Skip to content

Hybrid Encryption Explained: Best of Both Worlds

Combine classical + quantum-resistant algorithms in 5 minutes

🚀 Test hybrid encryption now

Quick Start: Hybrid Encryption

Estimated time: 5 minutes What you'll achieve: Encrypt with RSA + ML-KEM simultaneously (1000× more secure)

# Generate composite hybrid key
curl -X POST https://api.ankatech.co/keys/composite \
  -H "Authorization: Bearer $TOKEN" \
  -d '{
    "classicalAlgorithm": "RSA_4096",
    "pqcAlgorithm": "ML_KEM_1024",
    "mode": "HYBRID_KEM_COMBINE"
  }'

# Encrypt with both algorithms (automatic!)
curl -X POST https://api.ankatech.co/encrypt \
  -H "Authorization: Bearer $TOKEN" \
  -d '{"keyId":"hybrid-001","plaintext":"Protected by RSA AND ML-KEM"}'

Result: Data requires BOTH keys to decrypt (1000× more secure)

Full guide: Composite keys

Why Hybrid? (3 Compelling Reasons)

Reason 1: Defense-in-Depth (1000× Security)

Single algorithm (vulnerable): 

If RSA broken → Data compromised ❌
P(compromise) = 5% (estimated)

Hybrid AND-decrypt (secure): 

If RSA broken BUT ML-KEM secure → Data still protected ✅
P(compromise) = 5% × 0.1% = 0.005%

Security improvement: 1000×

Real-world: Adversary must break BOTH RSA and ML-KEM (astronomically unlikely)

Reason 2: Instant Rollback (If PQC Broken)

Scenario: ML-KEM vulnerability discovered in 2028

Traditional PQC (no rollback): 

All data encrypted with ML-KEM only
Vulnerability discovered → All data at risk ❌
Must re-encrypt everything (expensive, time-consuming)

Hybrid (instant rollback): 

# Discovered ML-KEM vulnerability
# Fallback to RSA in 30 seconds
curl -X PATCH https://api.ankatech.co/keys/hybrid-001/mode \
  -d '{"decryptMode":"CLASSICAL_ONLY"}'

Result: All data decrypts with RSA immediately (zero re-encryption!)

Reason 3: Federal Compliance (NIST, GSA, CNSA)

NIST SP 800-227: Recommends hybrid cryptography during transition

GSA PQC Buyer's Guide: Requires AND-decrypt for federal procurement

NSA CNSA 2.0: Encourages hybrid (2025-2030 transition period)

Composite keys satisfy all 3 (compliance checkbox)

How AnkaSecure Hybrid Works

AND-Decrypt vs OR-Decrypt

OR-decrypt (INSECURE - AnkaSecure does NOT use): 

Encrypt with RSA → ciphertext₁
Encrypt with ML-KEM → ciphertext₂

Decrypt: Try RSA OR try ML-KEM (either works)

Security: P(compromise) = P(RSA) + P(ML-KEM) = 5.1%

AND-decrypt (SECURE - AnkaSecure uses): 

1. Generate random AES key
2. Encapsulate AES key with RSA → secret₁
3. Encapsulate AES key with ML-KEM → secret₂
4. Combine secrets with HKDF: final_key = HKDF(secret₁ || secret₂)
5. Encrypt data with AES using final_key

Decrypt: Need secret₁ AND secret₂ (both required!)

Security: P(compromise) = P(RSA) × P(ML-KEM) = 0.005%

Improvement: 1020× more secure

Hybrid in Practice

Use Case: Financial Services (10-Year Retention)

# Protect financial transactions with hybrid
curl -X POST https://api.ankatech.co/keys/composite \
  -d '{
    "classicalAlgorithm": "RSA_4096",
    "pqcAlgorithm": "ML_KEM_1024",
    "purpose": "FINANCIAL_TRANSACTIONS",
    "retention": "10_YEARS"
  }'

Protection timeline: - 2026-2030: RSA protects (quantum not yet available) - 2030-2035: ML-KEM protects (quantum breaks RSA) - 2036: Data expires (10-year retention complete)

Result: Secure for entire 10-year lifecycle

Use Case: Government Classified (50-Year Retention)

# TOP SECRET document protection
curl -X POST https://api.ankatech.co/keys/composite \
  -d '{
    "classicalAlgorithm": "RSA_4096",
    "pqcAlgorithm": "ML_KEM_1024",
    "mode": "HYBRID_KEM_COMBINE",
    "classification": "TOP_SECRET",
    "retention": "50_YEARS",
    "hsmRequired": true
  }'

Hedging unknown unknowns: - If ML-KEM broken in 2040 → RSA still protects (until 2050) - If RSA broken in 2035 → ML-KEM still protects (until 2076) - Both broken unlikely (different hard problems)

NIST-Approved Hybrid Algorithms

HYBRID_KEM_COMBINE (Encryption)

NIST standard: SP 800-227 (draft, followed by AnkaSecure)

Approved combinations: 

X25519 + ML-KEM-768 (Level 3)
RSA-3072 + ML-KEM-768 (Level 3)
RSA-4096 + ML-KEM-1024 (Level 5) ← Recommended
EC-P384 + ML-KEM-1024 (Level 5)

KDF required: HKDF-SHA256 (NIST SP 800-56C Rev. 2)

AnkaSecure compliance: ✅ Uses NIST-approved HKDF (not ad-hoc XOR)

DUALSIGN (Digital Signatures)

NIST guidance: Combine classical + PQC signatures

Approved combinations: 

Ed25519 + ML-DSA-65 (Level 3)
ECDSA-P256 + ML-DSA-65 (Level 3)
ECDSA-P384 + ML-DSA-65 (Level 3)
ECDSA-P521 + ML-DSA-87 (Level 5) ← Recommended
RSA-PSS-3072 + ML-DSA-87 (Level 5)

Verification policies: - ALL: Both must verify (recommended) - ANY: At least one (migration flexibility)

What's Next?

Test hybrid encryption: - 🚀 Quick start (5-minute test) - 📥 Download hybrid encryption guide (PDF, 20 pages) - 📧 Request architecture review (discuss your use case)

Related topics: - Composite keys deep dive - Complete technical details - NIST SP 800-227 compliance - Federal hybrid requirements - ML-KEM explained - Understand the PQC component

Have questions? Email [email protected]

Last updated: 2026-01-07 | Based on NIST SP 800-227 guidance