Security Encyclopedia

Identity Based Encryption

Identity-based encryption (IBE), also expressed as ID-based encryption, is a form of public-key encryption (PKE) that utilizes some form of identifier as the basis for the encryption mechanism.

Parties to an IBE conversation can encrypt messages (or verify signatures) absent any prior key distribution between them, helpful for when key distribution is generally infeasible, technically infeasible, or otherwise.

Using an identity ID (i.e. an email) computes a public key using the master public key from a Private Key Generator and the identity ID. It can use this computed public key to send encrypted messages to the person/entity associated with the identity ID.

An advantage of an ID-based encryption scheme is that if there are only a finite number of users, after all users have been issued with keys the third party’s secret can be destroyed (as one of the system’s assumptions is that keys remain valid once issued). Systems with key revocation mechanisms lack this finite quality.

ID-based encryption was first proposed by Adi Shamir in 1984. Boneh–Franklin (BF-IBE), Sakai–Kasahara (SK-IBE), and Boneh–Boyen (BB-IBE) are all examples of ID-based encryption.


“Federal agencies often use Identity Based Encryption for secure communications and e-mails. IBE is meant to reduce the complexity that is often associated with using Public-Key Cryptography.”