Identity-Based Encryption
What is Identity-Based Encryption?
Identity-Based EncryptionPublic-key encryption where an arbitrary identifier (email, phone) serves as the public key, with private keys issued by a trusted Private Key Generator (Boneh/Franklin 2001).
Identity-Based Encryption (IBE) lets the sender encrypt directly to a recipient's identity string - for example alice@example.com - without first fetching a certificate. A trusted authority called the Private Key Generator (PKG) holds a master secret, publishes master public parameters, and on demand derives the recipient's private key from their identity. The first practical IBE was Boneh-Franklin (2001), based on bilinear pairings; the Sakai-Kasahara and Cocks IBE schemes followed. IBE eliminates X.509 certificate management at the cost of inherent key escrow, since the PKG can decrypt all messages. It is standardised in IETF RFC 5091 and used in MIKEY-SAKKE for UK/EU secure voice, S/MIME alternatives, IoT key bootstrapping, and as a stepping stone toward attribute-based and functional encryption.
● Examples
- 01
MIKEY-SAKKE used by UK Government's secure voice systems is built on IBE.
- 02
Voltage SecureMail uses Boneh-Franklin IBE to send to bare email addresses.
● Frequently asked questions
What is Identity-Based Encryption?
Public-key encryption where an arbitrary identifier (email, phone) serves as the public key, with private keys issued by a trusted Private Key Generator (Boneh/Franklin 2001). It belongs to the Cryptography category of cybersecurity.
What does Identity-Based Encryption mean?
Public-key encryption where an arbitrary identifier (email, phone) serves as the public key, with private keys issued by a trusted Private Key Generator (Boneh/Franklin 2001).
How does Identity-Based Encryption work?
Identity-Based Encryption (IBE) lets the sender encrypt directly to a recipient's identity string - for example alice@example.com - without first fetching a certificate. A trusted authority called the Private Key Generator (PKG) holds a master secret, publishes master public parameters, and on demand derives the recipient's private key from their identity. The first practical IBE was Boneh-Franklin (2001), based on bilinear pairings; the Sakai-Kasahara and Cocks IBE schemes followed. IBE eliminates X.509 certificate management at the cost of inherent key escrow, since the PKG can decrypt all messages. It is standardised in IETF RFC 5091 and used in MIKEY-SAKKE for UK/EU secure voice, S/MIME alternatives, IoT key bootstrapping, and as a stepping stone toward attribute-based and functional encryption.
How do you defend against Identity-Based Encryption?
Defences for Identity-Based Encryption typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Identity-Based Encryption?
Common alternative names include: IBE, Boneh-Franklin IBE, Identity-based cryptography.
● Related terms
- cryptography№ 075
Attribute-Based Encryption
Public-key encryption (Sahai/Waters 2005) where ciphertexts and keys are linked to attributes and policies, so decryption succeeds only if the policy is satisfied.
- cryptography№ 871
Proxy Re-Encryption
A cryptographic technique that lets a semi-trusted proxy transform a ciphertext encrypted under Alice's key into one decryptable by Bob without learning the plaintext.
- cryptography№ 879
Public-Key Cryptography
A branch of cryptography that uses paired public and private keys to enable encryption, key exchange, digital signatures, and authentication without a pre-shared secret.
- cryptography№ 588
Key Management System
A centralised service that generates, stores, rotates, and audits cryptographic keys on behalf of applications, typically backed by hardware security modules.
- cryptography№ 109
BLS Signature
A short pairing-based digital signature by Boneh, Lynn, and Shacham (2001) supporting deterministic single signatures and efficient aggregation across many signers.