Hybrid encryption

The core idea of hybrid cryptography

The core idea of hybrid encryption is to marry both symmetric and asymmetric encryption to get benefits of both and discard disadvantages of both.

Why hybridize encryption methods?

Symmetric
encryption
  • Fast
  • Strong
  • Unsafe key distribution

If man-in-the-middle intercepts the key something may go dramatically wrong…

+
Asymmetric
encryption
  • Slow
  • Strong
  • Safe key distribution

It takes ages to process large amounts of data. Not a go for real-time communication…

=
Hybrid
encryption
  • Fast
  • Super strong
  • Safe key distribution

It eliminates man-in-the-middle threat and supports real-time secure communication

Important feature
Important feature

Essential feature about hybrid encryption is that symmetric key is created over and over for every new conversation or every new data exchange, e.g. every new session. Session key is a one-time randomly generated set of numbers which is used to transform plain text into cypher. Every time for any intention to communicate with others crypto system creates a new symmetric key (generates a set of random numbers). The power of random numbers is that its consequence cannot be guesses, repeated or predicted by a hacker. This approach ensures forward security of communication is case of leaks of symmetric keys from previous sessions or contacts.

How it works

Basically, all data which is going to be transferred is encrypted with a symmetric key and symmetric key itself is encrypted using asymmetric encryption. Both encrypted piece of data and encrypted key are delivered to recipient. Encryption keys are managed differently depending on how communication is going either in real-time (like chat, voice call, secure internet browsing etc.) or some information sent to the future and which will be read some day by a recipient (e.g. email, reports, sensitive documents etc.).

Example 1: hybrid encryption in real-time communication

1.Users exchange with their public keys. Essentially, initiator of communication request should get a public key of request acceptor.

Digital signatures

2.Initiator of communication generates a random on-time session key

3.Initiator of communication encrypts the session key using recipient’s public key and sends encrypted key to receiver via unsecure cyber space

Digital signatures
Digital signatures

4.Receiver of communication request accepts encrypted key and decrypts it using matching private key

Digital signatures

5.Now both sides communicate using same session key. Communication stream is encrypted with strong symmetric encryption algorithm and only users who have matching one-time generated key can decrypt the flow. Interception of encrypted data is useless because bits of data will make only mess and no sense.

Digital signatures

Hybrid encryption may involve user authentication with digital signatures prior to key exchange step.

Case when encrypted data is sent now and will be read by a recipient some day in the future requires management policy which is different from real-time communication. Examples of this type of hybrid encryption application could be e-mail encryption, PGP encryption, sending sensitive documents etc.

Example 2: encrypted data is sent to the future

1.Users exchange with public keys

Digital signatures

2.Sender writes a message (creates a document)

3.Sender generates a random one-time session key and encrypts the message with the session key

Digital signatures
Digital signatures
Digital signatures

4.Sender encrypts the assymetric (session) key with recipient’s public key which was obtained on step 1.

Digital signatures

5.Sender sends both encrypted message and encrypted key to recipient.

Digital signatures

6. Such secured data package may stay untouched for some time until recipient initiates decryption process. To do it recipient should have valid private key which matches the case. First, recipient unlocks the case using private key and releases the session key. Then session key is used to decrypt the message, e-mail or file.

Digital signatures

Variations of hybrid encryption

Some schemes may use a few symmetric keys which are used randomly to encrypt different fragments of data. Also there may be some variations where strong symmetric encryption is followed by a few rounds of asymmetric data encryption which were used to deliver session key in super-secure environment. Of course, the more complex encryption scheme is the more computational resources are required to process it. Complex hybrid encryption algorithms may not work properly on slow hardware.

All these actions are taken with only one purpose – make encryption as strong as possible, so that it would be impossible to break it within any reasonable terms.

Don’t wait until it’s too late

Buy No.1 BC card

Card is required to encrypt voice calls, chats, file transfers and use No.1 BC: Mail

Find where to buy

Use No.1 BC apps

Make sure to install the latest version of No.1 BC applications.