Quiz Entry - updated: 2026.07.14
How does hybrid encryption work, and why is it used?
A random symmetric session key is encrypted asymmetrically and sent alongside the symmetrically-encrypted data — combining the best of both worlds.
* A random symmetric session key encrypts the data; the public key wraps only that small key. *
Steps:
- Alice generates a random session key $K_S$ (symmetric)
- Alice encrypts the actual message with $K_S$: $c = E_{sym}(K_S, m)$
- Alice encrypts $K_S$ with Bob's public key: $K_S^{enc} = E_{asym}(K_{pub,B}, K_S)$
- Alice sends both $c$ and $K_S^{enc}$
- Bob decrypts $K_S$ with his private key: $K_S = D_{asym}(K_{priv,B}, K_S^{enc})$
- Bob decrypts the message: $m = D_{sym}(K_S, c)$
Why hybrid?
- Asymmetric encryption is ~1000x slower — impractical for large data
- Symmetric encryption is fast but requires a shared secret
- Hybrid: Use slow asymmetric crypto only for the small session key, then fast symmetric crypto for the bulk data
Used everywhere: TLS/HTTPS, PGP/GPG, SSH, Signal Protocol — virtually all real-world encryption is hybrid.
Go deeper:
Hybrid cryptosystem — the pattern behind TLS, PGP and S/MIME.