Conventionally, as a scheme of data encryption and decryption, the AES (Advanced Encryption Standard) scheme has been known, which is specified in FIPS (Federal Information Processing Standard) 197 (U.S. National Institute of Standards and Technology, released in 2001).
Also, in the AES scheme, as the method for raising security, the white-box cryptography has been known (see, for example, Non-patent document 1 and Non-patent document 2).
Furthermore, a type of the white-box cryptography that performs encoding depending on the input has been known. Specifically, the system is first provided with a network constituted with multiple basic blocks that represent a key used for the encryption. Then, the basic blocks map input data on output data. Furthermore, the network encodes the output data from the first basic block among the multiple basic blocks according to a selected encoding scheme. Also, selection of the encoding scheme is made depending on the input message. In addition, in order to compensate for influence of the encoding, the system has a compensator that re-encodes intermediate data according to a re-decryption scheme selected among multiple re-decryption schemes. As such, the method has been known that complicates the encryption process so as to be robust to reverse engineering (see, for example, Patent document 1).