HYBRID HIERARCHICAL ENCRYPTION SYSTEM

A hybrid hierarchical encryption system with separate cryptographic schemes for nodes with varying resources addresses the challenge of key revocation in IoT networks by isolating and adapting security, enabling efficient key management and revocation.

FR3142314B1Active Publication Date: 2026-06-05COMMISSARIAT A LENERGIE ATOMIQUE ET AUX ENERGIES ALTERNATIVES

Patent Information

Authority / Receiving Office
FR · FR
Patent Type
Patents
Current Assignee / Owner
COMMISSARIAT A LENERGIE ATOMIQUE ET AUX ENERGIES ALTERNATIVES
Filing Date
2022-11-22
Publication Date
2026-06-05

AI Technical Summary

Technical Problem

Existing HIBE schemes require regenerating all network keys upon revocation, which is impractical for IoT networks due to limited computing resources and high computational demands, especially for post-quantum schemes like RHIBE WZH+, and existing solutions are not suitable for hierarchical architectures.

Method used

A hybrid hierarchical encryption system with two distinct cryptographic schemes deployed on subsets of nodes with varying computing resources, using a cryptographic connection primitive to isolate and hierarchically depend security, allowing key revocation without affecting other nodes, and utilizing post-quantum schemes where necessary.

Benefits of technology

Enables efficient key management and revocation in IoT networks with limited resources by isolating and adapting cryptographic schemes to node capabilities, ensuring security without regenerating all keys upon revocation.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure 00000016_0000
    Figure 00000016_0000
  • Figure 00000017_0000
    Figure 00000017_0000
  • Figure 00000018_0000
    Figure 00000018_0000
Patent Text Reader

Abstract

The present invention relates to a hybrid cryptographic scheme for a network of nodes, in particular an IoT network, composed of a first subset and a second subset of disjoint nodes, the computing resources of the nodes in the first subset being greater than the computing resources of the nodes in the second subset. The scheme comprises a first functional cryptographic scheme deployed on the first subset of nodes and a second functional cryptographic scheme deployed on the second subset of nodes. A cryptographic primitive at the root of the second cryptographic scheme generates a private and public master key pair from a seed. The seed is obtained by a cryptographic connection primitive from at least the private key of an extremal node in the first subset. The cryptographic connection primitive is a one-way function. Fig. 5
Need to check novelty before this filing date? Find Prior Art

Description

Title of the invention: HYBRID HIERARCHICAL ENCRYPTION SYSTEM technical field

[0001] The present invention relates to the field of asymmetric cryptography (or public-key encryption) and, more generally, to identity-based encryption (IBE) and even functional encryption (FE). It finds particular application in the field of the Internet of Things (IoT). PRIOR TECHNOLOGY

[0002] Public-key cryptography, or equivalently, asymmetric cryptography, is well known in the prior art. In an asymmetric cryptography system, each node has a key pair consisting of a public key and a private key. A sending node wishing to transmit a message to the receiver confidentially encrypts this message with the receiver's public key. The receiver can then decrypt the encrypted message with its corresponding private key.

[0003] The key pairs of the different nodes in a network are managed by a Public Key Infrastructure (PKI), comprising software and hardware components that ensure key logistics within the network. Such an infrastructure performs various tasks, including generating public-private key pairs for the different nodes and generating and authenticating public key certificates. A certificate links a public key to the identity of its holder; the certificate is generated by a certification authority, a trusted third party, or even by the holder themselves (self-certification). The PKI infrastructure also handles the distribution, publication, verification, and revocation of public key certificates. Thus, the different nodes can access all certificates and know their respective statuses.The PKI infrastructure ensures the protection, escrow, and recovery of private keys. Private key escrow allows for the recovery of a lost private key, for example. Finally, the PKI infrastructure performs certificate archiving and key action logging. This makes it possible to trace the history of operations on these keys (generation, revocation, archiving).

[0004] The management, revocation and archiving of public key certificates (according to the X.509 standard) make PKI infrastructures relatively complex, especially in the case of IoT networks where many nodes are frequently added, removed or updated.

[0005] Identity-based Encryption (IBE) or even attribute-based Encryption (ABE) architectures eliminate the need for such certificates. For example, in an IBE system involving a sending node and a receiving node, the sending node directly uses an identifier specific to the receiving node to encrypt and / or sign the message it wishes to transmit, with the receiving node decrypting it using its corresponding private key. Similarly, in an ABE system, the sending node uses attributes of the receiving node to encrypt and / or sign such a message. Thus, whether in an IBE or ABE system, it is not necessary to know the recipient's public key; knowledge of its identifier (IBE) or its attributes (ABE) is sufficient.

[0006] More specifically, in the case of an IBE system, an authority called the PKG (Public Key Generator) or KGC (Key Generator Center) is responsible for generating a key pair consisting of a public master key (Mpk) and a corresponding private master key (Mskp). While the public key PP is common to the entire network, the private key Msk is used by the PKG generator to generate the private keys of the different users from their respective identifiers. A receiving node receiving an encrypted message (based on its identifier) ​​can decrypt it using its private key obtained from the PKG generator.

[0007] The IBE architecture is particularly interesting for Internet of Things (IoT) networks because of its ease of deployment. In practice, especially for large networks, a hierarchical IBE architecture called HIBE (Hierarchical Identity Based Encryption) is used, the principle of which is illustrated in [Fig. 1].

[0008] In such an architecture, a network node acts as the root, serving as a PKG generator (or even receiving the master key pair from such a generator). The identity of a network node is defined by concatenating the identifiers of the nodes traversed by the path in the tree from the root to the node in question.

[0009] The HIBE scheme is entirely defined by four primitives, in other words by four basic algorithms:

[0010] The primitive SetupÇ lz, d} is the depth of the tree and is the security level (expressed in number of bits). This primitive generates the master key pair (MsE Mpk)- This primitive is executed by the root.

[0011] The Derivative or KeyGen primitive is executed by each node of the tree except its extreme nodes (leaves). It allows a node to obtain the private key of each of its child nodes, using its own private key, the master key, Mpk, and the identity of each child node. Thus, node C obtains the private key, skDn, of its The child node Dn is obtained by calculating skDn = Derive(Mpk, IdA || Idc || IdDn, skc) where IdA, Idc, and IdDn are the respective identifiers of nodes A, C, and Dn, with A being the root of the tree. Node C can then transmit its private key offline (for example, via a confidential side channel) to each of its child nodes.

[0012] Thus, the private (or secret) keys of the different nodes of the network can be generated step by step from the root to the extremal nodes.

[0013] Finally, the Encrypt and Decrypt primitives can be executed by any node in the tree. The Encrypt primitive is used by a sending node to encrypt a message k using the identity of the receiving node and the master public key. The receiving node can then decrypt the received message using its private key and the master public key.

[0014] Thus for example, in the figure, the node E2 wishing to transmit the message k to the node DI encrypts it by means of Ji = Encrypt(Mpk, IdA || Idc || IdDi ; p) and the node DI decrypts it by means of Decrypt( Mpk, skD(, p).

[0015] Industrial applications already exist in the field of IoT using solutions based on a HIBE scheme. They make it possible to generate, from a single master key, millions of private keys for as many connected objects while preserving their anonymity if necessary.

[0016] However, the HIBE scheme has a significant drawback when a node's private key needs to be revoked. Since key generation depends solely on the master key pair and the node identifiers, revoking a node's key requires regenerating the keys of all nodes in the network. This necessitates keeping the PKG generator online as well as the auxiliary channels for transmitting secret keys. IBE or HIBE schemes with key revocation capabilities are designated by the acronyms RIBE (Revocable IBE) and RHIBE (Revocable HIBE), respectively. A RIBE scheme can be considered a special case of an RHIBE scheme with a tree depth of d ≤ 1.

[0017] Various RHIBE solutions that do not require regenerating all the keys of the network nodes in case of revocation are known from the prior art.

[0018] A first solution was proposed in the article by R. Sharma et al. entitled "H-IBE: Hybrid-Identity based encryption approach for cloud security with outsourced revocation" published in Proc. of 2016 Int'l Conf. on Signal Processing, Communication, Power, and Embedded System (SCOPES), 3-5 Oct. 2016. This solution is based on the combination of an IBE encryption scheme and an ABE encryption scheme. The method uses an additional entity, separate from the PKG generator, responsible for updating the private keys of the nodes based on a This attribute characterizes membership or exclusion from a list of revoked nodes. However, this schema is not suitable for a hierarchical architecture as described previously.

[0019] More recently, the article by S. Wang et al. entitled “Simplified revocable hierarchy identity-based encryption from lattices,” published in Proc. of the 18th Int'l Conf. On Cryptology and Network Security, CANS 2019, Lecture Notes in Computer Science, vol. 11829, pages 99–119, proposes two RHIBE schemes with two distinct security levels (standard model and random oracle model) based on Euclidean lattices and Regev's LWE (Leaming With Errors) approach. While these RHIBE schemes, known by the acronym RHIBE WZH+, have the advantage of being “post-quantum,” in other words, able to resist attacks using a quantum computer, they are, on the other hand, inapplicable to a IoT network in which the nodes necessarily have limited computing resources. Thus, for example in the RHIBE WZH+ scheme, the size of the ciphertexts is 1 Mbit for 1 bit in plaintext.

[0020] Conversely, we know of "post-quantum" IBE schemes that are much less computationally demanding, such as the DLP scheme proposed in the article by L. Ducas et al. entitled "Efficient identity-based encryption over NTRU lattices" published in Proc. of Int'l Conférence on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2014, Lecture notes on computer science, vol. 8874, pages 22-41. Thus, for example, in the DLP scheme, the size of the ciphertexts is on the order of 31 KB.

[0021] An object of the present invention is therefore to propose a post-quantum RHIBE scheme that can be used in a LoT network. More generally, the object of the present invention is to propose a HIBE scheme, and even more generally a functional encryption (FE) scheme that can be applied to a network in which some of the nodes have very limited computing resources compared to the other nodes of the network. Description of the invention

[0022] The present invention is defined by a hierarchical cryptographic system comprising a network of nodes divided into at least a first subset and a second subset of disjoint nodes, the computing resources of the nodes in the first subset being greater than the computing resources of the nodes in the second subset, said hierarchical cryptographic system being original in that a first functional cryptographic scheme (SCn) is deployed on the first subset of nodes and a second functional cryptographic scheme (SCs) is deployed on the second subset of nodes, the second cryptographic scheme A functional comprising a first cryptographic primitive (Setup) designed to generate a private and public master key pair, Msks, Mpk^, which then generates, step by step, using a second cryptographic primitive (Derivative), a private key for each node of the second subset. This first cryptographic primitive generates the private and public master key pair from a seed ( ), the seed being obtained by a primitive cryptographic (Derivative), said connection from at least the private key of an extremal node of the first subset, said cryptographic connection primitive being a one-way function.

[0023] Preferably, the security level of the cryptographic connection primitive is greater than or equal to the security level of the first cryptographic primitive.

[0024] Advantageously, the cryptographic connection primitive includes as an argument the output of a counter, incremented at each update of the private and public master keys, Msk„ Mpkx.

[0025] The one-way function is typically a hash function.

[0026] The first cryptographic primitive can use said seed to generate a pseudo-random number.

[0027] According to one embodiment, the first cryptographic scheme and / or the second cryptographic scheme is a hierarchical encryption scheme based on the identity of nodes (HIBE), the identity of a given node being defined as the concatenation of the identifiers of the nodes traversed by the path from the root of the tree of said scheme, to the given node.

[0028] According to a second embodiment, the first cryptographic scheme and / or the second cryptographic scheme is a hierarchical encryption scheme based on node attributes (HABE), the attribute of a given node being defined as the concatenation of attributes of different ranks of the nodes traversed by the path from the root of the tree of said scheme, to the given node.

[0029] In the first embodiment, the first cryptographic scheme may be a hierarchical identity-based encryption scheme with key revocation (RHIBE) and the second scheme may be a simple identity-based encryption scheme (IBE).

[0030] In all cases, the first cryptographic scheme may be a post-quantum type encryption scheme while the second cryptographic scheme is not.

[0031] Alternatively, the first and second cryptographic schemes may be first and second post-quantum encryption schemes, the first post-quantum encryption scheme being the RHIBE WZH+ scheme and the second scheme being post-quantum encryption being the DLP scheme.

[0032] In an application context, the network of nodes can be an IoT network, the first subset comprising remote servers and the second subset comprising connected objects. Brief description of the drawings

[0033] Other features and advantages of the invention will become apparent upon reading a preferred embodiment of the invention, made with reference to the accompanying figures, among which:

[0034] [Fig.1] represents a hierarchical identity-based asymmetric encryption scheme or HIBE (Hierarchical Identity Based Encryption) known from the prior art;

[0035] [Fig.2] schematically represents a use case in which it may be deployed a hybrid hierarchical encryption system according to the invention;

[0036] [Fig.3] represents a key generation mechanism in a system of hybrid hierarchical encryption according to a first embodiment of the invention;

[0037] [Fig.4] represents an application to a IoT network of hierarchical encryption hybrid of the [Fig.3];

[0038] [Fig.5] represents a key generation mechanism in a system of hybrid hierarchical encryption according to a second embodiment of the invention;

[0039] [Fig.6] represents a key generation mechanism in a system of hybrid hierarchical encryption according to a general embodiment of the invention.

[0040] DETAILED DESCRIPTION OF SPECIFIC EMBODIMENTS

[0041] We will consider in the following a network comprising a first subset of nodes and a second subset of nodes, disjoint from the first subset, the nodes of the second subset having computational resources constrained with respect to the nodes of the first subset. We will place ourselves, without loss of generality, in a use case of the present invention, namely a IoT network, as illustrated in [Fig. 2].

[0042] Connected objects, 240, for example sensors, can establish wireless links with gateways, 230, connected to the incoming network. Remote servers (cloud servers) or network edge servers, 220, can store and perform calculations on the data transmitted to them from the sensors. Finally, a PKG generator, 210, which can take the form, for example, of a Hardware Security Module (HSM) within a remote server (not shown), acts as the root authority in a key management infrastructure.

[0043] In the IoT network, 200, connected objects (for example, wireless sensors) form a second subset of nodes with constrained resources with respect to the nodes of the first subset of nodes (remote servers or at the network edge).

[0044] As indicated in the introductory part, deploying a post-quantum RHIBE infrastructure, such as that based on the RHIBE WZH+ scheme, is not feasible due to the low computing resources of connected objects.

[0045] A first idea underlying the present invention is to provide a key management infrastructure based on a hybrid cryptographic scheme, comprising a first (R)HIBE scheme deployed on the first subset of nodes and a second (R)HIBE scheme deployed on the second subset of nodes of the network, the two schemes being linked by a cryptographic connection primitive as described later.

[0046] The first (resp. second) cryptographic scheme is adapted to the computing resources of the nodes of the first (resp. second) subset and ensures the required level of security within it.

[0047] The connection primitive between the two cryptographic schemes allows both the two subsets of nodes to be isolated from each other, in terms of security, and to be made hierarchically dependent on the first subset. By isolation, we mean that a breach of the security of one subset does not compromise the security of the other. By hierarchical dependence, we understand that the keys of the nodes of the second subset can be revoked or updated without modifying the keys of the first subset, but the reverse is not true. Furthermore, the computation of the keys of the second subset depends on at least some of the keys of the first subset.

[0048] Figure 3 represents a hybrid hierarchical encryption scheme according to a first embodiment of the invention.

[0049] The first subset of nodes, represented in 310, presents a first tree-like cryptographic architecture (R)HIBE. It includes in particular a first PKG generator (which may contain an HSM module) at its root, called the master generator, Rm, and leads to extremal nodes (leaves), denoted here A, B, C. The second subset of nodes, represented in 320, presents a second tree-like architecture (R)HIBE, in the illustrated case an IBE architecture, comprising, at its root Rs, a second PKG generator (which may contain an HSM module), called the slave generator, and extremal nodes, denoted here Ao, Ab...,AN.

[0050] The (R)HIBE, SCm scheme of the first cryptographic architecture is defined by the following primitives:

[0051] [Math.l] , dQ -> (1-1)

[0052] [Math.2] ,..v3—M&. (1-2)

[0053] [Math.3] / / ) ■-* / / (1-3)

[0054] [Math.4] JV^W, 3¾. ; ) -> p (1-4)

[0055] where Am and dm are respectively the security level of the SC scheme and the depth of its tree; Mskin, Mpkm are the private and public master keys of this scheme; Id^f,^) the list of identifiers of the nodes on the path of the tree from the root to the node v; skv and skparenl(^ respectively the private key of the node v and its parent node in the tree; Id^j^ is the list of identifiers of the nodes on the path of the tree from the root to the ^recipient node of the message;

[0056] The (R)HIBE, SCt scheme of the second cryptographic architecture is, for its part, defined by the following primitives:

[0057] [Math.5] 1 s (2-1)

[0058] [Math.6] v. (2-2)

[0059] [Math.7] : .7 / ) —> / / (2-3)

[0060] [Math. 8] | / / 1 —> / / (2-4)

[0061] where and ds are respectively the security level of the 5C scheme and the depth of its tree; Msk, Mpks are the private and public master keys of this scheme and seeds is a seed used by the cryptographic primitive Setup to generate this pair of master keys.

[0062] The seeds element is provided by the connection primitive that links the SC scheme to the SCm scheme, this primitive being defined by:

[0063] [Math.9] (3)

[0064] where skieaf is the private key of an extremal node of the SCm schema tree and paf am csl is an optional parameter. In the example illustrated in [Fig.3], the extremal node in question is node A.

[0065] The Connect primitive is a one-way function, for example a cryptographic hash function such as SHA3, so as to isolate the security of the first subset from that of the second subset. The optional parameter param can be the output of a counter incremented with each new update (in other words, a version number), so as to prevent replay attacks. If necessary, the Mpkm public key can also be one of the arguments of the Connect primitive.

[0066] The security level of the Connect primitive is advantageously chosen to be greater than or equal to the security level, Xs, of the Setup cryptographic primitive of the SCs scheme,

[0067] The Setup primitive of the SCV scheme may use the Seeds seed to generate a pseudo-random number, for example by means of a PRNG generator, so as to form all or part of the private master key, Mskx.

[0068] In the particular case of a loT network, the first SCm scheme may be a post-quantum RHIBE scheme such as, for example, RHIBE WZH+, and the second scheme may be an IBE scheme such as DLP, presented in the introductory part.

[0069] Figure 4 illustrates this particular case, the first subset comprising the root node hosting an HSM module, the computing servers (remote or network edge servers and gateways (access points or base stations for example), and the second subset consisting of connected objects.

[0070] The hybrid hierarchical encryption scheme presented above is based on the identity of the nodes (expressed as a concatenation of identifiers), IBE. Similarly, a hybrid hierarchical encryption based on the attributes of these nodes, (R)HABE, can be provided, the attribute of a node being defined by the path in the tree described between the root and the node in question. More precisely, the attribute of an extremal node v could take the form Attpafh(v) = AttA || _ || Attv where AttA, ..., Attv are attribute values ​​of rank 1, / i, A being the root and h being the depth of the tree. By way of illustration, a first-rank attribute could be a company, a second-rank attribute could be a department of that company, a third-rank attribute could be a service within that department, and so on.

[0071] The (R)HABE, SCm scheme of the first cryptographic architecture is defined by the following primitives:

[0072] [Math. 10] (4-1)

[0073] [Math. 11] ..xi. —-I —> (4“2)

[0074] [Math. 12] / / ) —>77 (4-3)

[0075] [Math. 13] X; / / ) —> / / (4-4)

[0076] with the same notation conventions as before. Similarly, the (R)HABE, SCs scheme of the second cryptographic architecture is defined by the following primitives:

[0077] [Math. 14] (FfX -> ,XX (5-1)

[0078] [Math. 15] ... X ,,-..3->■$£.. (5-2)

[0079] [Math. 16] Ærimpï | XX, JV n: Z / I ~> A (5 "3 )

[0080] [Math. 17] ZtemX ( WX .*

[0081] with the same notation conventions as before. The seed is obtained by means of a connection primitive allowing the SCs scheme to be linked to the SCm scheme, this primitive being defined by:

[0082] [Math. 18] (6)

[0083] where X^y is the private key of an extremal node of the SCm schema tree and param csj is an optional parameter. The various implementation variants shown for the (R)HABE scheme also apply here. In particular, the connection primitive can be based on a one-way function and para™

[0084] could be the output of a counter to prevent replay attacks.

[0085] In other embodiments, the first SCm scheme may be of the (R)HIBE type and the second SCs scheme may be of the (R)HABE type, or vice versa. In all cases, the chosen schemes will be adapted to the respective computational resources of the first and second subsets.

[0086] More generally, the hybrid hierarchical encryption scheme according to the present invention can be function-based, with each node having a secret (or private) key that allows it to evaluate a function associated with that key. Such a scheme, known as functional encryption (FE), can be considered a generalization of identity-based and attribute-based encryption. It can take the form of a hybrid hierarchical version (with possible revocation of keys associated with these functions) as defined in the present invention, hence the acronym (R)HFE, as shown in [Fig. 5].

[0087] The (R)HFE,SC scheme of the first cryptographic architecture is defined by the following primitives:

[0088] [Math. 19] Ster 1% | (7 -1 )

[0089] [Math.20] ) -> (7-2)

[0090] [Math.21] (. — ». / / (7-3)

[0091] [Math.22] 5^; / z) —> ^-( / z) ( 7-4)

[0092] where Fv is the function associated with node v, in other words, the function that this node can evaluate using its private key, skv. Similarly, the (R)HFE, SCX, scheme of the second cryptographic architecture is defined by the following primitives:

[0093] [Math.23] F'.d . 1 —> JM . (8-1) ax -.1- - > i ■ * i

[0094] [Math.24] ÆswUtt 'if' _-=3 -* if. (8-2)

[0095] [Math.25] . ; / / ) -> / / (8-3 )

[0096] [Math.26] j Af<, M-; / 7 ) —> -^0-0 (8-4)

[0097] The germ is obtained by means of a connecting primitive allowing link the SCs scheme to the SCm scheme, this primitive being defined by:

[0098] [Math.27] Cornue? ( .stw, para» ) -> (9)

[0099] where sk}eaf is the private key, corresponding to the function F{eaf of an extremal node of the SCm schema tree, and Paî am is an optional parameter. The various embodiments described above also apply and will not be repeated here.

[0100] Finally, the hybrid hierarchical cipher shown in Fig. 3 or Fig. 5 comprises only one master scheme SCm for a first subset of nodes and one slave scheme SCs for a second subset of nodes. In general, this hierarchical dependency can be iterated in depth and breadth to construct a more complex tree-like scheme. Thus, [Fig. 6] shows such an example of a hybrid tree-like cipher. [0l0l] The network is then divided into a plurality of disjoint subsets of nodes, with a master cryptographic scheme SC m deployed on the first subset and cryptographic schemes, denoted here SC!?q, deployed on lower-rank subsets. The cryptographic schemes have a complexity adapted to the computational resources of the subsets of nodes on which they are deployed.

[0102] The cryptographic schemes SCm and SC^'q can be of type (R)(H)FE, as described above. Each lower-rank cryptographic scheme SC!^es^ linked to a higher-rank cryptographic scheme, each cryptographic scheme of The higher rank is linked to the SCm cryptographic scheme, with the links between the different schemes being ensured by Connect primitives as described above.

Claims

Demands

1. A hierarchical cryptographic system comprising a network of nodes divided into at least a first subset and a second subset of disjoint nodes, the computational resources of the nodes in the first subset being greater than the computational resources of the nodes in the second subset, characterized in that a first functional cryptographic scheme (SCm) is deployed on the first subset of nodes and a second functional cryptographic scheme (SC5.) is deployed on the second subset of nodes, the second functional cryptographic scheme comprising a first cryptographic primitive (Setup) intended to generate a pair of private and public master keys, Msks, Mpk^ allowing to then generate, step by step, using a second cryptographic primitive (Derivative) a private key for each of the nodes of the second subset, said first cryptographic primitive generating the pair of private and public master keys from a seed ( X said seed being obtained by a cryptographic primitive (Derivative), said connection primitive from at least the private key of an extremal node of the first subset, said connection cryptographic primitive being a one-way function.

2. Hierarchical cryptographic system according to claim 1, characterized in that the security level of the connection cryptographic primitive is greater than or equal to the security level of the first cryptographic primitive.

3. Hierarchical cryptographic system according to claim 1 or 2, characterized in that the cryptographic connection primitive includes as an argument the output of a counter, incremented at each update of the private and public master keys, Msk^, Mpks.

4. Hierarchical cryptographic system according to claim 3, characterized in that the one-way function is a hash function.

5. Hierarchical cryptographic system according to any one of the preceding claims, characterized in that the first cryptographic primitive uses said seed to generate a pseudo-random number.

6. A hierarchical cryptographic system according to any one of claims 1 to 5, characterized in that the first cryptographic scheme and / or the second cryptographic scheme is a hierarchical encryption scheme based on the identity of nodes (HIBE), the identity of a given node being defined as the concatenation of the identifiers of the nodes crossed by the path going from the root of the tree of said schema, to the given node.

7. Hierarchical cryptographic system according to any one of claims 1 to 5, characterized in that the first cryptographic scheme and / or the second cryptographic scheme is a hierarchical encryption scheme based on node attributes (HABE), the attribute of a given node being defined as the concatenation of attributes of different ranks of the nodes traversed by the path from the root of the tree of said scheme, to the given node.

8. Hierarchical cryptographic system according to any one of claims 1 to 5, characterized in that the first cryptographic scheme is a hierarchical identity-based encryption scheme with key revocation (RHIBE) and the second scheme is a simple identity-based encryption scheme (IBE).

9. Hierarchical cryptographic system according to claim 1, characterized in that the first cryptographic scheme is a post-quantum type encryption scheme while the second cryptographic scheme is not.

10. Hierarchical cryptographic system according to claim 8, characterized in that the first and second cryptographic schemes are first and second post-quantum type encryption schemes, the first post-quantum encryption scheme being the RHIBE WZH+ scheme and the second post-quantum encryption scheme being the DLP scheme.

11. Hierarchical cryptographic system according to any one of the preceding claims, characterized in that the network of nodes is an IoT network, the first subset comprising remote servers and the second subset comprising connected objects.