Cryptography Reference
In-Depth Information
demand, due to the computational issue just discussed.) Thus, from a security
perspective, it might also be wise to restrict the use of public-key encryption
to single plaintexts, where by 'single' we mean that the entire plaintext can be
encrypted in one computation.
Thus there is a strong case
from both an efficiency and a security perspective
for
limiting the use of public-key encryption to 'occasional' short plaintexts.
5.5.2
Hybrid encryption
There are many applications where we want to use public-key encryption for the
benefits discussed in Section 5.1.1, but where the plaintexts are long and thus we
cannot use public-key encryption for the reasons just discussed in Section 5.5.1.
The elegant and simple solution to this conundrum is known as
hybrid encryption
.
If Alice wants to encrypt a (long) plaintext and send it to Bob, she:
1. generates a symmetric
K
and public-key encrypts the symmetric key
K
using
the public key of Bob;
2. symmetrically encrypts the plaintext using
K
.
Alice then sends both of these ciphertexts to Bob. On receiving the two
ciphertexts, Bob:
1. recovers the symmetric key
K
by decrypting the first ciphertext using his
private key;
2. recovers the original plaintext by decrypting the second ciphertext using
K
.
This hybrid encryption process is depicted in Figure 5.2.
Bob
Alice
Decrypt using
Bob's private
key to recover
K
Encrypt
K
using Bob's
public key
PKE
PKBob
(
K
)
Encrypt the
plaintext using
K
Decrypt using
K
to recover the
plaintext
SE
K
(plaintext)
Figure 5.2.
Hybrid encryption