Some interesting side discussion here. I wanted to chime in to point out that HPKE is built upon the “primitives” of KEM and HKDF. As mentioned on the list, KEM is underway. I am also spearheading our effort reviving the HKDF JEP<https://bugs.openjdk.org/browse/JDK-8189808> which has gone a bit stale.
HPKE is certainly something we’re looking into as well. Once the building blocks of KEM and HKDF are in place, HPKE will ramp up next. Kevin Driver Mobile: +1.512.431.5690 Java Security Libraries Subject: Re: RFR: 8297878: KEM: Implementation Date: Thu, 13 Apr 2023 21:31:43 +0100 From: Stephen Farrell <stephen.farr...@cs.tcd.ie> To: Xue-Lei Andrew Fan <xue...@openjdk.org>, security-dev@openjdk.org Hi, Apologies for the interruption from the sidelines but I have a query if that's ok. Is there any relationship between this work and RFC1980 which defines HPKE, being a way of encrypting to a public value using a KEM? Reason to ask is HPKE is a mechanism that'll be needed for TLS Encrypted Client Hello and the MLS protocol, so it'd be a fine thing if these additions were suitable for that too. Cheers, S. PS: I implemented HPKE for OpenSSL so if there's interest in supporting that here too, I'd be happy to help a bit.
OpenPGP_0xE4D8E9F997A833DD.asc
Description: OpenPGP_0xE4D8E9F997A833DD.asc
