Hybrid cryptosystem

In cryptography, a hybrid cryptosystem is one which combines the convenience of a public-key cryptosystem with the efficiency of a symmetric-key cryptosystem.[1] Public-key cryptosystems are convenient in that they do not require the sender and receiver to share a common secret in order to communicate securely.[2] However, they often rely on complicated mathematical computations and are thus generally much more inefficient than comparable symmetric-key cryptosystems. In many applications, the high cost of encrypting long messages in a public-key cryptosystem can be prohibitive. This is addressed by hybrid systems by using a combination of both.[3]

A hybrid cryptosystem can be constructed using any two separate cryptosystems:

The hybrid cryptosystem is itself a public-key system, whose public and private keys are the same as in the key encapsulation scheme.[4]

Note that for very long messages the bulk of the work in encryption/decryption is done by the more efficient symmetric-key scheme, while the inefficient public-key scheme is used only to encrypt/decrypt a short key value.[3]

All practical implementations of public key cryptography today employ the use of a hybrid system. Examples include the TLS protocol [5] and the SSH protocol,[6] that use a public-key mechanism for key exchange (such as Diffie-Hellman) and a symmetric-key mechanism for data encapsulation (such as AES). The OpenPGP[7] file format and the PKCS#7[8] file format are other examples.

Hybrid Public Key Encryption (HPKE, published as RFC 9180) is a modern standard for generic hybrid encryption. HPKE is used within multiple IETF protocols, including MLS and TLS Encrypted Hello.

Envelope encryption is an example of a usage of hybrid cryptosystems in cloud computing. In a cloud context, hybrid cryptosystems also enable centralized key management.[9][10]

  1. ^ Shoukat, Ijaz Ali (2013). "A Generic Hybrid Encryption System (HES)".
  2. ^ Paar, Christof; Pelzl, Jan; Preneel, Bart (2010). "Chapter 6: Introduction to Public-Key Cryptography". Understanding Cryptography: A Textbook for Students and Practitioners (PDF). Springer. ISBN 978-3-642-04100-6.
  3. ^ a b Deng, Juan; Brooks, Richard (2012). "Chapter 26 - Cyber-Physical Security of Automotive Information Technology". Handbook on Securing Cyber-Physical Critical Infrastructure. Elsevier. pp. 655–676. ISBN 978-0-12-415815-3.
  4. ^ Cite error: The named reference cramer-shoup was invoked but never defined (see the help page).
  5. ^ Fox, Pamela. "Transport Layer Security (TLS) (article)". Khan Academy. Retrieved 2022-02-06.
  6. ^ Ellingwood, Justin. "Understanding the SSH Encryption and Connection Process | DigitalOcean". www.digitalocean.com. Retrieved 2022-02-06.
  7. ^ "RFC 9580 - OpenPGP". datatracker.ietf.org. Retrieved 2024-08-02.
  8. ^ "RFC 2315 - PKCS #7: Cryptographic Message Syntax Version 1.5". datatracker.ietf.org. Retrieved 2022-02-06.
  9. ^ Albertini, Ange; Duong, Thai; Gueron, Shay; Kölbl, Stefan; Luykx, Atul; Schmieg, Sophie (November 17, 2020). "How to Abuse and Fix Authenticated Encryption Without Key Commitment". USENIX Security 2022 – via Cryptology ePrint Archive.
  10. ^ "Envelope encryption | Cloud KMS Documentation". Google Cloud. Retrieved 2021-12-30.