Ruhr-Uni-Bochum

Analysing the HPKE Standard

2021

Konferenz / Medium

Autor*innen

Benjamin Lipp Bruno Blanchet Doreen Riepel Eduard Hauck Eike Kiltz Joël Alwen

Research Hub

Research Hub A: Kryptographie der Zukunft

Research Challenges

RC 1: Cryptography against Mass Surveillance

Abstract

The Hybrid Public Key Encryption (HPKE) scheme is an emerging standard currently under consideration by the Crypto Forum Research Group
(CFRG) of the IETF as a candidate for formal approval. Of the four modes of HPKE, we analyse the authenticated mode HPKEAuth in its single-shot encryption form as it contains what is, arguably, the most novel part of HPKE. HPKEAuth ’s intended application domain is captured by a new primitive which we call Authenticated Public Key Encryption (APKE). We provide syntax and security definitions for APKE schemes, as well as for the related Authenticated Key Encapsulation Mechanisms (AKEMs). We prove security of the AKEM scheme DH-AKEM underlying HPKEAuth based on the Gap Diffie-Hellman assumption and provide general AKEM/DEM composition theorems with which to argue about HPKEAuth ’s security. To this end, we also formally analyse HPKEAuth ’s key schedule and key derivation functions. To increase confidence in our results we use the automatic theorem proving tool CryptoVerif. All our bounds are quantitative and we discuss their practical implications for HPKEAuth .As an independent contribution we propose the new framework of nominal groupsthat allows us to capture abstract syntactical and security properties of practical elliptic curves, including the Curve25519 and Curve448 based groups (which do not constitute cyclic groups).

Tags

Asymmetric Cryptography
Cryptographic Protocols