One study field of encryption is Chosen Ciphertext Attacks-secure (CCA-secure) cryptography. In these years in particular, studies are being actively made to attempt to construct CCA-secure cryptosystems based on Identity-Based Encryption (IBE), which in general are secure only from Chosen Plaintext Attacks (CPA) (see for example Non-patent literature 1). For example, Non-patent literature 2 proposes CHK transformation. In the CHK transformation, a one-time signature is used in order to construct a CCA-secure encryption scheme based on an arbitrary CPA-secure identity-based encryption scheme. For example, Non-patent literature 3 proposes BK transformation. In the BK transformation, a Message Authentication Code (MAC) and a bit commitment scheme are used in order to construct a CCA-secure encryption scheme based on an arbitrary CPA-secure identity-based encryption.