]> SandboxAQ

durumcrustulum@gmail.com

IRTF Crypto Forum post quantum kem PQ hpke hybrid encryption This memo defines ML-KEM-based ciphersuites for HPKE (). ML-KEM is believed to be secure even against adversaries who possess a cryptographically-relevant quantum computer. About This Document The latest revision of this draft can be found at . Status information for this document may be found at . Discussion of this document takes place on the Crypto Forum Research Group mailing list (), which is archived at . Subscribe at . Source for this draft and an issue tracker can be found at .

Introduction

Motivation The final draft for ML-KEM is expected in 2024. For parties that must move to exclusively post-quantum algorithms, having a pure PQ choice for public-key hybrid encryption is desireable. HPKE is the leading modern protocol for public-key encryption, and ML-KEM as a post-quantum IND-CCA2-secure KEM fits nicely into HPKE's design. Supporting multiple security levels for ML-KEM allows a spectrum of use cases including settings where NIST PQ security category 5 is required.

Not an authenticated KEM ML-KEM is a plain KEM that does not support the static-static key exchange that allows HPKE based on Diffie-Hellman based KEMs its (optional) authenticated modes.

Conventions and Definitions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

Usage supports two different key formats, but this document only supports the 64-byte seed (d, z). This format supports stronger binding properties for ML-KEM than the expanded format that protect against re-encapsulation attacks and bring the usage of ML-KEM in practice closer to the generic DHKEM binding properties as defined in . We construct 'wrapper' KEMs based on ML-KEM to bind the KEM shared secret to the KEM ciphertext, such that the final KEM has similar binding security properties as the original DHKEM which HPKE was designed around. The encapsulation and decapsulation keys are computed, serialized, and deserialized the same as in where the decapsulation keys MUST be in the 64-byte (d, z) format. The 'expanded' format where the decapsulation key is expanded into a variable size based on the parameter set but includes the hash of the encapsulation key MUST NOT be used. We use HKDF-SHA256 and HKDF-SHA512 as the HPKE KDFs and AES-128-GCM and AES-256-GCM as the AEADs for ML-KEM-512, ML-KEM-768, and ML-KEM-1024.

AuthEncap and AuthDecap HPKE-ML-KEM is not an authenticated KEM and does not support AuthEncap() or AuthDecap(), see .

Security Considerations HPKE's IND-CCA2 security relies upon the IND-CCA and IND-CCA2 security of the underlying KEM and AEAD schemes, respectively. ML-KEM is believed to be IND-CCA secure via multiple analyses. The HPKE key schedule is independent of the encapsulated KEM shared secret ciphertext of the ciphersuite KEM, and dependent on the shared secret produced by the KEM. If HPKE had committed to the encapsulated shared secret ciphertext, we wouldn't have to worry about the binding properties of the ciphersuite KEM's X-BIND-K-CT properties. These computational binding properties for KEMs were formalized in . describes DHKEM as LEAK-BIND-K-PK and LEAK-BIND-K-CT secure as result of the inclusion of the serialized DH public keys in the DHKEM KDF; however it expects pre-validated keys and never explicitly rejects, making it implicitly-rejecting KEM. ML-KEM, unlike DHKEM, is also an implicitly-rejecting instantiation of the Fujisaki-Okamoto transform, meaning the ML-KEM output shared secret may be computed differently in case of decryption failure, that reults in different binding properties, such as the lack of X-BIND-CT-PK and X-BIND-CT-K completely. The DHKEM construction in HPKE can provide MAL-BIND-K-PK and MAL-BIND-K-CT security (the shared secret 'binds' or uniquely determines the encapsulation key and the encapsualted shared secret ciphertext), where the adversary is able to create the key pairs any way they like in addition to the key generation. ML-KEM as specified with the seed key format provides MAL-BIND-K-CT security and LEAK-BIND-K-PK security . LEAK-BIND-K-PK security is resiliant where the involved key pairs are output by the key generation algorithm of the KEM and then leaked to the adversary. MAL-BIND-K-CT security strongly binds the shared secret and the ciphertext even when an adversary can manipulate key material like the decapsulation key. ML-KEM nearly matches the binding properties of HPKE's default KEM generic construction DHKEM in being MAL-BIND-K-CT and LEAK-BIND-K-PK, and in fact exceeds the bar set by DHKEM in being MAL-BIND-K-CT secure when using the seed key format.

IANA Considerations This document requests/registers two new entries to the "HPKE KEM Identifiers" registry.

Value:

0x0512 (please)

KEM:

ML-KEM-512

Nsecret:

32

Nenc:

768

Npk:

800

Nsk:

1632

Auth:

no

Reference:

This document

Value:

0x0768 (please)

KEM:

ML-KEM-768

Nsecret:

32

Nenc:

1088

Npk:

1184

Nsk:

2400

Auth:

no

Reference:

This document

Value:

0x1024 (please)

KEM:

ML-KEM-1024

Nsecret:

32

Nenc:

1568

Npk:

1568

Nsk:

3168

Auth:

no

Reference:

This document

References Normative References This document describes a scheme for hybrid public key encryption (HPKE). This scheme provides a variant of public key encryption of arbitrary-sized plaintexts for a recipient public key. It also includes three authenticated variants, including one that authenticates possession of a pre-shared key and two optional ones that authenticate possession of a key encapsulation mechanism (KEM) private key. HPKE works for any combination of an asymmetric KEM, key derivation function (KDF), and authenticated encryption with additional data (AEAD) encryption function. Some authenticated variants may not be supported by all KEMs. We provide instantiations of the scheme using widely used and efficient primitives, such as Elliptic Curve Diffie-Hellman (ECDH) key agreement, HMAC-based key derivation function (HKDF), and SHA2. This document is a product of the Crypto Forum Research Group (CFRG) in the IRTF. National Institute of Standards and Technology In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings. Informative References CISPA Helmholtz Center for Information Security CISPA Helmholtz Center for Information Security CISPA Helmholtz Center for Information Security

Acknowledgments The authors would like to thank Cas Cremers for their input.

Change log

• RFC Editor's Note: Please remove this section prior to publication of a final version of this document.

TODO

Since draft-connolly-cfrg-hpke-mlkem-00 TODO

Test Vectors This section contains test vectors formatted similary to that which are found in , with two changes. First, we only provide vectors for the non-authenticated modes of operation. Secondly, as ML-KEM encapsulation does not involve an ephemeral keypair, we omit the ikmE, skEm, pkEm entries and provide an ier entry instead. The value of ier is the randomness used to encapsulate, so ier[0:32] is the seed that is fed to H in the first step of ML-KEM encapsulation in .

ML-KEM-512, HKDF-SHA256, AES-128-GCM TODO

ML-KEM-768, HKDF-SHA256, AES-128-GCM TODO

ML-KEM-1024, HKDF-SHA512, AES-256-GCM TODO