Multipurpose Identity-Based Signcryption
A Swiss Army Knife for Identity-Based Cryptography

By Xavier Boyen.

In Advances in Cryptology (CRYPTO 2003), volume 2729 of Lecture Notes in Computer Science, pages 383-399. Springer, 2003.


Identity-Based (IB) cryptography is a rapidly emerging approach to public-key cryptography that does not require principals to pre-compute key pairs and obtain certificates for their public keys---instead, public keys can be arbitrary identifiers such as email addresses, while private keys are derived at any time by a trusted private key generator upon request by the designated principals. Despite the flurry of recent results on IB encryption and signature, some questions regarding the security and efficiency of practicing IB encryption (IBE) and signature (IBS) as a joint IB signature/encryption (IBSE) scheme with a common set of parameters and keys, remain unanswered.

We first propose a stringent security model for IBSE schemes. We require the usual strong security properties of: (for confidentiality) indistinguishability against adaptive chosen-ciphertext attacks, and (for non-repudiation) existential unforgeability against chosen-message insider attacks. In addition, to ensure as strong as possible ciphertext armoring, we also ask (for anonymity) that authorship not be transmitted in the clear, and (for unlinkability) that it remain unverifiable by anyone except (for authentication) by the legitimate recipient alone.

We then present an efficient IBSE construction, based on bilinear pairings, that satisfies all these security requirements, and yet is as compact as pairing-based IBE and IBS in isolation. Our scheme is secure, compact, fast and practical, offers detachable signatures, and supports multi-recipient encryption with signature sharing for maximum scalability.


- published paper (also accessible from the publisher) (PS) (PDF) © IACR
- expanded version (also accessible on the crypto eprint) (PS) (PDF)
- presentation slides (HTML)


  author = {Xavier Boyen},
  title = {Multipurpose Identity-Based Signcryption -- A {S}wiss {A}rmy Knife for Identity-Based Cryptography},
  editor = {Dan Boneh},
  booktitle = {Advances in Cryptology---CRYPTO 2003},
  series = {Lecture Notes in Computer Science},
  volume = {2729},
  pages = {383--399},
  publisher = {Berlin: Springer-Verlag},
  year = {2003},
  note = {Available at \url{}}

Unless indicated otherwise, these documents are Copyright © Xavier Boyen; all rights reserved in all countries.
Back to Xavier's homepage