Identity-based encryption (IBE) is a scheme in which a ciphertext can be generated by using a public parameter and an identifier (ID) and the ciphertext can be decrypted by using key information SKID which is in one-to-one correspondence with the identifier (See Non-patent literature 1, for example). Various protocols using such an ID-based encryption scheme have been proposed in recent years.
For example, it is known that in an ID-based encryption scheme, Forward-secure encryption or Key-Insulated encryption can be implemented by using as identifiers a value including a value corresponding to a time period including the current date and time and a unique identifier of a recipient apparatus to perform encryption and generation of key information (See Non-patent literatures 2 and 3, for example). It is also known that in an ID-based encryption scheme, Keyword search encryption can be implemented where an encryption database in which a ciphertext generated by using an identifier including a keyword corresponding to an item to be searched for is associated with an encrypted item to be searched for is stored, and key information generated by using an identifier including a keyword is used to search the encryption database (see Non-patent literature 4, for example). Furthermore, Timed-Release encryption can be implemented by using as an identifier a time point at which a ciphertext is to be decrypted; CCA2 (Chosen Ciphertext Attack 2) encryption can be implemented by using one-time information such as a random number as an identifier.