In cryptography, a hybrid cryptosystem is one which combines the convenience of a public-key cryptosystem with the efficiency of a symmetric-key cryptosystem.[1] Public-key cryptosystems are convenient in that they do not require the sender and receiver to share a common secret in order to communicate securely.[2] However, they often rely on complicated mathematical computations and are thus generally much more inefficient than comparable symmetric-key cryptosystems. In many applications, the high cost of encrypting long messages in a public-key cryptosystem can be prohibitive. This is addressed by hybrid systems by using a combination of both.[3]
A hybrid cryptosystem can be constructed using any two separate cryptosystems:
a key encapsulation mechanism, which is a public-key cryptosystem
a data encapsulation scheme, which is a symmetric-key cryptosystem
The hybrid cryptosystem is itself a public-key system, whose public and private keys are the same as in the key encapsulation scheme.[4]
Note that for very long messages the bulk of the work in encryption/decryption is done by the more efficient symmetric-key scheme, while the inefficient public-key scheme is used only to encrypt/decrypt a short key value.[3]
All practical implementations of public key cryptography today employ the use of a hybrid system. Examples include the TLS protocol [5] and the SSH protocol,[6] that use a public-key mechanism for key exchange (such as Diffie-Hellman) and a symmetric-key mechanism for data encapsulation (such as AES). The OpenPGP[7] file format and the PKCS#7[8] file format are other examples.
Hybrid Public Key Encryption (HPKE, published as RFC 9180) is a modern standard for generic hybrid encryption. HPKE is used within multiple IETF protocols, including MLS and TLS Encrypted Hello.
Envelope encryption is an example of a usage of hybrid cryptosystems in cloud computing. In a cloud context, hybrid cryptosystems also enable centralized key management.[9][10]
^Shoukat, Ijaz Ali (2013). "A Generic Hybrid Encryption System (HES)".
^Paar, Christof; Pelzl, Jan; Preneel, Bart (2010). "Chapter 6: Introduction to Public-Key Cryptography". Understanding Cryptography: A Textbook for Students and Practitioners(PDF). Springer. ISBN 978-3-642-04100-6.
^ abDeng, Juan; Brooks, Richard (2012). "Chapter 26 - Cyber-Physical Security of Automotive Information Technology". Handbook on Securing Cyber-Physical Critical Infrastructure. Elsevier. pp. 655–676. ISBN 978-0-12-415815-3.
^Cite error: The named reference cramer-shoup was invoked but never defined (see the help page).
cryptography, a hybridcryptosystem is one which combines the convenience of a public-key cryptosystem with the efficiency of a symmetric-key cryptosystem. Public-key...
ElGamal cryptosystem is usually used as part of a hybridcryptosystem, where the message itself is encrypted using a symmetric cryptosystem, and ElGamal...
using asymmetric (public-key) algorithms. It is commonly used in hybridcryptosystems. In practice, public key systems are clumsy to use in transmitting...
algorithms and is useful when combining multiple primitives in a hybridcryptosystem, so there is no clear weakest link. For example, AES-128 (key size...
especially with typical key sizes. As a result, public-key cryptosystems are commonly hybridcryptosystems, in which a fast high-quality symmetric-key encryption...
can be used to send messages confidentially. For this, PGP uses a hybridcryptosystem by combining symmetric-key encryption and public-key encryption....
requires rather expensive secure storage. To overcome that, key-aggregate cryptosystem can be used. It increases the number of networks over which the data...
done to assess security of the present-day implementations of quantum cryptosystems, mostly because they are not in widespread use as of 2014. Security...
accesses the memory array in a password independent order. Argon2id is a hybrid version. It follows the Argon2i approach for the first half pass over memory...
Efficient Remote User Password Authentication Scheme based on Rabin's Cryptosystem". Wireless Personal Communications. 90 (1): 217–244. doi:10.1007/s11277-016-3342-5...
open-source software portal Asymmetric key algorithm Topics in cryptography Cryptosystem Esslinger, Bernhard (22 September 2016). "CrypTool: An Open-Source E-Learning...
asymmetric backdoors. An asymmetric backdoor is a backdoor (e.g., in a cryptosystem) that can be used only by the attacker, even after it is found. This...
algorithm applies, like the McEliece cryptosystem based on a problem in coding theory. Lattice-based cryptosystems are also not known to be broken by quantum...
hash function instead of SHA-256. Peercoin, created in August 2012, used a hybrid of proof-of-work and proof-of-stake. Cryptocurrency has undergone several...
of the remote peer and protection against manipulation of messages. As a hybrid of DH and KDF ratchets, it combines several desired features of both principles...
securitization, and generating keys for the Merkle–Hellman and other knapsack cryptosystems. One early application of knapsack algorithms was in the construction...
Integrated Encryption Scheme (IES) is a hybrid encryption scheme which provides semantic security against an adversary who is able to use chosen-plaintext...
Ciphertext-Policy Attribute-Based Encryption. Fully Homomorphic Encryption is a cryptosystem that supports arbitrary computation on ciphertext and also allows computing...
unit (PDU), to the time relations between the exchanged PDUs, or both (hybrid methods). Moreover, it is feasible to utilize the relation between two or...
Golay code is of practical interest Goppa code, used in the McEliece cryptosystem Hadamard code Hagelbarger code Hamming code Latin square based code for...
now without doubt insecure for use in new cryptosystem designs, and messages protected by older cryptosystems using DES, and indeed all messages sent since...
test, and the N+1 and hybrid N−1/N+1 methods such as those in Brillhart-Lehmer-Selfridge 1975. LUC is a public-key cryptosystem based on Lucas sequences...
keys are vulnerable to compromise, such as identity theft or spoofing. Cryptosystems that store encryption keys directly in the TPM without blinding could...