Dynamic access-control policies on XML encrypted data
ACM Transactions on Privacy and Security
L. Bouganim et al. decrypted using different keys. However, compatible keys rely on a costly asymmetric encryption, roughly three orders of magnitude slower than symmetric encryption. Super Encryption Miklau and Suciu  and Abadi and Warinschi  propose another encryption scheme based on super encryption (i.e., recursive encryption of the same data with different keys). Inner keys are used to encrypt subparts of the document and are themselves embedded in the document. Inner keys are
... ncrypted with user's keys or provisional information (e.g., birthdate, social security number) and can be combined together (e.g., XORed) to form a new key corresponding to a potentially complex logical expression. In this way, logical conditions to access the data can be directly compiled into the encryption process. When receiving a document, a user decrypts the subparts he/she is primarily granted access to and can keep decrypting the following subparts recursively as long as he/she obtains the proper decryption keys. This solution provides an elegant way to implement complex conditions and provisional access and relies on a simple key distribution. However, it suffers from important limitations in our context. First, the cost incurred by superencryption and by the cryptographic initialization of inner keys makes this solution inappropriate for devices with low processing capacities. Second, as no compression is considered, the space overhead incurred by the XML encryption format and inner keys can be significant.