Internet-Draft | hpke-xyber768d00 | May 2024 |
Westerbaan & Wood | Expires 15 November 2024 | [Page] |
This memo defines X25519Kyber768Draft00, a hybrid post-quantum KEM, for HPKE (RFC9180). This KEM does not support the authenticated modes of HPKE.¶
This note is to be removed before publishing as an RFC.¶
The latest revision of this draft can be found at https://bwesterb.github.io/draft-westerbaan-cfrg-hpke-xyber768d00/draft-westerbaan-cfrg-hpke-xyber768d00.html. Status information for this document may be found at https://datatracker.ietf.org/doc/draft-westerbaan-cfrg-hpke-xyber768d00/.¶
Discussion of this document takes place on the Crypto Forum Research Group mailing list (mailto:[email protected]), which is archived at https://mailarchive.ietf.org/arch/search/?email_list=cfrg. Subscribe at https://www.ietf.org/mailman/listinfo/cfrg/.¶
Source for this draft and an issue tracker can be found at https://github.com/bwesterb/draft-westerbaan-cfrg-hpke-xyber768d00.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 15 November 2024.¶
Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document.¶
The final draft for Kyber is expected in 2024. There is a desire to deploy post-quantum cryptography earlier than that. To promote interoperability of early implementations, this document specifies a preliminary hybrid post-quantum key agreement.¶
Kyber is a plain KEM that does not support the static-ephemeral key exchange that allows HPKE based on Diffie-Hellman based KEMs its (optional) authenticated modes.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
In short, X25519Kyber768Draft00 is the parallel combination of DHKEM(X25519, HKDF-SHA256) [RFC9180] [RFC7748] and Kyber768Draft00 [KYBER]: wire encodings of public key, private key, cipher texts and shared secrets are simple concatenations.¶
A KEM private key is a tuple of an DHKEM(X25519, HKDF-SHA256) private key and Kyber768Draft00 private key, where each is an octet string of length 32 and 2400 bytes, respectively. Similarly, a KEM public key is a tuple of an DHKEM(X25519, HKDF-SHA256) public key and Kyber768Draft00 public key.¶
Kyber768Draft00 is Kyber768 as submitted to the third round of the NIST PQC process [KyberV302], where it is also known as v3.02.¶
Note that this hybrid KEM is different from the one defined in [TLS-XYBER] based on [HYBRID] for TLS, as raw X25519 shared secrets can be used, thanks to the message transcript.¶
We use HKDF-SHA256 as the HPKE HKDF. We denote the DHKEM(X25519, HKDF-SHA256) KEM as DHKEM throughout the document.¶
SerializePublicKey and DeserializePublicKey encode and decode X25519Kyber768Draft00 public keys to and from their wire format representation. Their implementation is described below.¶
Note that DHKEM public keys MUST be validated before they can be used as stipulated in Section 7.1.1 of [RFC9180].¶
def SerializePublicKey(pkX): (pkA, pkB) = pkX return concat( DHKEM.SerializePublicKey(pkA), pkB ) def DeserializePublicKey(pkXm): return ( DHKEM.DeserializePublicKey(pkXm[0:32]), pkXm[32:1216] )¶
DHKEM.SerializePublicKey() and DHKEM.DeserializePublicKey() are SerializePublicKey() and respectively DeserializePublicKey() as defined for DHKEM in Section 7.1.1 of [RFC9180].¶
SerializePrivateKey and DeserializePrivateKey encode and decode X25519Kyber768Draft00 private keys to and from their wire format representation. Their implementation is described below.¶
def SerializePrivateKey(skX): (skA, skB) = skX return concat( DHKEM.SerializePrivateKey(skA), skB ) def DeserializePrivateKey(skXm): return ( DHKEM.DeserializePrivateKey(skXm[0:32]), skXm[32:2432] )¶
DHKEM.SerializePrivateKey() and DHKEM.DeserializePrivateKey() are SerializePrivateKey() and respectively DeserializePrivateKey() as defined for DHKEM in Section 7.1.2 of [RFC9180].¶
DeriveKeyPair deterministically derives a X25519Kyber768Draft00 private and public key pair from a fixed-length seed. In particular, a single seed is stretched and passed to the relevant key derivation functions for DHKEM and Kyber768Draft00.¶
def DeriveKeyPair(ikm): dkp_prk = LabeledExtract("", "dkp_prk", ikm) seed = LabeledExpand(dkp_prk, "sk", "", 32 + 64) seed1 = seed[0:32] seed2 = seed[32:96] sk1, pk1 = DHKEM.DeriveKeyPair(seed1) sk2, pk2 = Kyber768Draft00.DeriveKeyPair(seed2) return (concat(sk1, sk2), concat(pk1, pk2))¶
DHKEM.DeriveKeyPair() is DeriveKeyPair() defined for DHKEM in Section 7.1.3 of [RFC9180]. Kyber768Draft00.DeriveKeyPair() is the key generation as defined in Section 11.1 of [KYBER].¶
The suite_id used implicitly in LabeledExtract() and LabeledExpand() on lines 2 and 3, is derived from the KEM identifier of the hybrid (0x0030).¶
The suite_id used implicitly in LabeledExpand() and LabeledExtract() within DHKEM.DeriveKeyPair() is the KEM identifier of DHKEM (0x0020).¶
ikm SHOULD be at least 32 octets in length. (This is contrary to [RFC9180] which stipulates it should be at least Nsk=2432 octets in length.)¶
Encap and Decap are the primary KEM functions. Their implementation is described below.¶
def Encap(pkR): (pkA, pkB) = pkR (ss1, enc1) = DHKEM.Encap(pkA) (ss2, enc2) = Kyber768Draft00.Encap(pkB) return ( concat(ss1, ss2), concat(enc1, enc2) ) def Decap(enc, skR): (skA, skB) = skR enc1 = enc[0:32] enc2 = enc[32:1120] ss1 = DHKEM.Decap(enc1, skA) ss2 = Kyber768Draft00.Decap(enc2, skB) return concat(ss1, ss2)¶
The suite_id used implicitly in the LabeledExtract() and LabeledExpand() within DHKEM.Encap() and DHKEM.Decap() is the one derived from the KEM id of DHKEM (0x0020).¶
X25519Kyber768Draft00 is not an authenticeted KEM and does not support AuthEncap() or AuthDecap(), see Section 1.2.¶
We aim for IND-CCA2 robustness: that means that if either constituent KEM is not IND-CCA2 secure, but the other is, the combined hybrid remains IND-CCA2 secure.¶
In general [GHP18] [COMBINERS] this requires a combiner that mixes in the cipher texts, such as, assuming fixed-length cipher texts and shared secrets:¶
HKDF(concat(ss1, ss2, enc1, enc2)).¶
In the present case, DHKEM(X25519, -) and Kyber768Draft00 already mix in the respective cipher texts into their shared secrets. Thus we can forgo mixing in the cipher texts a second time.¶
Furthermore, in HPKE, the shared secret is never used directly, but passed through HKDF (via KeySchedule), and thus we can forgo the call to HKDF as well.¶
This document requests/registers a new entry to the "HPKE KEM Identifiers" registry.¶
The authors would like to thank P. Kampanakis, I. Liusvaara, T. Wiggers, S. Farrell, and R. Siles for their input.¶
RFC Editor's Note: Please remove this section prior to publication of a final version of this document.¶
Corrected missing (empty) info parameter to LabeledExpand.¶
This section contains test vectors formatted similary to that which are found in [RFC9180], with two changes. First, we only provide vectors for the non-authenticated modes of operation. Secondly, as Kyber encapsulation does not involve an ephemeral keypair, we omit the ikmE, skEm, pkEm entries and provide an ier entry instead. The value of ier is the randomness used to encapsulate. To wit: the ephemeral X25519 keypair used in DHKEM.Encap() is DHKEM.DeriveKeyPair(ier[0:32]) and ier[32:64] is the seed that is fed to H in the first step of Kyber encapsulation [KYBER].¶
mode: 0 kem_id: 48 kdf_id: 1 aead_id: 1 info: 486561722068656172 ikmR: 3cb1eea988004b93103cfb0aeefd2a686e01fa4a58e8a3639ca8a1e3f9ae57e2 pkRm: a3aa882fee0de0059cec0569c8e1b4872fb6cb4d82361b72ee1148dc7ddc0c 2b210747403222b16597f4881d694c12366c53fde2b3d346b7ee87b16dd42f44ec59 4cea6ba78b256092cbbc16baaf6ccc46f2386da22de9d142f593739eb9c245018e0c 61975514ac42639d3c5b0299b772acd59d55520a5d660f135075e33a673fd5b9e2d5 6803889fc62b0362f8cbe9990cb36b4cdef17586c8cc58d72d84fb9398f1c1efb0a6 282508083c23965a9851acb89afc723e7a6c60bc4007a41ad1950c4590a2f8d2bb3b 832f5db1707ad8bad1c4c426aaa7da97b34a921283415851f19b0f01ca3924754dba 6596f9329454b1e3d9b5f357a66c59bf5fc4a045908b5eb107d3302f0cb9be0af958 4846c1475b92d3c16051935dc7411acaa64c80c836b0643fd72b38cb0a33feb11f48 13b66f705268b3838b8974e28c12b4f9bbc8623c936b32a015262d4a33172b7f3a69 b6c2fab5a3c18ffdab2927e77598d1556d51a8559550c251796290b617ac9804167b d9a76e9d8bba64059d165acfe2483e9ed0cbc11cb71dd148776aa1cb862ce2b1026e 773600d101a300671a70710a877a5c1732275c362085b2b8cc66206b3ec37c82ac87 3d1ec1862a8aa457fc9776960b396c23768c931cdc77731792c569c2088c52ddb5cc 0c90ab9187c1e0ca2c98818859aa86fe44801be483cc1469d636cd3e019267c1cc68 4640359ca67c5abd1dc100c4d3c5924acf1b988d3b5019e7b06ef238412b7608dd23 115c6047a59b4b1d7a731126925728c645c140aa4704c1b808b6c401be736bf18bb7 d654342c6576236565c6c5b0727b25ae773c5fb76be794304dc1b672aa5909659b6b b8a1f430a141882b0f9753662794e625885782154dc148e632b6b2079087958d83c6 c82cf55a47eb4ed819a409d94ceb0c74e8d497b95975a0a5c659f5bf0a033d2adca9 8a693304413fff95342319a09fd62f263b91a2c6540d2196dd2ba90dd113042428ae eb15156c03949660776b80bc1501b0d80a946a623906291ed3668f3c99c1889d3ae3 c59819c38f6b0c46558c2ca520c2107c166452b917cea53bb50c4cb839a99f60e54e 9236c6a419a8de5508f4e3545409499b97939ee940a9d48ed5547003350e391b4c96 d657cb395b5c035370e9c8ece32c83b3cff347ca16bb1e2943669f370f48e70462d4 369a07804bc09fcf399bc2d11b47b0370660916944a179423519a310cc0737407c55 ef09255530c7ec817999c95e20aa23f8f6782aa820d34c89c2299ff0ec9a9021b6f7 dbbd19503fa6f170d8770e12875d558bbb2ca66fd1136e0e5729ef30346109cd289a 1ce0c531a493581ed64533e1749fc818b85ab664255bbfe4a641f6bdf43ac1695c28 ab2b58b3bab5bed5893439455b669b63d65ceff75b8c5857f4ba5cf767cf57aa8e28 691cc6dc67fca434e3b1560c6c53ce37c2a2f14764c1cf1e5697cd8757a544b05b76 6f4400cef7ecc46ec29a1d679d7fe385c4366579db06d1d840c9911fab8b6b5df203 5cb95410f79b861411b4eb5a4119208f8872674639617452f6b6394c94c6d6f5b833 690dd98406b5e7c0827b1a3617a03ba90c3d185a954252f1ba5b157a3f61749548e2 81fc543dec205e757932bcc717b99b7df7123500f3bcc660c080093b3fbac56ff51b 9c3b037f76e3f43c0e46b5588cf617f4de85044390a9947daacba87cd5 skRm: cf61f1a7b05c83f9c2a4b27dc0e9bdbf4e52ba1bbd906cb3776ac12268a9f4 d0c348342d192f0458ab53d19c1dc135d11b48978c878bca6d7d1bc91428259e43aa dc9700b76aa9aa66a65db91a77d72513e40697226557b53400bb6752fb4e11a5ba2f e12644698a48c9948ec121cc9c9ce7384c65f798012c9df8f5ac0cd371d7d19d9a24 c30cb0909c665e43c89328735fe95a62653352fad3cfe6330b436a4f72c9ac9323ba bd912cf5970222eb0dd178c810bcc79beba0813039ec4333c33b13d4cc5183b6b14d c09cb9604d46242353a1a1df82999e4a4929f28f498c330d552ac64156cf123cceeb bccf81b2fd86218f2a9112040943a359d7a858cd641467e54b25f03d66b9a150fbcf 3f19bbd1791abec47269b2a72f4083a79c2559fbb6d0500208a78baa7392874443c3 9c38577b4c40db6220ca5c84b148ffb344164c723df1c0fb37ae52c0854bea023e2a 45efaa8869c924ecf360008607e7079187978fdac30e8b76a3110349de272b25f549 0dc87e3d8caf59a5a51a57230ea702dfda0f5d2c0fe94442254834b0f6aa71852601 a8c5b7b211f108c1de2b1092e9b89df4a9feea882aa00ab97235940924e8a81d8f83 597f72383f7a1b99c3c8481953be917fef0b44e32b0aa1f862eedc8d0d94030ae92e 73097cde1b34de9b8279293322e0b5f9564395cb4998810818544ad2025018c40deb f0b97bca2f1d861f8d5b51a2a84f35503cb37112b280ad0a4c99a2eb9c43300ce7c6 6eb89cb4443a44edc40869b8c2d90c5d484554557c408da7b46752bec14876815334 b783207f60943d1738b5183d64394e27bb8f1dbb6ed9c58aa338171967bf5a613e91 94c13395573615cee02012438a68aa104afd56a943d05caefc7f20a0104e2cced2a5 191a1a68fe431920e1844a8154fc42a73d70c82f26846ec332fda50c340c1c503796 5daaccd3cacfcab3c85a7516d712890fd6a2b1f5cb7c745cf1798dc0a49ed7571763 0c78d56bb8db272a85a009b2685ca9f4840c948226d224de1a0385565e569b8901c4 508ae7b9214b88b6c2ac63807710d85e593a01ba20541cd03fa8364b4cb79f110745 b30818521a7d0b6015a20483dde33188e94fc4aa224558bd53d384a9f6916964bbef 0b0770b11e7b4117f41639bbe0c9ce119c8f8aab451608c2f06a8cd85f37519b7e3c 1f9f07a6449059a972260cf80c23e52fe1b559e11c723b2618752672bfab67305358 e7f048960475f1c720d8ba5fe4883981065c462c5062757bddd2666de67265990d00 53229693a8bfd8811c84494853095c875639dcbcfcc02785910e35643f5bb4b0aa59 af7a86ae94dcc01f952eb1d151c4ba1aa4da02c100b461904229f7b11aac35d307ab 187255baa32eed32b3b262aaf2db6019089ad4250079280a0efb109ab27a364135ac 3067ace5c82dea1fafb04dfedba9fabc196832878eb7b4314556e8aa8210e2c72959 723e23176b703d4db42aabba62229790f6a743a2ec3c43dc8dbe0b4c36dc2323ec0e f21c116941b43bb12763460eed032a7a039185e36dcbf69d88f645e6728d3ba79dae 0a25ddd4c3a8bba8334aa8fb6658a9dca99a8cc6362745d6080b0fd8af6af71e9f75 2d7b763035ec40c0fc98326081ea4c36cdf992e73a16719b9fb7c06e6c1bb7210747 403222b16597f4881d694c12366c53fde2b3d346b7ee87b16dd42f44ec594cea6ba7 8b256092cbbc16baaf6ccc46f2386da22de9d142f593739eb9c245018e0c61975514 ac42639d3c5b0299b772acd59d55520a5d660f135075e33a673fd5b9e2d56803889f c62b0362f8cbe9990cb36b4cdef17586c8cc58d72d84fb9398f1c1efb0a628250808 3c23965a9851acb89afc723e7a6c60bc4007a41ad1950c4590a2f8d2bb3b832f5db1 707ad8bad1c4c426aaa7da97b34a921283415851f19b0f01ca3924754dba6596f932 9454b1e3d9b5f357a66c59bf5fc4a045908b5eb107d3302f0cb9be0af9584846c147 5b92d3c16051935dc7411acaa64c80c836b0643fd72b38cb0a33feb11f4813b66f70 5268b3838b8974e28c12b4f9bbc8623c936b32a015262d4a33172b7f3a69b6c2fab5 a3c18ffdab2927e77598d1556d51a8559550c251796290b617ac9804167bd9a76e9d 8bba64059d165acfe2483e9ed0cbc11cb71dd148776aa1cb862ce2b1026e773600d1 01a300671a70710a877a5c1732275c362085b2b8cc66206b3ec37c82ac873d1ec186 2a8aa457fc9776960b396c23768c931cdc77731792c569c2088c52ddb5cc0c90ab91 87c1e0ca2c98818859aa86fe44801be483cc1469d636cd3e019267c1cc684640359c a67c5abd1dc100c4d3c5924acf1b988d3b5019e7b06ef238412b7608dd23115c6047 a59b4b1d7a731126925728c645c140aa4704c1b808b6c401be736bf18bb7d654342c 6576236565c6c5b0727b25ae773c5fb76be794304dc1b672aa5909659b6bb8a1f430 a141882b0f9753662794e625885782154dc148e632b6b2079087958d83c6c82cf55a 47eb4ed819a409d94ceb0c74e8d497b95975a0a5c659f5bf0a033d2adca98a693304 413fff95342319a09fd62f263b91a2c6540d2196dd2ba90dd113042428aeeb15156c 03949660776b80bc1501b0d80a946a623906291ed3668f3c99c1889d3ae3c59819c3 8f6b0c46558c2ca520c2107c166452b917cea53bb50c4cb839a99f60e54e9236c6a4 19a8de5508f4e3545409499b97939ee940a9d48ed5547003350e391b4c96d657cb39 5b5c035370e9c8ece32c83b3cff347ca16bb1e2943669f370f48e70462d4369a0780 4bc09fcf399bc2d11b47b0370660916944a179423519a310cc0737407c55ef092555 30c7ec817999c95e20aa23f8f6782aa820d34c89c2299ff0ec9a9021b6f7dbbd1950 3fa6f170d8770e12875d558bbb2ca66fd1136e0e5729ef30346109cd289a1ce0c531 a493581ed64533e1749fc818b85ab664255bbfe4a641f6bdf43ac1695c28ab2b58b3 bab5bed5893439455b669b63d65ceff75b8c5857f4ba5cf767cf57aa8e28691cc6dc 67fca434e3b1560c6c53ce37c2a2f14764c1cf1e5697cd8757a544b05b766f4400ce f7ecc46ec29a1d679d7fe385c4366579db06d1d840c9911fab8b6b5df2035cb95410 f79b861411b4eb5a4119208f8872674639617452f6b6394c94c6d6f5b833690dd984 06b5e7c0827b1a3617a03ba90c3d185a954252f1ba5b157a3f61749548e281fc543d ec205e757932bcc717b99b7df7123500f3bcc660c080093b3fbac56ff51b9c3b037f 76e3f43c0e46b5588cf617f4de85044390a9947daacba87cd5137b60651b30bf805d a1597faef1bc8b2645cda273144c4af1d13eaa2ad9101c7b58b14601aff81754afc7 76f8b7f7b9324d420b66706b96ea7f99f8fa11bed3 ier: 35b8cc873c23dc62b8d260169afa2f75ab916a58d974918835d25e6a435085b 2badfd6dfaac359a5efbb7bcc4b59d538df9a04302e10c8bc1cbf1a0b3a5120ea enc: 1d06980e46fd3842db6b87226231eedd2cc9684ee98a1d9d902bd9300e2c4d4 1b64fba47a50fe32dd0df3b0a75801c11022cd98a6ff5a83a8472ade82bdd6f1e8a6 5a94a88523ada0d8275165f707f1067a6a576e54525d9141e95223f5713456bda7ec 5eb558adfc6b7f0d80de46222579a3274e45ab43fad14f7e9855a872d2716e8dc78d 4c12027bef3184904476c8961552fd031361358f2d9deae8ad98194047a142229476 12972574c57514266e9e67a3b6dd89972cc8a0882be7474f4923549dfcd944dcbe58 b088079aa8b70c8f291cb4e45066bad4a832ccd8f40e51861f7a25b6a2358842f1bb e8108a6a6f0ae93153a2e7f9f53e180a90532531a632367b81bf08ed97effcf0140d d0e92cc438f6be7e6f3d97a9f7787f7e3981f971617f0bfb618caa7db1e453f33a38 6c3863b16d462229c41f4946b49e4e49c27e0f35d77e21304b6ad238a55a51e9e370 dd39e713d626044fb970bb7c2af7d7b9cb9004394741a0ea2de592816359006f24ab dfc2aa890720b00b2f7b8bb240120f22bdb84f9fc5c8fdc7ca7047ae633868c184c4 d75e9e107eb9c6d8fe879415926457d818bc31e88b87a5881584a5650859e88b06fa a2cfe1bde95dfa344af14f214cedecde4d89c87334c33e2d7ee3ab40d5df396cf0ff 5a99588e0dcd205f1d876b380b963f5baccc0baeae569892a8d252f5eeeb7c751f66 3eb906ac99a165656224281add3ab271ff4f406b6932cbf1afff62109794f52ff3e7 23f5cdd706e3715d1d2d421bdac73fa047b5d9761569534fb2dd57b86a608f79db7d 4ab99847490e76eaf0c683bdc54d12f2f2664a79de6a2f25bec3f43584f98ec41ad3 fb19ba5ba936c3c893e9c0994b412ba3d07329086c20b04e1cd1d9b4f24a82f8c1f7 b5db58b4056a4b4e27b60c957f5af8081bffab98d8455cab97e35042ed636c995931 fd304b3d02fcf545df360cc421be64adc3d7a121ea75ab3440a9eba74fba1c5b40bd b66b54583ff2f76304ccaeae99ed94fb332d30d771fe0e45acb9e966f497b1629f5a 5df15cea507d2fd1aa045a171e84bec932e4049639477f16fb9afdd107668f9b3531 c3c7eb1d67753ac652c575b526e6f2965f1e4500e99f38ae1d34bce151a68e278f14 405ad76f580b549d025b03be98b6a737f10238b9f84f1694173544ba2c97f811a174 85129a146084bc5382e2086aaf51b11a4918bdb5485bf28a9be2d2c9d69468268fa0 4fa071c39942b43a0caf561278cfc1b47781fa9ef559f86b2dad703141b78b7ddb35 c9c9ff4c1134580da26367dbf3db7eaf039dfbae238959c4cf55d40d78a2c5597ba0 38f2be5f994d60c79e8a92121fb0488eef9690d550ef9fa40b1774221aac8c8c1dcf 97faa07c28e840feb9daf0bf3bed277a6e10a33490c0bee7e5fa318638f5b80a2272 700e591ffc14985d0ed19876725c2bec9356b45ca96d295e30bce86effc626a2bd78 39af05ae373801af510cfb378ce42088607909c91ceb4a90e4d7b2b6288b9cdfa262 570ffda8692b58f0b05a7c7899a717a3a97b6e64489f56323b000793f807ca75ca99 1 shared_secret: 1368d71518fadbe42fb75fbd356e016b0aaad6b4d3d91ce7f2070 73e4fb08c537217aba238aea92a7f855820518a8342b3a31f82ebbcdb479f33ad82b dcdc953 key_schedule_context: 009f749a195d1c8b3eaa8d5c3f571dc7231aafbbc0405e 4b484738352667c484867584e32e844cdf74d17b4ee224cc521bbc8bed221f21f34f 8ccc9842772686cb secret: 95f863934be4d0ef683770c7bd385839d19e525b467a332f47ae715c54183e1d key: 6bb5532badb078ce8f326daa6cfaef84 base_nonce: ff2b9a604a84754614e9e772 exporter_secret: fb6ca36cfb7881cf11dbcb8fde201f698f80d0b941b642bc0a6a3101c97b7fad¶
sequence number: 0 pt: 546f2074686520756e6976657273616c206465706c6f796d656e74206f6620505143 aad: 436f756e742d30 nonce: ff2b9a604a84754614e9e772 ct: a78ab8f057becc31cb3a5cff2fe2b18983b93ce74c6e7c45e0a57c4acc1976ee f755c08547564ceede3e5169f959ea6ad498 sequence number: 1 pt: 546f2074686520756e6976657273616c206465706c6f796d656e74206f6620505143 aad: 436f756e742d31 nonce: ff2b9a604a84754614e9e773 ct: c7e392bb20d256f0020ba0888996c4b0e2518b486ad5873263834e7f30fc43e6 f712ee8e42846179db284a56baba6252d38f sequence number: 2 pt: 546f2074686520756e6976657273616c206465706c6f796d656e74206f6620505143 aad: 436f756e742d32 nonce: ff2b9a604a84754614e9e770 ct: 86eeadf1593871435b643b7dde3d5a18b4dcb8d706c21abb69ae057af2a788a6 72198d46facadd396fa9fa6e1072c43a4f74 sequence number: 4 pt: 546f2074686520756e6976657273616c206465706c6f796d656e74206f6620505143 aad: 436f756e742d34 nonce: ff2b9a604a84754614e9e776 ct: 4aef2a67f307cb23dbe6d9ea2875add1e4bb0db6519836a2f1adca1d75a33bef 6df198b63f916385107677eef4e542e2c337 sequence number: 255 pt: 546f2074686520756e6976657273616c206465706c6f796d656e74206f6620505143 aad: 436f756e742d323535 nonce: ff2b9a604a84754614e9e78d ct: 94ab72b1e767b26e3cd2b2a862bdc52cdcb4140fc7b0133e4ca4f6c65b190527 1c971d2b5092204825683191f2ecdd0ec4e1 sequence number: 256 pt: 546f2074686520756e6976657273616c206465706c6f796d656e74206f6620505143 aad: 436f756e742d323536 nonce: ff2b9a604a84754614e9e672 ct: ca0612fa2d3b4ff5c6daafddbc9a359efd44ca3ffe2385d63ba1b4fb5b75b89d e55355dc4132399d3e7ae2676c4fb52418df¶
exporter_context: L: 32 exported_value: 0d15e6f37d0791a924c5b8a5c766db83d95703ddae889e6240c73926168ae6a8 exporter_context: 00 L: 32 exported_value: 6f7bc144a46519b718c93a86a4ce74dad186816c88791eeee4f39fd0a2dbcef2 exporter_context: 54657374436f6e74657874 L: 32 exported_value: 3a0064f88b02de081e9d5f4398093e016b00b01816db91f0686d50330a9886b2¶
mode: 1 kem_id: 48 kdf_id: 1 aead_id: 1 info: 486561722068656172 ikmR: 3cb1eea988004b93103cfb0aeefd2a686e01fa4a58e8a3639ca8a1e3f9ae57e2 pkRm: a3aa882fee0de0059cec0569c8e1b4872fb6cb4d82361b72ee1148dc7ddc0c 2b210747403222b16597f4881d694c12366c53fde2b3d346b7ee87b16dd42f44ec59 4cea6ba78b256092cbbc16baaf6ccc46f2386da22de9d142f593739eb9c245018e0c 61975514ac42639d3c5b0299b772acd59d55520a5d660f135075e33a673fd5b9e2d5 6803889fc62b0362f8cbe9990cb36b4cdef17586c8cc58d72d84fb9398f1c1efb0a6 282508083c23965a9851acb89afc723e7a6c60bc4007a41ad1950c4590a2f8d2bb3b 832f5db1707ad8bad1c4c426aaa7da97b34a921283415851f19b0f01ca3924754dba 6596f9329454b1e3d9b5f357a66c59bf5fc4a045908b5eb107d3302f0cb9be0af958 4846c1475b92d3c16051935dc7411acaa64c80c836b0643fd72b38cb0a33feb11f48 13b66f705268b3838b8974e28c12b4f9bbc8623c936b32a015262d4a33172b7f3a69 b6c2fab5a3c18ffdab2927e77598d1556d51a8559550c251796290b617ac9804167b d9a76e9d8bba64059d165acfe2483e9ed0cbc11cb71dd148776aa1cb862ce2b1026e 773600d101a300671a70710a877a5c1732275c362085b2b8cc66206b3ec37c82ac87 3d1ec1862a8aa457fc9776960b396c23768c931cdc77731792c569c2088c52ddb5cc 0c90ab9187c1e0ca2c98818859aa86fe44801be483cc1469d636cd3e019267c1cc68 4640359ca67c5abd1dc100c4d3c5924acf1b988d3b5019e7b06ef238412b7608dd23 115c6047a59b4b1d7a731126925728c645c140aa4704c1b808b6c401be736bf18bb7 d654342c6576236565c6c5b0727b25ae773c5fb76be794304dc1b672aa5909659b6b b8a1f430a141882b0f9753662794e625885782154dc148e632b6b2079087958d83c6 c82cf55a47eb4ed819a409d94ceb0c74e8d497b95975a0a5c659f5bf0a033d2adca9 8a693304413fff95342319a09fd62f263b91a2c6540d2196dd2ba90dd113042428ae eb15156c03949660776b80bc1501b0d80a946a623906291ed3668f3c99c1889d3ae3 c59819c38f6b0c46558c2ca520c2107c166452b917cea53bb50c4cb839a99f60e54e 9236c6a419a8de5508f4e3545409499b97939ee940a9d48ed5547003350e391b4c96 d657cb395b5c035370e9c8ece32c83b3cff347ca16bb1e2943669f370f48e70462d4 369a07804bc09fcf399bc2d11b47b0370660916944a179423519a310cc0737407c55 ef09255530c7ec817999c95e20aa23f8f6782aa820d34c89c2299ff0ec9a9021b6f7 dbbd19503fa6f170d8770e12875d558bbb2ca66fd1136e0e5729ef30346109cd289a 1ce0c531a493581ed64533e1749fc818b85ab664255bbfe4a641f6bdf43ac1695c28 ab2b58b3bab5bed5893439455b669b63d65ceff75b8c5857f4ba5cf767cf57aa8e28 691cc6dc67fca434e3b1560c6c53ce37c2a2f14764c1cf1e5697cd8757a544b05b76 6f4400cef7ecc46ec29a1d679d7fe385c4366579db06d1d840c9911fab8b6b5df203 5cb95410f79b861411b4eb5a4119208f8872674639617452f6b6394c94c6d6f5b833 690dd98406b5e7c0827b1a3617a03ba90c3d185a954252f1ba5b157a3f61749548e2 81fc543dec205e757932bcc717b99b7df7123500f3bcc660c080093b3fbac56ff51b 9c3b037f76e3f43c0e46b5588cf617f4de85044390a9947daacba87cd5 skRm: cf61f1a7b05c83f9c2a4b27dc0e9bdbf4e52ba1bbd906cb3776ac12268a9f4 d0c348342d192f0458ab53d19c1dc135d11b48978c878bca6d7d1bc91428259e43aa dc9700b76aa9aa66a65db91a77d72513e40697226557b53400bb6752fb4e11a5ba2f e12644698a48c9948ec121cc9c9ce7384c65f798012c9df8f5ac0cd371d7d19d9a24 c30cb0909c665e43c89328735fe95a62653352fad3cfe6330b436a4f72c9ac9323ba bd912cf5970222eb0dd178c810bcc79beba0813039ec4333c33b13d4cc5183b6b14d c09cb9604d46242353a1a1df82999e4a4929f28f498c330d552ac64156cf123cceeb bccf81b2fd86218f2a9112040943a359d7a858cd641467e54b25f03d66b9a150fbcf 3f19bbd1791abec47269b2a72f4083a79c2559fbb6d0500208a78baa7392874443c3 9c38577b4c40db6220ca5c84b148ffb344164c723df1c0fb37ae52c0854bea023e2a 45efaa8869c924ecf360008607e7079187978fdac30e8b76a3110349de272b25f549 0dc87e3d8caf59a5a51a57230ea702dfda0f5d2c0fe94442254834b0f6aa71852601 a8c5b7b211f108c1de2b1092e9b89df4a9feea882aa00ab97235940924e8a81d8f83 597f72383f7a1b99c3c8481953be917fef0b44e32b0aa1f862eedc8d0d94030ae92e 73097cde1b34de9b8279293322e0b5f9564395cb4998810818544ad2025018c40deb f0b97bca2f1d861f8d5b51a2a84f35503cb37112b280ad0a4c99a2eb9c43300ce7c6 6eb89cb4443a44edc40869b8c2d90c5d484554557c408da7b46752bec14876815334 b783207f60943d1738b5183d64394e27bb8f1dbb6ed9c58aa338171967bf5a613e91 94c13395573615cee02012438a68aa104afd56a943d05caefc7f20a0104e2cced2a5 191a1a68fe431920e1844a8154fc42a73d70c82f26846ec332fda50c340c1c503796 5daaccd3cacfcab3c85a7516d712890fd6a2b1f5cb7c745cf1798dc0a49ed7571763 0c78d56bb8db272a85a009b2685ca9f4840c948226d224de1a0385565e569b8901c4 508ae7b9214b88b6c2ac63807710d85e593a01ba20541cd03fa8364b4cb79f110745 b30818521a7d0b6015a20483dde33188e94fc4aa224558bd53d384a9f6916964bbef 0b0770b11e7b4117f41639bbe0c9ce119c8f8aab451608c2f06a8cd85f37519b7e3c 1f9f07a6449059a972260cf80c23e52fe1b559e11c723b2618752672bfab67305358 e7f048960475f1c720d8ba5fe4883981065c462c5062757bddd2666de67265990d00 53229693a8bfd8811c84494853095c875639dcbcfcc02785910e35643f5bb4b0aa59 af7a86ae94dcc01f952eb1d151c4ba1aa4da02c100b461904229f7b11aac35d307ab 187255baa32eed32b3b262aaf2db6019089ad4250079280a0efb109ab27a364135ac 3067ace5c82dea1fafb04dfedba9fabc196832878eb7b4314556e8aa8210e2c72959 723e23176b703d4db42aabba62229790f6a743a2ec3c43dc8dbe0b4c36dc2323ec0e f21c116941b43bb12763460eed032a7a039185e36dcbf69d88f645e6728d3ba79dae 0a25ddd4c3a8bba8334aa8fb6658a9dca99a8cc6362745d6080b0fd8af6af71e9f75 2d7b763035ec40c0fc98326081ea4c36cdf992e73a16719b9fb7c06e6c1bb7210747 403222b16597f4881d694c12366c53fde2b3d346b7ee87b16dd42f44ec594cea6ba7 8b256092cbbc16baaf6ccc46f2386da22de9d142f593739eb9c245018e0c61975514 ac42639d3c5b0299b772acd59d55520a5d660f135075e33a673fd5b9e2d56803889f c62b0362f8cbe9990cb36b4cdef17586c8cc58d72d84fb9398f1c1efb0a628250808 3c23965a9851acb89afc723e7a6c60bc4007a41ad1950c4590a2f8d2bb3b832f5db1 707ad8bad1c4c426aaa7da97b34a921283415851f19b0f01ca3924754dba6596f932 9454b1e3d9b5f357a66c59bf5fc4a045908b5eb107d3302f0cb9be0af9584846c147 5b92d3c16051935dc7411acaa64c80c836b0643fd72b38cb0a33feb11f4813b66f70 5268b3838b8974e28c12b4f9bbc8623c936b32a015262d4a33172b7f3a69b6c2fab5 a3c18ffdab2927e77598d1556d51a8559550c251796290b617ac9804167bd9a76e9d 8bba64059d165acfe2483e9ed0cbc11cb71dd148776aa1cb862ce2b1026e773600d1 01a300671a70710a877a5c1732275c362085b2b8cc66206b3ec37c82ac873d1ec186 2a8aa457fc9776960b396c23768c931cdc77731792c569c2088c52ddb5cc0c90ab91 87c1e0ca2c98818859aa86fe44801be483cc1469d636cd3e019267c1cc684640359c a67c5abd1dc100c4d3c5924acf1b988d3b5019e7b06ef238412b7608dd23115c6047 a59b4b1d7a731126925728c645c140aa4704c1b808b6c401be736bf18bb7d654342c 6576236565c6c5b0727b25ae773c5fb76be794304dc1b672aa5909659b6bb8a1f430 a141882b0f9753662794e625885782154dc148e632b6b2079087958d83c6c82cf55a 47eb4ed819a409d94ceb0c74e8d497b95975a0a5c659f5bf0a033d2adca98a693304 413fff95342319a09fd62f263b91a2c6540d2196dd2ba90dd113042428aeeb15156c 03949660776b80bc1501b0d80a946a623906291ed3668f3c99c1889d3ae3c59819c3 8f6b0c46558c2ca520c2107c166452b917cea53bb50c4cb839a99f60e54e9236c6a4 19a8de5508f4e3545409499b97939ee940a9d48ed5547003350e391b4c96d657cb39 5b5c035370e9c8ece32c83b3cff347ca16bb1e2943669f370f48e70462d4369a0780 4bc09fcf399bc2d11b47b0370660916944a179423519a310cc0737407c55ef092555 30c7ec817999c95e20aa23f8f6782aa820d34c89c2299ff0ec9a9021b6f7dbbd1950 3fa6f170d8770e12875d558bbb2ca66fd1136e0e5729ef30346109cd289a1ce0c531 a493581ed64533e1749fc818b85ab664255bbfe4a641f6bdf43ac1695c28ab2b58b3 bab5bed5893439455b669b63d65ceff75b8c5857f4ba5cf767cf57aa8e28691cc6dc 67fca434e3b1560c6c53ce37c2a2f14764c1cf1e5697cd8757a544b05b766f4400ce f7ecc46ec29a1d679d7fe385c4366579db06d1d840c9911fab8b6b5df2035cb95410 f79b861411b4eb5a4119208f8872674639617452f6b6394c94c6d6f5b833690dd984 06b5e7c0827b1a3617a03ba90c3d185a954252f1ba5b157a3f61749548e281fc543d ec205e757932bcc717b99b7df7123500f3bcc660c080093b3fbac56ff51b9c3b037f 76e3f43c0e46b5588cf617f4de85044390a9947daacba87cd5137b60651b30bf805d a1597faef1bc8b2645cda273144c4af1d13eaa2ad9101c7b58b14601aff81754afc7 76f8b7f7b9324d420b66706b96ea7f99f8fa11bed3 ier: 35b8cc873c23dc62b8d260169afa2f75ab916a58d974918835d25e6a435085b 2badfd6dfaac359a5efbb7bcc4b59d538df9a04302e10c8bc1cbf1a0b3a5120ea psk: 7f9c2ba4e88f827d616045507605853ed73b8093f6efbc88eb1a6eacfa66ef26 psk_id: 6265666f7265206576657279626f647920666f72206576657279626f6479 20666f722065766572797468696e67 enc: 1d06980e46fd3842db6b87226231eedd2cc9684ee98a1d9d902bd9300e2c4d4 1b64fba47a50fe32dd0df3b0a75801c11022cd98a6ff5a83a8472ade82bdd6f1e8a6 5a94a88523ada0d8275165f707f1067a6a576e54525d9141e95223f5713456bda7ec 5eb558adfc6b7f0d80de46222579a3274e45ab43fad14f7e9855a872d2716e8dc78d 4c12027bef3184904476c8961552fd031361358f2d9deae8ad98194047a142229476 12972574c57514266e9e67a3b6dd89972cc8a0882be7474f4923549dfcd944dcbe58 b088079aa8b70c8f291cb4e45066bad4a832ccd8f40e51861f7a25b6a2358842f1bb e8108a6a6f0ae93153a2e7f9f53e180a90532531a632367b81bf08ed97effcf0140d d0e92cc438f6be7e6f3d97a9f7787f7e3981f971617f0bfb618caa7db1e453f33a38 6c3863b16d462229c41f4946b49e4e49c27e0f35d77e21304b6ad238a55a51e9e370 dd39e713d626044fb970bb7c2af7d7b9cb9004394741a0ea2de592816359006f24ab dfc2aa890720b00b2f7b8bb240120f22bdb84f9fc5c8fdc7ca7047ae633868c184c4 d75e9e107eb9c6d8fe879415926457d818bc31e88b87a5881584a5650859e88b06fa a2cfe1bde95dfa344af14f214cedecde4d89c87334c33e2d7ee3ab40d5df396cf0ff 5a99588e0dcd205f1d876b380b963f5baccc0baeae569892a8d252f5eeeb7c751f66 3eb906ac99a165656224281add3ab271ff4f406b6932cbf1afff62109794f52ff3e7 23f5cdd706e3715d1d2d421bdac73fa047b5d9761569534fb2dd57b86a608f79db7d 4ab99847490e76eaf0c683bdc54d12f2f2664a79de6a2f25bec3f43584f98ec41ad3 fb19ba5ba936c3c893e9c0994b412ba3d07329086c20b04e1cd1d9b4f24a82f8c1f7 b5db58b4056a4b4e27b60c957f5af8081bffab98d8455cab97e35042ed636c995931 fd304b3d02fcf545df360cc421be64adc3d7a121ea75ab3440a9eba74fba1c5b40bd b66b54583ff2f76304ccaeae99ed94fb332d30d771fe0e45acb9e966f497b1629f5a 5df15cea507d2fd1aa045a171e84bec932e4049639477f16fb9afdd107668f9b3531 c3c7eb1d67753ac652c575b526e6f2965f1e4500e99f38ae1d34bce151a68e278f14 405ad76f580b549d025b03be98b6a737f10238b9f84f1694173544ba2c97f811a174 85129a146084bc5382e2086aaf51b11a4918bdb5485bf28a9be2d2c9d69468268fa0 4fa071c39942b43a0caf561278cfc1b47781fa9ef559f86b2dad703141b78b7ddb35 c9c9ff4c1134580da26367dbf3db7eaf039dfbae238959c4cf55d40d78a2c5597ba0 38f2be5f994d60c79e8a92121fb0488eef9690d550ef9fa40b1774221aac8c8c1dcf 97faa07c28e840feb9daf0bf3bed277a6e10a33490c0bee7e5fa318638f5b80a2272 700e591ffc14985d0ed19876725c2bec9356b45ca96d295e30bce86effc626a2bd78 39af05ae373801af510cfb378ce42088607909c91ceb4a90e4d7b2b6288b9cdfa262 570ffda8692b58f0b05a7c7899a717a3a97b6e64489f56323b000793f807ca75ca99 1 shared_secret: 1368d71518fadbe42fb75fbd356e016b0aaad6b4d3d91ce7f2070 73e4fb08c537217aba238aea92a7f855820518a8342b3a31f82ebbcdb479f33ad82b dcdc953 key_schedule_context: 011c0e82b54d88402f8c14c546eb2c5d2ddf5c0ad00953 b8c7917e143a660122927584e32e844cdf74d17b4ee224cc521bbc8bed221f21f34f 8ccc9842772686cb secret: 2398d859cca13a8e024a4303015d07b426f886cfb160104808d46afa3ed65c5d key: 2abc7960081169220e5316e8b4ca25c8 base_nonce: 9f4404e9a8a83dcdad85aaa4 exporter_secret: 37c64a38386a73522e517063be8e5dbac2dda13748e7e0204ef4781d37db91b2¶
sequence number: 0 pt: 546f2074686520756e6976657273616c206465706c6f796d656e74206f6620505143 aad: 436f756e742d30 nonce: 9f4404e9a8a83dcdad85aaa4 ct: 59ae4c0fe132882496ee546c59db8887d0ffa1e81c024f9f306e336c8b515aef c100de05caad51b224b8446424371610e94f sequence number: 1 pt: 546f2074686520756e6976657273616c206465706c6f796d656e74206f6620505143 aad: 436f756e742d31 nonce: 9f4404e9a8a83dcdad85aaa5 ct: 12ae854754ecf26efccd9a3d9006ccea7e58394314ac63537f71fa373475c9b5 def50550bd386a62a9f93dbb482aad08b83d sequence number: 2 pt: 546f2074686520756e6976657273616c206465706c6f796d656e74206f6620505143 aad: 436f756e742d32 nonce: 9f4404e9a8a83dcdad85aaa6 ct: 44dfad98e654637c47ea943787622c39cff096515d95124947b93962d570fb09 8a725a681c00bd95329ae7c87e7476a14c23 sequence number: 4 pt: 546f2074686520756e6976657273616c206465706c6f796d656e74206f6620505143 aad: 436f756e742d34 nonce: 9f4404e9a8a83dcdad85aaa0 ct: b4daec06cb05cad7987257b000662e329879885981431d8758167449912f4862 73621502cb6b8917259d43c0741c2221157f sequence number: 255 pt: 546f2074686520756e6976657273616c206465706c6f796d656e74206f6620505143 aad: 436f756e742d323535 nonce: 9f4404e9a8a83dcdad85aa5b ct: a45db83de0836912b692a3ceb870d4ada3c59813031e52b7efd511bdb3766d70 94c556ca067adefea6c1690c226a12ddd7d0 sequence number: 256 pt: 546f2074686520756e6976657273616c206465706c6f796d656e74206f6620505143 aad: 436f756e742d323536 nonce: 9f4404e9a8a83dcdad85aba4 ct: aa047d5fa79b00a1d70f8044136c3717eeb86913e50092784b750020a51f410d b12e47de6a7bae1596e6d21347a82cdc5ecd¶
exporter_context: L: 32 exported_value: 887a3f1c8097a127f3178ada5c83ba8c3c335b45b4b4be18a7885b669f7ba1e5 exporter_context: 00 L: 32 exported_value: faf29bee28fb70c380b1495afec1f0f3ab26552b3c9b1ae4beddfd005f388562 exporter_context: 54657374436f6e74657874 L: 32 exported_value: 4e8ef9bdec7cec015c62d863681245dd630ed8c9debccc5bbea1d97e1c651261¶