The concept of Identity-Based Encryption (IBE) was first formulated by Shamir in 1984.

"An identity-based scheme resembles an ideal mail system: If you know somebody's name and address you can send him messages that only he can read, and you can verify the signatures that only he could have produced. It makes the cryptographic aspects of the communication almost transparent to the user, and it can be used effectively even by laymen who know nothing about keys or protocols."

In such a scheme, the public key can be an arbitrary string. For example, if Alice wants to send a message to Bob at bob@yahoo.com, then she simply encrypts the message using the string bob@yahoo.com as the public key. The original motivation for this idea was to eliminate the need for directories and certificates by using the identity of the receiver as the public key, but it can also be used to implement ephemeral (short lived) public keys, manage user credentials, or for the delegation of decryption keys. Recently, it has also been used to build forward-secure encryption schemes. Efficient solutions for the related notion of identity-based signatures were quickly found, but identity-based encryption proved to be much more challenging. Most schemes proposed since 1984 were unsatisfactory because they were too computationally intensive, they required tamper resistant hardware, or they were not secure if users colluded.

Recent proposals of identity-based encryption schemes do not suffer from any of these drawbacks and some variants provide additional functionality (e.g. Identity Based Encryption from the Weil Pairing and IBE based on Quadratic Residues).