Identifier-Based Encryption (IBE) is an emerging cryptographic schema A number of IBE cryptographic methods are known, including:                methods based on “Quadratic Residuosity” as described in the paper: “An identity based encryption scheme based on quadratic residues”, C. Cocks, Proceedings of the 8th IMA International Conference on Cryptography and Coding LNCS 2260, pp 360-363, Springer-Verlag, 2001;        methods using Weil or Tate pairings—see, for example: D. Boneh, M. Franklin—“Identity-based Encryption from the Weil Pairing” in Advances in Cryptology—CRYPTO 2001, LNCS 2139, pp. 213-229, Springer-Verlag, 2001;        methods based on mediated RSA as described in the paper “Identity based encryption using mediated RSA”, D. Boneh, X. Ding and G. Tsudik, 3rd Workshop on Information Security Application, Jeju Island, Korea, August, 2002.        
Generally, in IB encryption/decryption methods, a trusted party carries out one or more actions (such as identity checking) in accordance with information in the sender-chosen string, before enabling a recipient to recover a message encrypted by a message sender. Usually, the trusted party will generate an IB decryption key and provide it to the recipient for the latter to use in decrypting the encrypted message. However, it is also possible to provide IB encryption/decryption methods in which the trusted party must itself carry out the decryption since it involves knowledge of a secret belonging to the trusted party as well as use of the IB decryption key. This is the case for the RSA-based IB method described in U.S. Pat. No. 6,275,936 where the decryption exponent is dynamically computed from the encryption exponent, the latter being a hash of the sender-chosen string. A potential disadvantage of the trusted party carrying out message decryption is that it risks compromising the recipient's privacy. In the afore-mentioned U.S. patent, this potential disadvantage is overcome by the recipient blinding the encrypted message before passing it to the trusted party (a decryption box) and then un-blinding the returned decrypted, but still blinded, message.
It is an object of the present invention to provide novel identifier-based cryptographic methods and systems.