Sie befinden sich hier: start » en » Internal Documentation » WvdS Crypto Library » 6. Scenarios » 7. Encryption » Scenario 7.1: Hybrid Encryption

Scenario 7.1: Hybrid Encryption

Category: Encryption
Complexity: (High)
Prerequisites: ML-KEM key pair, classical key pair
Estimated Time: 20-30 minutes

Description

This scenario describes hybrid encryption with classical (RSA/ECDH) and Post-Quantum (ML-KEM) algorithms. Hybrid encryption combines both methods to protect against both classical and quantum attacks.

Concept:

  • Classical key - Protection against current threats
  • PQ key - Protection against future quantum computers
  • Combined key - Security as long as one of them is secure

Workflow

flowchart LR subgraph Sender DATA[Data] --> SYM[AES-256-GCM] KEY1[RSA/ECDH Key Exchange] --> KDF KEY2[ML-KEM Key Encapsulation] --> KDF KDF[HKDF Combine] --> SYM end subgraph Recipient SYM2[AES-256-GCM Decrypt] KDF2[HKDF Combine] --> SYM2 DEC1[RSA/ECDH Decrypt] --> KDF2 DEC2[ML-KEM Decapsulate] --> KDF2 end SYM --> |Ciphertext| SYM2 style KDF fill:#e8f5e9 style KDF2 fill:#e8f5e9

Code Example (C#)

using WvdS.Security.Cryptography.X509Certificates.Extensions.PQ;
using System.Security.Cryptography;
 
using var ctx = PqCryptoContext.Initialize();
 
// Recipient keys (both algorithms)
var recipientEcdh = ECDiffieHellman.Create(ECCurve.NamedCurves.nistP384);
var recipientMlKem = ctx.GenerateKeyPair(PqAlgorithm.MlKem768);
 
// === ENCRYPTION ===
 
// 1. Classical key exchange (ECDH)
using var senderEcdh = ECDiffieHellman.Create(ECCurve.NamedCurves.nistP384);
var ecdhSharedSecret = senderEcdh.DeriveKeyMaterial(recipientEcdh.PublicKey);
 
// 2. PQ key encapsulation (ML-KEM)
var (mlKemCiphertext, mlKemSharedSecret) = ctx.Encapsulate(recipientMlKem.PublicKey);
 
// 3. Combine keys via HKDF
var combinedSecret = CombineSecrets(ecdhSharedSecret, mlKemSharedSecret);
var encryptionKey = ctx.DeriveKey(
    combinedSecret,
    outputLength: 32,
    salt: null,
    info: Encoding.UTF8.GetBytes("hybrid-encryption-v1")
);
 
// 4. Encrypt data
var plaintext = Encoding.UTF8.GetBytes("Secret message");
var nonce = RandomNumberGenerator.GetBytes(12);
var ciphertext = new byte[plaintext.Length];
var tag = new byte[16];
 
using var aes = new OpenSslAesGcm(encryptionKey);
aes.Encrypt(nonce, plaintext, ciphertext, tag);
 
// 5. Assemble encrypted message
var encryptedMessage = new HybridEncryptedMessage
{
    EcdhPublicKey = senderEcdh.PublicKey.ExportSubjectPublicKeyInfo(),
    MlKemCiphertext = mlKemCiphertext,
    Nonce = nonce,
    Ciphertext = ciphertext,
    Tag = tag
};
 
Console.WriteLine($"Encrypted: {encryptedMessage.Ciphertext.Length} bytes");

Decryption

// === DECRYPTION ===
 
using var ctx = PqCryptoContext.Initialize();
 
// Load recipient private keys
var recipientEcdh = ctx.LoadEcdhPrivateKey("recipient-ecdh.key.pem", "Password!");
var recipientMlKem = ctx.LoadPrivateKey("recipient-mlkem.key.pem", "Password!");
 
// 1. Classical key exchange
var senderEcdhPubKey = ECDiffieHellman.Create();
senderEcdhPubKey.ImportSubjectPublicKeyInfo(encryptedMessage.EcdhPublicKey, out _);
var ecdhSharedSecret = recipientEcdh.DeriveKeyMaterial(senderEcdhPubKey.PublicKey);
 
// 2. PQ key decapsulation
var mlKemSharedSecret = ctx.Decapsulate(recipientMlKem, encryptedMessage.MlKemCiphertext);
 
// 3. Combine keys
var combinedSecret = CombineSecrets(ecdhSharedSecret, mlKemSharedSecret);
var decryptionKey = ctx.DeriveKey(
    combinedSecret,
    outputLength: 32,
    salt: null,
    info: Encoding.UTF8.GetBytes("hybrid-encryption-v1")
);
 
// 4. Decrypt data
var decrypted = new byte[encryptedMessage.Ciphertext.Length];
 
using var aes = new OpenSslAesGcm(decryptionKey);
aes.Decrypt(
    encryptedMessage.Nonce,
    encryptedMessage.Ciphertext,
    encryptedMessage.Tag,
    decrypted
);
 
var message = Encoding.UTF8.GetString(decrypted);
Console.WriteLine($"Decrypted: {message}");

Secret Combination (HKDF)

private static byte[] CombineSecrets(byte[] secret1, byte[] secret2)
{
    // Concat and hash - simple but secure method
    // Alternative: Parallel HKDF and XOR
    var combined = new byte[secret1.Length + secret2.Length];
    Buffer.BlockCopy(secret1, 0, combined, 0, secret1.Length);
    Buffer.BlockCopy(secret2, 0, combined, secret1.Length, secret2.Length);
 
    // HKDF Extract
    return HKDF.Extract(HashAlgorithmName.SHA256, combined);
}

Message Format

public class HybridEncryptedMessage
{
    // Header
    public string Version { get; set; } = "1.0";
    public string Algorithm { get; set; } = "ECDH-P384+ML-KEM-768/AES-256-GCM";
 
    // Key Encapsulation
    public byte[] EcdhPublicKey { get; set; }   // ECDH ephemeral public key
    public byte[] MlKemCiphertext { get; set; } // ML-KEM ciphertext
 
    // Encrypted Content
    public byte[] Nonce { get; set; }           // 12 bytes
    public byte[] Ciphertext { get; set; }      // Variable
    public byte[] Tag { get; set; }             // 16 bytes
 
    // Serialization
    public byte[] Serialize()
    {
        using var ms = new MemoryStream();
        using var writer = new BinaryWriter(ms);
 
        writer.Write(Version);
        writer.Write(Algorithm);
        writer.Write(EcdhPublicKey.Length);
        writer.Write(EcdhPublicKey);
        writer.Write(MlKemCiphertext.Length);
        writer.Write(MlKemCiphertext);
        writer.Write(Nonce.Length);
        writer.Write(Nonce);
        writer.Write(Ciphertext.Length);
        writer.Write(Ciphertext);
        writer.Write(Tag.Length);
        writer.Write(Tag);
 
        return ms.ToArray();
    }
}

Algorithm Combinations

Combination Classical PQ Security Level
Standard ECDH P-384 ML-KEM-768 192-bit hybrid
High Security ECDH P-521 ML-KEM-1024 256-bit hybrid
Legacy Support RSA-4096 + ECDH P-256 ML-KEM-512 128-bit hybrid
Minimal X25519 ML-KEM-512 128-bit hybrid

Industry-Specific Requirements

Industry Min. Security Recommended Combination
Financial Sector 192-bit ECDH P-384 + ML-KEM-768
Healthcare 128-bit ECDH P-256 + ML-KEM-512
Government 256-bit ECDH P-521 + ML-KEM-1024
Energy 192-bit ECDH P-384 + ML-KEM-768
Relationship Scenario Description
Component 7.2 Key Encapsulation ML-KEM details
Application 7.3 File Encryption Practical usage
Related 11.1 Key Generation Create keys

« <- Encryption Overview | ^ Scenarios | 7.2 Key Encapsulation -> »

, , , ,

Wolfgang van der Stille @ EMSR DATA d.o.o. - Post-Quantum Cryptography Professional

Zuletzt geändert: on 2026/01/30 at 12:34 AM

Seiten-Werkzeuge