Skip to main content

Hybrid Cryptosystem

Polykey's security model is built on a Hybrid Cryptosystem, which combines both symmetric and asymmetric encryption to achieve secure communication, storage, and identity management.

Why Hybrid Encryption?

Encryption is necessary to protect sensitive data, but different encryption methods serve different purposes. A hybrid cryptosystem merges the strengths of both:

Asymmetric Encryption (Public and Private Key Pairs)

  • Used for securely exchanging encryption keys
  • Allows verification of signatures
  • Ensures secure communication without prior key exchange

Symmetric Encryption (Shared Secret Keys)

  • Used for encrypting large amounts of data efficiently
  • Faster than asymmetric encryption
  • Requires a secure method to exchange keys

By combining these two, Polykey ensures security in transit, at rest, and in use.

Polykey's Implementation of Hybrid Cryptography

Polykey's hybrid cryptosystem is based on the Elliptic Curve Integrated Encryption Scheme (ECIES) and consists of two primary mechanisms:

  1. Key Encapsulation Mechanism (KEM)
  • Uses symmetric encryption to securely exchange a symmetric key.
  • This ensures that even if an attacker intercepts the communication, they cannot derive the encryption key without access to the private key.
  1. Data Encapsulation Scheme (DES)
  • Uses symmetric encryption (XChaCha20-Poly1305) to encrypt all Polykey data.
  • This ensures that once the symmetric key is established, encryption is fast and efficient.

How This Works in Polykey

  • The sender encrypts data using a symmetric key.
  • This symmetric key is then encrypted using the recipient's public key.
  • The recipient decrypts the symmetric key using their private key.
  • Once the symmetric key is obtained, it is used to decrypt the original data.

This method keeps encryption fast and secure, reducing computational overhead while maintaining strong security guarantees.

Why Not Just Use One Type of Encryption?

Each encryption method has limitations:

Asymmetric encryption is slow

  • Encrypting large amounts of data with public-private key pairs is inefficient.
  • It is only practical for encrypting small pieces of data, like symmetric keys.

Symmetric encryption needs secure key exchange

  • If a secret key is leaked or intercepted, the encrypted data is compromised.
  • It requires a secure way to distribute and manage encryption keys.

A hybrid cryptosystem provides the best of both worlds:

  • Asymmetric encryption protects the key exchange.
  • Symmetric encryption handles bulk data encryption efficiently.

Future-Proofing with Post-Quantum Cryptography

Polykey currently uses Elliptic Curve Cryptography (ECC) for its hybrid system, specifically Ed25519. However, quantum computing could break ECC in the future. When quantum-safe encryption becomes more practical, Polykey will upgrade to a Post-Quantum Integrated Encryption Scheme to maintain long-term security.

Conclusion

A hybrid cryptosystem is essential for balancing security, efficiency, and scalability. By leveraging symmetric encryption for key exchange and symmetric encryption for data protection, Polykey ensures robust security while keeping performance high.

Polykey's use of ECIES, KEM, and DES provides a secure foundation for encrypted communication, identity management, and data storage. This hybrid approach ensures that data remains protected, both now and in the future.