The invention provides a signcryption method with hidden identity and strong security. The signcryption method comprises the steps that: a first device calculates X' = AXd, wherein X = gx and d = hd (X, auxd), determines a preset shared key S according to a DH-index x, a private key a and a public key B = gb of a second device, determines KA based on S, determines CA = (IA, A, CERTA, X, DataA)) according to KA, and sends [X CA]' to the second device; the second device determines the preset shared key S according to the received X' and the private key b of the second device, determines KA based on S, and decrypts CA according to KA to obtain (IA, A, CERTA, X, DataA); and if a public key certificate CERTA is valid and X' = AX d is effective, DataA is accepted. In the signcryption method provided by the invention, the identity and the public key information of the first device are hidden, the first device only needs to operate 2.5 modular exponentiations, and the second device only needs to operate 1.5 modular exponentiations. In addition, the bandwidth consumed by the method provided by the invention is less than an existing signcryption scheme, and the leakage of a temporary DH-index x does not affect the security of the scheme of the invention.