Toward Hierarchical Identity-Based Encryption

  • Jeremy Horwitz
  • Ben Lynn
Conference paper

DOI: 10.1007/3-540-46035-7_31

Part of the Lecture Notes in Computer Science book series (LNCS, volume 2332)
Cite this paper as:
Horwitz J., Lynn B. (2002) Toward Hierarchical Identity-Based Encryption. In: Knudsen L.R. (eds) Advances in Cryptology — EUROCRYPT 2002. EUROCRYPT 2002. Lecture Notes in Computer Science, vol 2332. Springer, Berlin, Heidelberg


We introduce the concept of hierarchical identity-based encryption (HIBE) schemes, give precise definitions of their security and mention some applications. A two-level HIBE (2-HIBE) scheme consists of a root private key generator (PKG), domain PKGs and users, all of which are associated with primitive IDs (PIDs) that are arbitrary strings. A user’s public key consists of their PID and their domain’s PID (in whole called an address). In a regular IBE (which corresponds to a 1-HIBE) scheme, there is only one PKG that distributes private keys to each user (whose public keys are their PID). In a 2-HIBE, users retrieve their private key from their domain PKG. Domain PKGs can compute the private key of any user in their domain, provided they have previously requested their domain secret key from the root PKG (who possesses a master secret). We can go beyond two levels by adding subdomains, subsubdomains, and so on. We present a two-level system with total collusion resistance at the upper (domain) level and partial collusion resistance at the lower (user) level, which has chosen-ciphertext security in the random-oracle model.

Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • Jeremy Horwitz
    • 1
  • Ben Lynn
    • 1
  1. 1.Stanford UniversityStanfordUSA

Personalised recommendations