Toward Hierarchical Identity-Based Encryption

  • Jeremy Horwitz
  • Ben Lynn
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2332)


We introduce the concept of hierarchical identity-based encryption (HIBE) schemes, give precise definitions of their security and mention some applications. A two-level HIBE (2-HIBE) scheme consists of a root private key generator (PKG), domain PKGs and users, all of which are associated with primitive IDs (PIDs) that are arbitrary strings. A user’s public key consists of their PID and their domain’s PID (in whole called an address). In a regular IBE (which corresponds to a 1-HIBE) scheme, there is only one PKG that distributes private keys to each user (whose public keys are their PID). In a 2-HIBE, users retrieve their private key from their domain PKG. Domain PKGs can compute the private key of any user in their domain, provided they have previously requested their domain secret key from the root PKG (who possesses a master secret). We can go beyond two levels by adding subdomains, subsubdomains, and so on. We present a two-level system with total collusion resistance at the upper (domain) level and partial collusion resistance at the lower (user) level, which has chosen-ciphertext security in the random-oracle model.


Random Oracle Weil Pairing Master Secret Challenge Address Hash Query 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    D. Boneh and M. Franklin, “Identity Based Encryption from the Weil Pairing”, Advances in Cryptology: CRYPTO 2001 (LNCS 2139), pp. 213–229, 2001.CrossRefGoogle Scholar
  2. 2.
    D. Boneh and M. Franklin, “Identity Based Encryption from the Weil Pairing”, Cryptology ePrint Archive, Report 2001/090, 2001.
  3. 3.
    D. Boneh, B. Lynn, and H. Shacham, “Short Signatures from the Weil Pairing”, Advances in Cryptology: ASIACRYPT 2001 (LNCS 2248), pp. 514–532, 2001.CrossRefGoogle Scholar
  4. 4.
    C. Cocks, “An Identity Based Encryption Based on Quadratic Residues”, Cryptography and Coding (LNCS 2260), pp. 360–363, 2002.CrossRefGoogle Scholar
  5. 5.
    J. Coron, “On the Exact Security of Full Domain Hash”, Advances in Cryptology: CRYPTO 2000 (LNCS 1880), pp. 229–235, 2000.Google Scholar
  6. 6.
    E. Fujisaki and T. Okamoto, “Secure Integration of Asymmetric and Symmetric Encryption Schemes”, Advances in Cryptology: CRYPTO’ 99 (LNCS 1666), pp. 537–554, 1999.Google Scholar
  7. 7.
    A. Joux, “A One Round Protocol for Tripartite Diffie-Hellman”, Algorithmic Number Theory: 4th International Symposium, ANTS-IV (LNCS 1838), pp. 385–394, 2000.CrossRefGoogle Scholar
  8. 8.
    M. Kasahar, K. Ohgishi, and R. Sakai, “Cryptosystems Based on Pairing”, The 2001 Symposium on Cryptography and Information Security, Oiso, Japan, 2001.Google Scholar
  9. 9.
    A. Shamir, “Identity-Based Cryptosystems and Signature Schemes”, Advances in Cryptology: CRYPTO’ 84 (LNCS 196), pp. 47–53, 1985.Google Scholar
  10. 10.
    E. Verheul, “Evidence That XTR Is More Secure than Supersingular elliptic curve cryptosystems”, Advances in Cryptology: EUROCRYPT 2001 (LNCS 2045), pp. 195–210, 2001.CrossRefGoogle Scholar
  11. 11.
    E. Verheul, “Self-Blindable Credential Certificates from the Weil Pairing”, Advances in Cryptology: ASIACRYPT 2001 (LNCS 2248), pp. 533–551, 2001.CrossRefGoogle Scholar
  12. 12.
    ISO/IEC 9594-8, “Information Technology— Open Systems Interconnection— The Directory: Authentication Framework”, International Organization for Standardization, Geneva, Switzerland, 1995 (equivalent to ITU-T Recommendation X.509, 1993).Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • Jeremy Horwitz
    • 1
  • Ben Lynn
    • 1
  1. 1.Stanford UniversityStanfordUSA

Personalised recommendations