Implements RFC 9180 HPKE (Hybrid Public Key Encryption) as an EVM precompile. HPKE is a modern replacement for ECIES that supports multiple KEMs (P-256, P-384, X25519, X25519+Kyber768, X-Wing), KDFs, and AEADs in a composable cipher suite framework. Provides four modes: Base, PSK, Auth, and AuthPSK.
0x9200 -- Privacy range.
Operations cover all four HPKE modes and single-shot convenience functions.
0x01-0x08: Setup operations (SetupBaseS/R, SetupPSKS/R, SetupAuthS/R, SetupAuthPSKS/R)
0x10 Seal: context_handle + aad + plaintext -> ciphertext
0x11 Open: context_handle + aad + ciphertext -> plaintext
0x12 Export: context_handle + exporter_context + length -> key_material
0x20 SingleShotSeal: cipher_suite + pk + info + aad + plaintext -> enc + ciphertext
0x21 SingleShotOpen: cipher_suite + sk + enc + info + aad + ciphertext -> plaintext
Cipher suite is encoded as: KEM_ID(2) + KDF_ID(2) + AEAD_ID(2).
Seal/Open adds per-byte cost based on the AEAD (AES-128-GCM: 5/byte, ChaCha20-Poly1305: 4/byte).
1. HPKE is IND-CCA2 secure in the standard model under appropriate KEM assumptions.
2. Post-quantum hybrid KEMs (X25519+Kyber768, X-Wing) ensure security if either classical or lattice assumption holds.
3. PSK mode provides additional key confirmation but requires pre-shared secret distribution.
4. Auth mode provides sender authentication via the sender's static keypair.
5. GPU acceleration for lattice KEM operations (ML-KEM encaps/decaps) via luxfi/accel.
github.com/luxfi/precompile/hpke/Copyright (C) 2024-2026, Lux Partners Limited. All rights reserved.
Licensed under the MIT License.