Paper 2023/1480

The Pre-Shared Key Modes of HPKE

Joël Alwen, AWS-Wickr
Jonas Janneck, Ruhr-Universität Bochum
Eike Kiltz, Ruhr-Universität Bochum
Benjamin Lipp, Max Planck Institute for Security and Privacy

The Hybrid Public Key Encryption (HPKE) standard was recently published as RFC 9180 by the Crypto Forum Research Group (CFRG) of the Internet Research Task Force (IRTF). The RFC specifies an efficient public key encryption scheme, combining asymmetric and symmetric cryptographic building blocks. Out of HPKE’s four modes, two have already been formally analyzed by Alwen et al. (EUROCRYPT 2021). This work considers the remaining two modes: HPKE_PSK and HPKE_AuthPSK . Both of them are “pre-shared key” modes that assume the sender and receiver hold a symmetric pre-shared key. We capture the schemes with two new primitives which we call pre-shared key public-key encryption (pskPKE) and pre-shared key authenticated public-key encryption (pskAPKE). We provide formal security models for pskPKE and pskAPKE and prove (via general composition theorems) that the two modes HPKE_PSK and HPKE_AuthPSK offer active security (in the sense of insider privacy and outsider authenticity) under the Gap Diffie-Hellman assumption. We furthermore explore possible post-quantum secure instantiations of the HPKE standard and propose new solutions based on lattices and isogenies. Moreover, we show how HPKE’s basic HPKEPSK and HPKEAuthPSK modes can be used black-box in a simple way to build actively secure post-quantum/classic-hybrid (authenticated) encryption schemes. Our hybrid constructions provide a cheap and easy path towards a practical post-quantum secure drop-in replacement for the basic HPKE modes HPKE_Base and HPKE_Auth .

Note: Full version of the paper published at ASIACRYPT 2023. The NIKE construction was corrected to include more inputs in the hash function.

Available format(s)
Cryptographic protocols
Publication info
A major revision of an IACR publication in ASIACRYPT 2023
Authenticated Public Key EncryptionPost-Quantum HybridOpen StandardsHPKE
Contact author(s)
alwenjo @ amazon com
jonas janneck @ rub de
eike kiltz @ rub de
benjamin lipp @ mpi-sp org
2023-10-17: revised
2023-09-27: received
See all versions
Short URL
Creative Commons Attribution


      author = {Joël Alwen and Jonas Janneck and Eike Kiltz and Benjamin Lipp},
      title = {The Pre-Shared Key Modes of HPKE},
      howpublished = {Cryptology ePrint Archive, Paper 2023/1480},
      year = {2023},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.