When data is encrypted, it is normally impossible to read and edit data inside unless the data is decrypted. Therefore, in order to edit data in a plurality of encrypted texts, it is necessary to decrypt the plurality of encrypted texts once, extract plain texts as data, then edit the plain texts, and encrypt the plain texts again. On the contrary, in homomorphic encryption, it is possible to edit data in an encrypted text without decrypting the encrypted text. Processing at that time is referred to as “homomorphic computation”, and a type that can be subjected to homomorphic computation and the number of times of homomorphic computation are changed depending on a specific method.
As homomorphic encryption, there are proposed homomorphic encryption in which only addition or multiplication can be performed, such as ElGamal encryption and Pailier encryption, and Gentry encryption or the like in which addition and multiplication can be executed without limitation. In those methods, as a first point, encrypted texts need to be generated by using the same public key when homomorphic computation is performed. As a second point, an encrypted text that has not been subjected to homomorphic computation yet is computed while being encrypted, and therefore it is problematic in that, even in a case where a plain text is changed by homomorphic computation, such a change cannot be detected.
Some methods for solving such a problem are proposed (see, for example, Patent Literature 1 and Non-Patent Literature 1).