Identity-based encryption is a type of public-key encryption in which a user can generate a public key from a known unique identifier such as an email address), and a trusted third-party server calculates the corresponding private key from the public key. In this way, there is no need to distribute public keys ahead of exchanging encrypted data. The sender can simply use the unique identifier of the receiver to generate a public key and encrypt the data. The receiver can generate the corresponding private key with the help of the trusted third-party server – the private-key generator (PKG).
To operate this encryption scheme, the PKG first publishes a master public key, and retains the corresponding master private key (referred to as master key). Given the master public key, any party can compute a public key corresponding to an identity by combining the master public key with some known identity value (i.e. an email address). To obtain a corresponding private key, the owner of the identity used to generate the public key contacts the PKG, which uses its master private key to generate the corresponding private key.
IBE is useful in that it does not require any predistribution of public keys (referred to as certificates in PKI). On the other hand, it requires a trusted third party – the PKG.