Post-Quantum and Post-Quantum/Traditional Hybrid Algorithms for HPKE
draft-barnes-hpke-pq-00
| Document | Type | Replaced Internet-Draft (candidate for hpke WG) Expired & archived | |
|---|---|---|---|
| Author | Richard Barnes | ||
| Last updated | 2025-05-11 (Latest revision 2025-04-13) | ||
| Replaced by | draft-ietf-hpke-pq | ||
| RFC stream | Internet Engineering Task Force (IETF) | ||
| Intended RFC status | (None) | ||
| Formats | |||
| Additional resources | Mailing list discussion | ||
| Stream | WG state | Call For Adoption By WG Issued | |
| Document shepherd | (None) | ||
| IESG | IESG state | Replaced by draft-ietf-hpke-pq | |
| Consensus boilerplate | Unknown | ||
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
Updating key exchange and public-key encryption protocols to resist attack by quantum computers is a high priority given the possibility of "harvest now, decrypt later" attacks. Hybrid Public Key Encryption (HPKE) is a widely-used public key encryption scheme based on combining a Key Encapsulation Mechanism (KEM), a Key Derivation Function (KDF), and an Authenticated Encryption with Associated Data (AEAD) scheme. In this document, we define KEM algorithms for HPKE based on both post-quantum KEMs and hybrid constructions of post- quantum KEMs with traditional KEMs, as well as a KDF based on SHA-3 that is suitable for use with these KEMs. When used with these algorithms, HPKE is resilient with respect to attack by a quantum computer.
Authors
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)