Paper 2018/1233

Key Assignment Scheme with Authenticated Encryption

Suyash Kandele and Souradyuti Paul


The Key Assignment Scheme (KAS) is a well-studied cryptographic primitive used for hierarchical access control (HAC) in a multilevel organisation where the classes of people with higher privileges can access files of those with lower ones. Our first contribution is the formalization of a new cryptographic primitive, namely, KAS-AE that supports the aforementioned HAC solution with an additional authenticated encryption property. Next, we present three efficient KAS-AE schemes that solve the HAC and the associated authenticated encryption problem more efficiently -- both with respect to time and memory -- than the existing solutions that achieve it by executing KAS and AE separately. Our first KAS-AE construction is built by using the cryptographic primitive MLE (EUROCRYPT 2013) as a black box; the other two constructions (which are the most efficient ones) have been derived by cleverly tweaking the hash function FP (Indocrypt 2012) and the authenticated encryption scheme APE (FSE 2014). This high efficiency of our constructions is critically achieved by using two techniques: design of a mechanism for reverse decryption used for reduction of time complexity, and a novel key management scheme for optimizing storage requirements when organizational hierarchy forms an arbitrary access graph (instead of a linear graph). We observe that constructing a highly efficient KAS-AE scheme using primitives other than MLE, FP and APE is a non-trivial task. We leave it as an open problem. Finally, we provide a detailed comparison of all the KAS-AE schemes.

Available format(s)
Publication info
Published by the IACR in FSE 2019
Key assignment schemes (KAS)Message-locked encryption (MLE)Authenticated encryption (AE)Hierarchical access control
Contact author(s)
sk 11 1992 @ gmail com
2018-12-31: received
Short URL
Creative Commons Attribution


      author = {Suyash Kandele and Souradyuti Paul},
      title = {Key Assignment Scheme with Authenticated Encryption},
      howpublished = {Cryptology ePrint Archive, Paper 2018/1233},
      year = {2018},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.