Hybrid Encryption with ECIES + RSA KEM

RSA-KEM is an encryption scheme that works by simply encrypting a random number under RSA. no padding is needed.

We can pass the random number through a key derivation function (KDF) to obtain a symmetric key. We then use the symmetric key to encrypt a message via an authenticated encryption algorithm.

This ECDH provides shorter public keys and benefits, in general

from much better standards and much safer implementations.

Elliptic Curve Integrated Encryption Scheme (ECIES)

works similarly to the hybrid encryption scheme. The difference is that we use the ECDH key exchange instead of asymmetric encryption primitive.

ECIES Step 1

if you want to encrypt a message to Alice, you

use an (EC)DH-based key exchange with Alice’s

public key and a key pair that you generate for

the occasion (this is called an ephemeral key

pair).

ECIES Step 2

You can then use the obtained shared secret

with an authenticated symmetric encryption

algorithm like AES-GCM to encrypt a longer

message to her.

ECIES Step 3

After this, you can send the ephemeral public

key and the ciphertext to Alice. Alice can use

your ephemeral public key to perform a key

exchange with her own key pair.

ECIES Step 4

She can then use the result to decrypt the

ciphertext and retrieve the original message.

The result is either the original message or an

error if the public key or the encrypted message

are tampered with in transit.