The public-key encryption method uses the sender-side apparatus by the creator of a ciphertest and creates the ciphertext of a plaintext x (.epsilon.{0, 1}.sup.n) in y.sub.1=f (x0.sup.k1G(r)), y.sub.2=H (x0.sup.k1G(r))r with respect to the published trapdoor-equipped unidirectional function f and the random functions G, H. Meanwhile, the receiver of the ciphertext, who has received the ciphertext by the receiver-side apparatus via the communications line, performs the decryption processing with the use of f.sup.-1, i.e., the secret key, in accordance with the steps inverse to those of the encryption processing.