Corresponding author: Sanjit Chatterjee (

Academic editor:

At Eurocrypt 2005, Boneh, Boyen and Goh presented a constant-size ciphertext hierarchical identity-based encryption (HIBE) protocol. Our main contribution is to present a variant of the BBG-HIBE. The new HIBE is proved to be secure (without any degradation) in an extension of the s-ID model (denoted the s+-ID model) and the components of the identities are from ℤ p, where p is a suitable large prime. The BBG-HIBE is proved to be secure in the selective-ID (s-ID) security model and the components of the identities are from ℤ *p. In the s+-ID model the adversary is allowed to vary the length of the challenge identity whereas this is not allowed in the s-ID model. The new HIBE shares all the good features of the BBG-HIBE. The drawback is that the public parameters and the private key are longer than that of the BBG-HIBE. We also provide two more extensions of the basic constant-size ciphertext HIBE. The first is a constant-size ciphertext HIBE secure in the generalised selective-ID model ℳ 2. The second one is a product construction composed of two HIBEs and a trade-offis possible between the private key size and the ciphertext size.