Analysing the HPKE Standard - Archive ouverte HAL Access content directly
Reports (Research Report) Year : 2020

Analysing the HPKE Standard

(1) , (2) , (3) , (3) , (2) , (3)
1
2
3
Joël Alwen
  • Function : Author
  • PersonId : 1088731
Bruno Blanchet
Eduard Hauck
  • Function : Author
  • PersonId : 1088732
Eike Kiltz
  • Function : Author
  • PersonId : 1088733
Benjamin Lipp
Doreen Riepel
  • Function : Author
  • PersonId : 1088734

Abstract

The Hybrid Public Key Encryption (HPKE) scheme is an emerging standard currently under consideration by the Crypto Forum Research Group (CFRG) of the IETF as a candidate for formal approval. Of the four modes of HPKE, we analyse the authenticated mode HPKE Auth in its single-shot encryption form as it contains what is, arguably, the most novel part of HPKE and has applications to other upcoming standards such as MLS. HPKE Auth 's intended application domain is captured by a new primitive which we call Authenticated Public Key Encryption (APKE). We provide syntax and security definitions for APKE schemes, as well as for the related Authenticated Key Encapsulation Mechanisms (AKEMs). We prove security of the AKEM scheme DH-AKEM underlying HPKE Auth based on the Gap Diffie-Hellman assumption and provide general AKEM/DEM composition theorems with which to argue about HPKE Auth 's security. To this end, we also formally analyse HPKE Auth 's key schedule and key derivation functions. To increase confidence in our results we use the automatic theorem proving tool CryptoVerif. All our bounds are quantitative and we discuss their practical implications for HPKE Auth. As an independent contribution we propose the new framework of nominal groups that allows us to capture abstract syntactical and security properties of practical elliptic curves, including the Curve25519 and Curve448 based groups (which do not constitute cyclic groups).
Fichier principal
Vignette du fichier
2020-1499v2.pdf (850.1 Ko) Télécharger le fichier
Origin : Files produced by the author(s)

Dates and versions

hal-03113251 , version 1 (18-01-2021)
hal-03113251 , version 2 (08-12-2021)

Identifiers

  • HAL Id : hal-03113251 , version 2

Cite

Joël Alwen, Bruno Blanchet, Eduard Hauck, Eike Kiltz, Benjamin Lipp, et al.. Analysing the HPKE Standard. [Research Report] IACR Cryptology ePrint Archive. 2020. ⟨hal-03113251v2⟩
329 View
131 Download

Share

Gmail Facebook Twitter LinkedIn More