An ID-based encryption and signature technique, according to which more
efficient and higher speed processing is possible. In generation of
public parameters, an element P of a group G.sub.1 of order q is
selected, and then, g=e(P, P) calculated in advance is added to the
public parameters. At the time of encryption and verification, a public
key ID is associated with an element P.sub.ID of the group G.sub.1, using
u.epsilon.Z.sub.q* and two elements P.sub.1 and P.sub.2 (included in the
public parameters) of G.sub.1 and calculating P.sub.ID=P.sub.1+uP.sub.2.
The above-mentioned elements P.sub.1 and P.sub.2 are determined by
P.sub.1=s.sub.1P and P.sub.2=s.sub.2P using random numbers s.sub.1,
s.sub.2.epsilon.Z.sub.q* as a part of a master key, and a private key of
a user is determined by d.sub.ID=(s.sub.1+us.sub.2).sup.-1P.