Most cryptographers used to assemble public-key encryption out of spare parts — pick an ECDH curve, pick an AEAD, write your own glue, hope nobody footguns it. HPKE is the standardized version of that glue. It's now load-bearing under MLS, TLS Encrypted Client Hello, and Oblivious DNS, and it's quietly the most important new crypto primitive of the last five years. HPKE — Hybrid Public Key Encryption — is published as RFC 9180 by the IRTF Crypto Forum Research Group. The name is plain-spoken: it does public-key encryption, hybrid in the sense that it combines an asymmetric Key Encapsulation Mechanism (KEM) with a symmetric Authenticated Encryption with Associated Data (AEAD) construction. The combination isn't new. The standardization is.…