ABSTRACTReplayable chosen‐ciphertext attack (RCCA) security is a weaker notion than chosen‐ciphertext attack (CCA) security and has been proven to be sufficient for several cryptographic tasks. However, it is open to construct RCCA‐secure schemes more efficient than CCA‐secure ones. This paper adapts RCCA security to the most popular hybrid paradigms, KEM+DEM and Tag‐KEM/DEM. For KEM+DEM paradigm, we show RCCA security is consistent with the CCA case, just as desired. But for Tag‐KEM/DEM paradigm, we find some different status. Natural RCCA‐secure Tag‐KEM schemes can be easily constructed, which are more efficient than all existing CCA‐secure ones. But unfortunately, passive security of DEM is not sufficient to obtain RCCA hybrid encryptions. In spite of this and for completeness, we show RCCA‐secure DEMs are still sufficient. On the other hand, for passive secure DEMs, we prove that a stronger notion of RCCA security for Tag‐KEM, named as tRCCA security, suffices for RCCA‐secure hybrid encryptions. This somewhat suggests that a benign RCCA security for tag‐based schemes should be tRCCA security. Finally, to show RCCA‐secure KEM is sufficient for achieving CCA‐secure hybrid encryptions, we introduce a new hybrid paradigm, named as KEM/Tag‐DEM, where the ciphertext of KEM is used as a tag for Tag‐DEM scheme rather than reversely in Tag‐KEM/DEM, so that the security of KEM can be weakened to RCCA one. KEM/Tag‐DEM shows the diversity of hybrid encryptions and has additional practical values. We also show Tag‐DEMs can be constructed as efficiently as DEMs. Copyright © 2013 John Wiley & Sons, Ltd.