Cryptanalyses of two key assignment schemes based on polynomial interpolations

Wu and Chang [2001. Cryptographic key assignment scheme for hierarchical access control. International Journal of Computer Systems Science and Engineering 16(1), 25-28] and Shen and Chen [2002. A novel key management scheme based on discrete logarithms and polynomial interpolations. Computers & Security 21(2), 164-171] separately proposed a cryptographic key assignment scheme based on polynomial interpolations to solve the access control problem in a partially ordered user hierarchy. Recently, Hsu and Wu [2003. Cryptanalyses and improvements of two cryptographic key assignment schemes for dynamic access control in a user hierarchy. Computers & Security 22(5), 453-356] cryptanalyzed both schemes by finding the roots of polynomials. Then they proposed some modifications to fix the security flaw. In this paper, we show that both Wu-Chang and Shen-Chen schemes are still insecure even with these modifications. From the public information, the attacker could derive the secret keys of some security classes. Furthermore, the attack could be mounted even without using any polynomial root finding algorithm.