Hybrid Public Key Encryption (HPKE)
E873495
Hybrid Public Key Encryption (HPKE) is a cryptographic framework that combines public-key and symmetric-key techniques to provide flexible, interoperable encryption for modern protocols such as TLS, QUIC, and MLS.
Observed surface forms (1)
| Surface form | Occurrences |
|---|---|
| Hybrid Public Key Encryption | 0 |
Statements (50)
| Predicate | Object |
|---|---|
| instanceOf |
cryptographic framework
ⓘ
public-key encryption scheme ⓘ |
| abbreviation | HPKE ⓘ |
| basedOn |
Diffie-Hellman key exchange
NERFINISHED
ⓘ
Key Encapsulation Mechanisms NERFINISHED ⓘ |
| canUseAEAD |
AES-128-GCM
ⓘ
ChaCha20-Poly1305 NERFINISHED ⓘ |
| canUseKDF | HKDF-SHA256 ⓘ |
| canUseKEM |
DHKE on NIST P-256
ⓘ
DHKEM(X25519) ⓘ |
| component |
AEAD cipher
ⓘ
Authenticated Encryption with Associated Data ⓘ KDF ⓘ KEM private key ⓘ KEM public key ⓘ Key Encapsulation Mechanism ⓘ Key Schedule ⓘ |
| definedIn | RFC 9180 NERFINISHED ⓘ |
| designGoal |
avoid protocol-specific assumptions
ⓘ
be reusable across protocols ⓘ be simple to implement ⓘ |
| property |
sender can be anonymous or authenticated
ⓘ
supports export of secret material ⓘ supports multiple AEAD algorithms ⓘ supports multiple KDFs ⓘ supports multiple KEMs ⓘ supports multiple ciphersuites ⓘ supports pre-shared keys ⓘ |
| purpose |
provide authenticated encryption
ⓘ
provide forward secrecy ⓘ provide hybrid public-key encryption ⓘ provide interoperability for modern protocols ⓘ |
| securityGoal |
IND-CCA2 security for ciphertexts
ⓘ
confidentiality of application data ⓘ forward secrecy in some modes ⓘ integrity of application data ⓘ |
| standardizedBy |
Internet Engineering Task Force
ⓘ
surface form:
IETF
|
| supports |
Messaging Layer Security
NERFINISHED
ⓘ
Oblivious HTTP NERFINISHED ⓘ QUIC NERFINISHED ⓘ TLS NERFINISHED ⓘ general-purpose application-layer encryption ⓘ |
| supportsMode |
Authenticated PSK mode
ⓘ
Authenticated mode ⓘ Base mode ⓘ PSK mode ⓘ |
| usedIn |
Oblivious HTTP deployments
ⓘ
TLS Encrypted ClientHello experiments ⓘ |
| uses |
public-key cryptography
ⓘ
symmetric-key cryptography ⓘ |
Referenced by (1)
Full triples — surface form annotated when it differs from this entity's canonical label.