Hierarchical secure key assignment scheme

This work presents a novel hierarchical key assignment mechanism for access control, designed to be computationally lightweight and optimized for digital environments with structured access policies. By leveraging orthogonal projection and distributing a basis to each group, it enables flexible and efficient left-to-right and top-down access structures. The scheme ensures that parent groups can derive the secret keys of their child groups while preventing unauthorized reverse access. It is resilient against collusion attacks and privilege escalation, offering robust key recovery and indistinguishability properties. Moreover, it guarantees strong key indistinguishability under adversarial models and facilitates a secure rekeying process without reliance on a trusted third party. To demonstrate practical efficiency, we provide a full analytical complexity evaluation showing that key derivation requires at most 𝒪(ni2) operations, where ni is the dimension of the assigned subspace. For typical deployment parameters used in the experiments, the total key material per user remains compact (≈3,072 bits), significantly smaller than well-known post-quantum schemes such as Dilithium-5 (38,912 bits). The storage requirement scales linearly with the number of groups (ck + 1 bases for c groups with at most k members), ensuring that even large hierarchies remain lightweight. Our evaluation further shows that selective rekeying affects only the descendants of the modified group, resulting in communication overhead of 𝒪(m′λ) bits, where m′ is the number of affected users and λ is the key length. These results collectively highlight the scheme’s scalability, low storage footprint, and suitability for large access hierarchies.