Code360 powered by Coding Ninjas X Code360 powered by Coding Ninjas X
Table of contents
The Logical key Hierarchy
Frequently Asked Questions
What is the meaning of rekeying?
What is the logical key hierarchy?
Why rotate cryptographic keys?
Can you rekey without a key?
What is the purpose of rekeying?
Last Updated: Mar 27, 2024

Re-keying and the Logical Key Hierarchy

Author Muskan Sharma
0 upvote
Master Python: Predicting weather forecasts
Ashwin Goyal
Product Manager @


Hey Readers!!

Welcome back to another article on topics related to Cryptography.

What is Cryptography?

Cryptography is the technique for securing communication between the sender and the receiver.

In this article, you'll learn about Re-keying and the Logical Key Hierarchy in Cryptography.

Let’s begin!!

Re-keying and the Logical Key Hierarchy


Let's understand by taking an example.

We consider the scenario of a persistently dynamic collection of network users, let's call them U, and an online TA(in a session key distribution method, is taken to have a shared secret key with every network user). The TA could wish to broadcast messages to all group members, but people may join or leave the group over time. Each user has a copy of the group key, which is used to encrypt communications to the group. Additional long-lived keys, also known as LL-keys, are available to users and are used to update the system when the group changes over time. The TA distributes LL-keys and an initial group key to network users during the key predistribution phase, which initializes the system.

It is known as a user join operation when a new user joins the group and is given a copy of the current group key along with the required long-lived keys. A user revocation procedure is required to remove a user from the group when the user U departs it. For the remaining users, all of the users are in U \{U}. 

The user revocation action will create a new group key.

This is an example of re-keying. In addition, updating LL-keys can be necessary as part of the user revocation action.

The following are the criteria used to examine the multicast Re-keying scheme:

1. Communication and storage complexity

This covers the size of secret LL-keys that users must retain and the size of broadcasts necessary for key updates.

2. Security

In this case, the main concern is security against revoked users, and the groups are made up of the revoked users. Also, remember that a user whose access has been revoked has access to more data than someone who has never been a member of the group. So if we successfully achieve security against revoked users, security against outsiders will follow naturally.

3. Flexibility of user revocation

An important factor to consider is the flexibility and effectiveness of user revocation actions. For instance, it might be necessary to revoke users one at a time. Multiple user revocation, however, might be conceivable in some designs. Users wouldn't need to change their keys as regularly. Therefore it would be more convenient.

4. Flexibility of user join 

Any number of new users might easily be added to some systems. In certain other systems, adding new users may necessitate a complete system re-initialization. When it is anticipated that new users would want to join the group, it is desired to have a flexible and effective user join procedure.

5. Efficiency of updating LL-keys 

There are several options available here as well. It's possible that nothing has to be updated (the LL-keys are static). However, an effective update procedure may be needed to update LL-keys (e.g., via a broadcast). The worst-case scenario would be that following a user revocation. The entire system would need to be reinitialized. 

Get the tech career you deserve, faster!
Connect with our expert counsellors to understand how to hack your way to success
User rating 4.7/5
1:1 doubt support
95% placement record
Akash Pal
Senior Software Engineer
326% Hike After Job Bootcamp
Himanshu Gusain
Programmer Analyst
32 LPA After Job Bootcamp
After Job

The Logical key Hierarchy

 The Logical Key Hierarchy, which is a tree-based rekeying scheme.

According to this method, a group controller (GC) keeps track of a Key tree, where each leaf node represents a user. U-nodes and K-nodes are found in key trees. Unlike K-nodes, which have either a subgroup or group key, each U-node has a user-specific key. The root of the key tree, which is shared by all users, is used to encrypt and decrypt group communication. Each user has their unique key, group key, and all intermediate keys along the key route or external path leading from the present node to the root.

Binary Tree

 A binary tree with 16 leaf nodes

We will employ a binary tree with Merkle tree-like labeling for the nodes. The only distinction is that we don't demand that the tree be finished. Assume that n users satisfy the condition  2d-1 < n ≤ 2d

  • We will first create a binary tree, let's call it T, with exactly n leaf nodes and a depth of d. The tree's stages will all be filled except the last one (maybe). The n users are represented by the n-leaf nodes of T.
  • Let U also stand for the (leaf) node that corresponds to each user U. Every node in T has a corresponding key, and Every leaf node and every internal node have different keys. 
  • Let k(X) be the key for each node X. If R is the root node of T, then k(R) is the group key. The d + 1 keys for each user U are assigned to the T nodes on the particular path from U to R in T. Each user, therefore, has O(log n) keys.
  • The Logical Key Hierarchy uses a tree with a depth of d levels. Because d is O(log n), each user must store O(log n) keys, and the broadcast is O (log n). These amounts are greater than the equivalent values for the already discussed methods. 
  • There is no limit to the number of users that can be revoked over time, though, because the LL-keys are updated each time a user is revoked. That is, the system's security is unaffected by the revocation of any number of users.

Frequently Asked Questions

What is the meaning of rekeying?

A method for securing data encrypted with the same key by changing the session key, or encryption key, of ongoing communication between users.

What is the logical key hierarchy?

Multiple keys are arranged hierarchically to offer scalable secrecy for group communication.

Why rotate cryptographic keys?

A recommended security procedure for symmetric encryption is periodic and automatic key rotation.

Can you rekey without a key?

Yes, you can rekey a lock without using the original key.

What is the purpose of rekeying?

Rekeying is mostly done to regain key control.


You understand the Re-keying and the Logical Key Hierarchy, and for more understanding, we've seen both examples.

Below are the mentioned kike that will help you gain more knowledge in Cryptography.

What is CryptographyCryptographic SystemAnalysis in Cryptography Cryptanalysis

Refer to our guided paths on Coding Ninjas Studio to upskill yourself in Data Structures and AlgorithmsCompetitive ProgrammingJavaScriptSystem Design, and many more! If you want to test your competency in coding, check out the mock test series and participate in the contests hosted on Coding Ninjas Studio! But suppose you have just started your learning process and are looking for questions from tech giants like Amazon, Microsoft, Uber, etc. For placement preparations, you must look at the problemsinterview experiences, and interview bundles.

Nevertheless, consider our paid courses to give your career an edge over others!

Thank You

Do upvote our blogs if you find them helpful and engaging!

Happy Learning!

Previous article
The Bellare Rogaway Scheme
Next article
What are Threshold Schemes
Live masterclass