Efficient Hierarchical Group-Oriented Key Establishment and Decryption

In this paper, we present three related and efficient cryptographic schemes for secure communication for hierarchically composed user groups. In such a group, each user is associated with a hierarchical level, so that the group members are divided into two or more hierarchical security classes. Most existing hierarchical cryptographic schemes provide hierarchical deduction of hierarchically arranged predefined keys. In contrast, the first scheme provides secure establishment of hierarchically ordered session keys. Since it prohibits long-term key deduction for underlying (and overlying) classes, such keys do not need to be updated session-wise. An essential security property is that the users can only obtain hierarchical session keys for their own and underlying levels, while it is prevented that a user can obtain hierarchical session keys of overlying levels.This scheme is extended to a hierarchical public key cryptosystem based on the ElGamal cryptosystem, and furthermore to an ElGamal-based threshold decryption scheme. Due to the threshold security requirement, at least t arbitrary group members are required to carry out decryption. The threshold scheme requires only one round of broadcasting in the decryption phase, and is thuswell-suitable for wireless networks.