An ID-based encryption and signature technique, according to which more efficient and higher speed processing is possible. In generation of public parameters, an element P of a group G.sub.1 of order q is selected, and then, g=e(P, P) calculated in advance is added to the public parameters. At the time of encryption and verification, a public key ID is associated with an element P.sub.ID of the group G.sub.1, using u.epsilon.Z.sub.q* and two elements P.sub.1 and P.sub.2 (included in the public parameters) of G.sub.1 and calculating P.sub.ID=P.sub.1+uP.sub.2. The above-mentioned elements P.sub.1 and P.sub.2 are determined by P.sub.1=s.sub.1P and P.sub.2=s.sub.2P using random numbers s.sub.1, s.sub.2.epsilon.Z.sub.q* as a part of a master key, and a private key of a user is determined by d.sub.ID=(s.sub.1+us.sub.2).sup.-1P.