Hybrid cryptosystem


Hybrid cryptosystem is one which combines the convenience of a Public Key Cryptography with the efficiency of a Symmetric Key Cryptography.

Public Key Cryptography is convenient in that they do not require the sender and receiver to share a common secret in order to communicate securely (among other useful properties). However, they often rely on complicated mathematical computations and are thus generally much more inefficient than comparable Symmetric Key Cryptography. In many applications, the high cost of encrypting long messages in a Public Key Cryptography can be prohibitive. This is addressed by hybrid systems by using a combination of both.

Hybrid cryptosystem can be constructed using any two separate cryptosystems:

Hybrid cryptosystem is itself a public-key system, whose Public Keys and Private Keys are the same as in the key encapsulation scheme.

Note that for very long messages the bulk of the work in encryption/decryption is done by the more efficient Symmetric Key Cryptography scheme, while the less efficient Public Key Cryptography scheme is used only to encrypt/decrypt a short key value.

All practical implementations of Public Key Cryptography today employ the use of a Hybrid cryptosystem. Examples include the TLS protocol which uses a Public Key mechanism for Key-Exchange (such as Diffie-Hellman) and a Symmetric Key mechanism for data encapsulation (such as AES).
The OpenPGP (RFC 4880) file format and the PKCS7 (RFC 2315) file format are other examples.

Example User Story#

To encrypt a message addressed to Alice in a Hybrid cryptosystem, Bob does the following:

For Decryption this hybrid ciphertext, Alice does the following:

More Information#

There might be more information for this subject on one of the following: