06886c4acc683f
ikmE: 2206f1169f0d68e199a2a9bb2cf484d83090cae9b593eba1635f80e6c0435cf0
skEm: 0c65212daab206080d681138bf627d1a61cca4c85ca6e10b4ef4fc8684b5cf45
pkEm: 04c4ffebdf2032fb882cf940343a9c5331cdf7da987631ba66052ac08969d4c4
cbd77188a4c0530e04ca543f95000c600b01dbcd78d70b2740b6b4f3520a6ad74c
ikmR: 3c45964e1d076031406ce364ff2fce2271ef1b3966fe6596a7adf132bb00399f
skRm: b8013cce7f7d142cd624a2c27bd4332d5958d8fe27ae60825bdddd5f9bd92fa2
pkRm: 04f9d911550b105e990dd4a92c0ec6a79f85542bc205421118896879f5133f26
bfd1042a617756035ac22de3a430f0d11ed5d460546a04918903f24a70a2a5b93c
ikmS: be586f34314201e16cf2f1e0d94a49e772c99ce77ae04670fd496bf361c68e2b
skSm: b8013cce7f7d142cd624a2c27bd4332d5958d8fe27ae60825bdddd5f9bd92fa2
pkSm: 04f9d911550b105e990dd4a92c0ec6a79f85542bc205421118896879f5133f26
bfd1042a617756035ac22de3a430f0d11ed5d460546a04918903f24a70a2a5b93c
shared_secret: e0e1e73c593afcfa03fdbba4d6a1f58eb4889e3e919493a4aca8896
904da119b
key: 3a9ba5804887b3d6d25242de9aed14f7b5f18dfc219e0515fbe09c0499449417
base_nonce: 1428dc91b7bd8fff443f9bfd
exporter_secret: bffd0025b62ed7f387e34b74c9b169d87f42aa23908c05089cf7f
7b7d7b6600b

B.3. DHKEM(Secp256k1, HKDF-SHA256) HKDF-SHA256 ChaCha20-Poly1305

B.3.1. Base

info: 609dcb9844f8412343191f93add1177186c03a36
ikmE: 77caf1617fb3723972a56cd2085081c9f66baae825ce5f363c0a86ec87013fa0
skEm: 11c22e306f2b770cc1ce54371d1469c99ce0db728a76add54dba1376cbd98739
pkEm: 0496dee83ccd93e02c32c1e9be45f6e828ba9c3607a46a17e009ba0b2c178360
84c033be427ed83f47f6a2972d9e5bca25af7901870af748b4218c4315cdc5a330
ikmR: 71b530bed75fc3fa2f8e8bb163203e6ee676565cc61cd59d66352676341c0688
skRm: d542e67fb8ea5664326b25db7bd433c3fef73a844142a14714c8854de256a5a9
pkRm: 04c89a433470030c26c2a52f6d5d45d45a26f0ae254ea0cc291cc5d14477bc98
214c50dd7d302e6942e588620c2ecac94abdde5bff2ea56d1a7e2599b472d2275e
shared_secret: 8bd3f75687f3ca96bce0abe3348aecebb30cdce6980a621fd513b20
f2fe1db92
key: 4849dc5df5ec0c934e561f8e37171d370b40dcff7365bdef69488c857c02268c
base_nonce: d8511fcf67a99633dbaae70e
exporter_secret: 31668ab75791e87802c98999aba6d4d2a0854ee10d9a4fd5c4014
17daca1c5e9
info: 325c816adeee49bea410f0db92947892378f6e0c
ikmE: 597ba1fe9a4db02225bbb3e4cd150ceb68636e84d80e728f1be6b22e8aeefcb0
skEm: 6e948979dcc6e1aebe16c3d79e7ecb581df3f57bc9cd865c2563d62d5252672f
pkEm: 045dcee10c93c5992518bb45951453281d55e4d67b013eb786aa48bbbb34e3b5
ec5b18de4f6f038396e962507fc1a96562eee6dfbb97de22cefa4601feca3d25b3
ikmR: 9cabb8ddac5293c96ffcdaa3aa1c797ecba36f9c2d21ce27495f52ea80497a5c
skRm: 6af3907b34d8cf648c06dbc56587a78e62c931ea0ac786f39506dfbcbcb99b1c
pkRm: 0463d06169b2a496aaa66fdaa501e409476e8a2547ba57360268cf2f6ede05e0
4505952830f140ddcf35c94523d1da083cffcc628d7931e82662c220396ca907df
shared_secret: f7465f0a3b25a5319ed4ec251e217d401c4529e58bba2a65e224f9e
fd741588f
key: c17cf5cd4b4eb4a45e1379540dadba34ad350ce667cd24aa1708959bc8464fa7
base_nonce: 1bf67f5a3578cae2fd7935f1
exporter_secret: a4a6130cab42b879e0f35d0aee95a3f49bdb6d6ef1198eef31d20
37859cf60c6
info: 5d274e2436d921573ba466fb5ebef86bd5f77f34
ikmE: 149db0ca6bd0bdabbfca4a61c4a6507efff33eedd844d9e1c299cbaab3a1d006
skEm: f5bacfdc7be4046ee2ea74ae1eea9a3d0699e6de16e647596ef4ec5dd3b72dcc
pkEm: 046cd1374db8f3101cead81f8f8cf696dc60fe8e7d82a615d0ea54068b853383
78441b9e74fd3e2425c09021f20df5d7274b3158b46557d33384650d6a8f521882
ikmR: 2d00ee3b22d16bd33224c2cd32158437bd0e0e3c053307d697b70e55f578f009
skRm: e0bb959c437045817752ee1cda84b4ed58acbdc48c4101b42e02258f2b19fda0
pkRm: 04aaa96b92e77fd8b0be3d4afc89238975d7d7c8207d7547bef99bcb20822399
c6ea2f5024a23a7dfa00824a826edee87ba6d5b9e405988d06a8f9477ec6ea8290
shared_secret: 2663987e21d3c0053a047ef0a73d90d177babb3ea725e821bfba4e3
051e6ce79
key: 58d49b7f63df4977c3ef09736ea1ae8d61cac2f97a96a92908c10977eb4efb78
base_nonce: c6eddf28508a9d4d171053e5
exporter_secret: 939c4610b1ed9dd59da29e24c5fbf3a324af1e303ed7e072eb9e6
3ea5520e350

B.3.2. Auth

info: 42bb2361c10ad20c7f7403d3e048f8f74139258a
ikmE: f402a160b0dd43a5490e9315dd8ea386eb3b2bde9e252857e8a3132fa084506b
skEm: b028cafc5988d4bba52c854116043e9058f5eadf037b35340beb33fcf79ef5b4
pkEm: 0495d048e3dcaf7c1898b0c236a485d32ed42f17001713df3c2b39be66220b8a
a225d9d7f206914ee700bd8777fda3c939c50ed861cb96f7ad9bb6e59bb41ade91
ikmR: d574268376eddb281b0dd1a5fda3f073d1b7b070a90387727e7433d87ec80d6d
skRm: 4001b20a1b3a561cd253bf63b90bc610867b2cdde7fc733d1e85e1c21b982615
pkRm: 04d5e06e6f3add1ad05dc74bbdec7021c79b0cbcf351f7d162aee7afc4d77d65
524b39af1b2c27c3acdd4dae0d236b2f7c68d6708ba335e9ffae6dbf078834f1ee
ikmS: e9e68de251a00dcf0d91ca20883153bb69b912df0ba9c20938407c787f44ea67
skSm: 4001b20a1b3a561cd253bf63b90bc610867b2cdde7fc733d1e85e1c21b982615
pkSm: 04d5e06e6f3add1ad05dc74bbdec7021c79b0cbcf351f7d162aee7afc4d77d65
524b39af1b2c27c3acdd4dae0d236b2f7c68d6708ba335e9ffae6dbf078834f1ee
shared_secret: 8e0daf42fd6a0007caab78e3b59045a698938ec0e189d2efa5d39c7
a749f6537
key: d03f8c98e989dfd22bafa4e23df563e47863485d60557a8d3848de16f7565952
base_nonce: df175b40959a09af6f71f8aa
exporter_secret: f7e947cfa40208be454c9a38f5adbe1ca049f60fc40881ab641c7
90719553403
info: e15ab879ecc83017469ec2bf48a288adc97035a3
ikmE: 744f6bf36c108984aab7c03eea5feb427c03f4f3ecc4dca500f70c3a467c5cdd
skEm: a125a293043809a318a73f3c793300f177dfa2077ad95f96e6ed5cc65791f8d9
pkEm: 044147aa9174f84d146ada83ebd673c86286c28b0576d96123636487f7ca2fd9
a5006ce8bc7b7592091a5668ccea1198b11dc67fa18f06fa8d427a2c42ea1c4921
ikmR: d11ebff931558abd86811790816a9163fe2bdb6f3c07e8157510e2bf73d7c3de
skRm: 484202867e52d3a6312a5896f136e94cdd5331799ebd7312d527969416a0af35
pkRm: 0453fac7c67d79ac93a672222eeb6ac59b93c57e287a65759b64130c6dccf9b4
70e55137bfbf2c033fb46481821cd9b6944bc361372a74e0504e3613b9f21aaff9
ikmS: ea62965347a6e7dac5787b43623383a8e722f925bb81c88a58508433859847e8
skSm: 484202867e52d3a6312a5896f136e94cdd5331799ebd7312d527969416a0af35
pkSm: 0453fac7c67d79ac93a672222eeb6ac59b93c57e287a65759b64130c6dccf9b4
70e55137bfbf2c033fb46481821cd9b6944bc361372a74e0504e3613b9f21aaff9
shared_secret: caaa1cd976d03edb181cc9376ee4de022ef94fbd7c853bf21c8ac0d
eb6938984
key: d4106c4cb9203a20e0823dd39e22346b647bc765bf2177dc395544a1b591c599
base_nonce: 004efacd84c23708001b4a7d
exporter_secret: ac70932ea6d02317e90ddaf0bde1e1f555092c1df4199eb61a265
b07db1b59a9
info: 76984d45b8f9873c786889869e0520afdf0a1044
ikmE: 682d4606d4d401bce174fd98c88e6a395f79b903216eb8b2a38b7b2081f6709b
skEm: 95e2227ea4331b97b62d5cbd1fcaee4f3f0388194a92b0d67f99a01c1af976c8
pkEm: 04c8d753c3c17d6459a0a8cef9d63a8d92e7eff14eb0e1e45743ac0e92fdd9fa
ef71d7a2b6b65b89b68794e34050a3b78b0bf2d8d840b680f0eaf077fc7e989d93
ikmR: c92d590379d06dfe53f19c4785248a21efda81f3e2b39acd30dc088e110b86f9
skRm: d5f3113e0c49fc1804b0d5688288f0ede262622fa1d74f762916e9ec0232a565
pkRm: 04609183acc9ba7e9cf7910e04f532d52c6fa2d8233966cb8c4684bcf183309f
12c6f7e4ebe593bedc4caf3bf30352ea417f8d816d405c543ef4a16c9e6df4a71c
ikmS: d4954c6a2ffdd1e7e8a87798abeb92b7133b0813df1fe32d3a04eb048d9e3068
skSm: d5f3113e0c49fc1804b0d5688288f0ede262622fa1d74f762916e9ec0232a565
pkSm: 04609183acc9ba7e9cf7910e04f532d52c6fa2d8233966cb8c4684bcf183309f
12c6f7e4ebe593bedc4caf3bf30352ea417f8d816d405c543ef4a16c9e6df4a71c
shared_secret: 13ec3257b4a09bb13ee6c203e7171f0899a50648bd4288f6c7cc6bf
8e84cbcf4
key: 1417c6db2e575b59aad121371a8af4ed63d2cf59463db732fc0269549860569b
base_nonce: 26fb5a652305c50006bf4dd9
exporter_secret: d75874c10ae072e48be6288b360154d488d3d19bceab2f27abea0
15eab166eb2

Author's Address

Riad Wahby
Carnegie Mellon University