Hierarchical Identity-Based Encryption

Hierarchical Identity-Based Encryption (HIBE, earlier also called HIDE — Hierarchical ID-based Encryption) is an encryption concept in which public and private keys are derived from the identity of a user instead of being randomly chosen. This removes the need for a public key infrastructure, as everyone can derive the public key simply based on the recipient's ID. In addition to "standard" Identity-Based Encryption, HIBE also allows a user to derive the private key for other users lower in the hierarchy, that is users whose ID is derived from the ID of the higher-up identity.

HIBE generally consists of 4 algorithms^[1]:

• ${\displaystyle \text{HIBE.Setup}(l)}$ sets up the system parameters and outputs the public key and the master secret key. The system parameters and the public key are assumed to be implicit parameters to the following functions.
• ${\displaystyle \text{HIBE.KeyGen}({\mathrm{s}\mathrm{k}}_I,I^{\prime })}$ derives the secret key for identity ${\displaystyle I^{\prime }}$ given the secret key for ${\displaystyle I}$, where ${\displaystyle I}$ is higher up in the hierarchy. Alternatively, the key derivation can also use the master secret key if it is known (note that key derivation using an existing key and key generation using the master key can be seen as a different algorithms).
• ${\displaystyle \text{HIBE.Encrypt}(I,m)}$ encrypts the message ${\displaystyle m}$ for the given identity.
• ${\displaystyle \text{HIBE.Decrypt}({\mathrm{s}\mathrm{k}}_I,c)}$ decrypts the given ciphertext using the secret key for identity ${\displaystyle I}$.

The security of HIBE is usually shown similar to other encryption schemes, using an indistinguishability (IND) game that asks the attacker to distinguish which message has been encrypted. There are different notions based on whether the adversary has to select the identity they want to attack first (selective identity secure, sID), or whether the scheme is fully secure^[1]. This leads to the notions IND-sID-CPA, IND-ID-CPA, IND-sID-CCA, IND-ID-CCA.

• Gentry, Craig et al. Hierarchical ID-Based Cryptography, ASIACRYPT 2002
• Boneh, Dan et al. Hierarchical Identity Based Encryption with Constant Size Ciphertext, IACR Cryptol. ePrint Arch. 2005