On Thu, 26 Jun 2025 22:40:04 GMT, Weijun Wang <wei...@openjdk.org> wrote:

>> Implement HPKE as defined in https://datatracker.ietf.org/doc/rfc9180/.
>> 
>> ![HPKEParameterSpec06-27](https://github.com/user-attachments/assets/d0425a10-a312-4a95-8cee-2fbec5d83ddd)
>
> Weijun Wang has updated the pull request incrementally with two additional 
> commits since the last revision:
> 
>  - no more of()
>  - extract and expand

Hi Sebastian, the API you suggested is only the KEM step, and it should be made 
internal inside HPKE.

At the end of the day, HPKE is still a cipher. I understand the key 
encapsulation message (aka, KEM ciphertext) is different from a traditional IV, 
but they share some key characteristics:  1) generated by the sender after 
initialization, 2) cryptographically random, 3) then made public, 4) has 
critical impact on encryption result.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/18411#issuecomment-3013507967

Reply via email to