Most currently deployed public-key cryptosystems are certificate-based (CBPK) cryptosystems. In large and distributed user communities, CBPK cryptosystems typically require encryptors to obtain the public-key certificate of each intended recipient, and signature verifiers to obtain the public-key certificate of each claimed signer. However, the management and distribution of public-key certificates are cumbersome in these communities. To address this issue, identity-based (ID-based) cryptosystems have been suggested as a possible alternative, because they enable the derivation of public keys from arbitrary string identifiers (such as email addresses, IP addresses, or privilege identifiers).; This dissertation investigates the use of ID-based cryptography for large user communities. In particular, we present efficient and provably-secure (hierarchical) ID-based cryptographic schemes to support the following applications: (1) generation of decryption keys from non-repeatable (e.g. biometric) information; (2) authentication of the sender of encrypted information; (3) verification that a user belongs to a publicly known subset of a group, while the user remains anonymous to all but a designated party. |