4Hybrid system: Combining Symmetric and Asymmetric Encryption

The disadvantage of using public key encryption is that it is quite a slow process, as key lengths are large (1024 bits to 4094 bits). When both processes are compared, symmetric key encryption is significantly faster, as the key length is smaller (40 bits to 256 bits). On the other hand, there is a problem in transferring the key in secret key encryption. Both these techniques can be used together to provide a better method of encryption. This way one can make use of the combined advantages and overcome the disadvantages.

Specifically, the hybrid system uses a public key algorithm in order to safely share the symmetric encryption system's secret key. The real message is then encrypted using this key and then sent to the recipient. Since the key sharing method is secure, the symmetric key used for the encryption changes for each message sent. For this reason it is sometimes called the session key. This means that if the session key was intercepted, the interceptor would only be able to read the message encrypted with that key. In order to decrypt other messages the interceptor would have to intercept other session keys.

The session key, encrypted using the public key algorithm, and the message being sent, encrypted with the symmetric algorithm, are automatically combined into a single package. The recipient uses his or her private key to decrypt the session key and then uses the session key to decrypt the message. Many applications use this system.

The steps in data transaction within a combined technique are:

  1. Encrypt the plaintext using a symmetric encryption and a random key.
  2. Encrypt only this random key with the recipient’s public key using asymmetric encryption. Now send the encrypted random key to the recipient. The recipient, at his or her end, can now decrypt the random key using his/her private key.
  3. Next, send the actual encrypted data. The encrypted data can be decrypted using the key that was encrypted by using the public key from the asymmetric key pair.

The combined technique of encryption is widely used. For instance, it is used in Secure Shell (SSH) to secure communications between the client and the server and in PGP (Pretty Good Privacy) for sending messages. Above all, it is the heart of Transport Layer Security (TLS), which is widely used by Web browsers and Web servers to maintain a secure communication channel with each other.

The next figure illustrates the process.

image
Fig 4.1 Hybrid encryption model (to provide confidentiality)