In this paper, we present a variant of Waters' Identity-Based Encryption
scheme with a much smaller public-key size (only a few kilobytes). We show that
this variant is semantically secure against passive adversaries in the standard
model.\smallskip
In essence, the new scheme divides Waters' public key size by a factor β
at the cost of (negligibly) reducing security by β bits. Therefore, our
construction settles an open question asked by Waters and constitutes the first
fully secure {\sl practical} Identity-Based Encryption schem