'''ID-based cryptography''' (or '''Identityidentity based cryptography''') is a [[key authentication]] system in which the [[public key]] of a user is some unique information about the identity of the user (e.g. email address).
This system works by having a trusted third party who has a secret which can be combined with a user's identity information to produce the user's secret key. The third party also produces some public information which is derived from
its secret.
To decrypt or sign a message the user uses their private key likeas with normal public key cryptography, but to verify the signature or encrypt a message only the identity information and the third partiyparty's public information is needed.
Originally when this system was first developed in 1984 by [[Adi Shamir]] it could only be used for keys for digital signatures, howeverbut in 2001 thisthe method was extended by [[Dan Boneh]] and [[Matthew K. Franklin]] to encryption/decryption through the use of [[Weil Pairings]].
Only limited work has been done in terms of formally analysing ID based cryptosystems, some of which have been recently broken.
Because any usersuser's private key can be generated through the use of the third party's secret, this system has inherent [[key escrow]]. A number of variant systems have been proposed which remove the escrow including [[Certificate-based encryption]], [[Secure Key Issuing Cryptography]] and [[Certificateless Cryptography]].
One of this systemssystem's major advantages is that if there are only a finite number of users, after all users have been issued with keys the third party's secret can be destroyed. This can take place because this system assumes that, once issued, keys are always valid (as this basic system lacks an method of [[key revocation]]). The majority of derivatives of this system which have key revocation looselose this advantage.
