Hybrid cryptosystem
Encyclopedia
In cryptography
, public-key cryptosystems
are convenient in that they do not require the sender and receiver to share a common secret in order to communicate securely (among other useful properties). However, they often rely on complicated mathematical computations and are thus generally much more inefficient than comparable symmetric-key cryptosystems. In many applications, the high cost of encrypting long messages in a public-key cryptosystem can be prohibitive. A hybrid cryptosystem is one which combines the convenience of a public-key cryptosystem with the efficiency of a symmetric-key cryptosystem.
A hybrid cryptosystem can be constructed using any two separate cryptosystems:
The hybrid cryptosystem is itself a public-key system, whose public and private keys are the same as in the key encapsulation scheme.
Note that for very long messages the bulk of the work in encryption/decryption is done by the more efficient symmetric-key scheme, while the inefficient public-key scheme is used only to encrypt/decrypt a short key value.
To decrypt this hybrid ciphertext, Alice does the following:
However, it is possible to construct a hybrid scheme secure against adaptive chosen ciphertext attack even if the key encapsulation has a slightly weakened security definition (though the security of the data encapsulation must be slightly stronger).
Cryptography
Cryptography is the practice and study of techniques for secure communication in the presence of third parties...
, public-key cryptosystems
Public-key cryptography
Public-key cryptography refers to a cryptographic system requiring two separate keys, one to lock or encrypt the plaintext, and one to unlock or decrypt the cyphertext. Neither key will do both functions. One of these keys is published or public and the other is kept private...
are convenient in that they do not require the sender and receiver to share a common secret in order to communicate securely (among other useful properties). However, they often rely on complicated mathematical computations and are thus generally much more inefficient than comparable symmetric-key cryptosystems. In many applications, the high cost of encrypting long messages in a public-key cryptosystem can be prohibitive. A hybrid cryptosystem is one which combines the convenience of a public-key cryptosystem with the efficiency of a symmetric-key cryptosystem.
A hybrid cryptosystem can be constructed using any two separate cryptosystems:
- a key encapsulation scheme, which is a public-key cryptosystem, and
- a data encapsulation scheme, which is a symmetric-key cryptosystem.
The hybrid cryptosystem is itself a public-key system, whose public and private keys are the same as in the key encapsulation scheme.
Note that for very long messages the bulk of the work in encryption/decryption is done by the more efficient symmetric-key scheme, while the inefficient public-key scheme is used only to encrypt/decrypt a short key value.
Example
To encrypt a message addressed to Alice in a hybrid cryptosystem, Bob does the following:- Obtains Alice's public key.
- Generates a fresh symmetric key for the data encapsulation scheme.
- Encrypts the message under the data encapsulation scheme, using the symmetric key just generated.
- Encrypt the symmetric key under the key encapsulation scheme, using Alice's public key.
- Send both of these encryptions to Alice.
To decrypt this hybrid ciphertext, Alice does the following:
- uses her private key to decrypt the symmetric key contained in the key encapsulation segment.
- uses this symmetric key to decrypt the message contained in the data encapsulation segment.
Security
If both the key encapsulation and data encapsulation schemes are secure against adaptive chosen ciphertext attacks, then the hybrid scheme inherits that property as well.However, it is possible to construct a hybrid scheme secure against adaptive chosen ciphertext attack even if the key encapsulation has a slightly weakened security definition (though the security of the data encapsulation must be slightly stronger).