Paper 2005/015

Hierarchical Identity Based Encryption with Constant Size Ciphertext

Dan Boneh, Xavier Boyen, and Eu-Jin Goh


We present a Hierarchical Identity Based Encryption (HIBE) system where the ciphertext consists of just three group elements and decryption requires only two bilinear map computations, independent of the hierarchy depth. Encryption is as efficient as in other HIBE systems. We prove that the scheme is selective-ID secure in the standard model and fully secure in the random oracle model. Our system has a number of applications: it gives very efficient forward secure public key and identity based cryptosystems (where ciph ertexts are short), it converts the NNL broadcast encryption system into an efficient public key broadcast system, and it provides an efficient mechanism for encrypting to the future. The system also supports limited delegation where users can be given restricted private keys that only allow delegation to certain descendants. Sublinear size private keys can also be achieved at the expense of some ciphertext expansion.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. Full version. Proceedings version at
Identity Based Encryption
Contact author(s)
eujin @ cs stanford edu
2006-01-26: last of 3 revisions
2005-01-20: received
See all versions
Short URL
Creative Commons Attribution


      author = {Dan Boneh and Xavier Boyen and Eu-Jin Goh},
      title = {Hierarchical Identity Based Encryption with Constant Size Ciphertext},
      howpublished = {Cryptology ePrint Archive, Paper 2005/015},
      year = {2005},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.