In recent years, an operational management form of an information system called cloud computing has come under the spotlight. In the cloud computing, for the purposes of efficient development of the information system, cost reduction in operational management thereof, and the like, users outsource an information system to an outside contractor instead of owning computation resources themselves. The cloud computing enables efficiency improvement and cost reduction, but on the other hand, since there are two different parties, an administrative service provider offering an information system implementing the cloud computing and a user of the information system, the user tends to feel insecure about outsourcing confidential information to the administrative service provider which is an outside contractor. For this reason, confidentiality of outsourced data needs to be ensured in advance by using an encryption technology in order to prevent misappropriation of the outsourced data.
However, in a simple encryption method, basic computations on encrypted data such as addition and multiplication, or statistical processing, computation of function values, or the like combining those basic computations can be executed only by a party capable of decrypting the data. Thus, the outside administrator of the information system, which is a party to which data is outsourced, cannot perform the various kinds of computation processing on the encrypted data. To overcome such a situation, various measures such as assigning a dedicated staff to the outsourcing contractor need to be taken, but such measures work against the cost reduction purpose, which is the original reason of employing the cloud computing.
As one of techniques for overcoming such a situation, there has been proposed an encryption method allowing a client to perform computation of arbitrary function values on data in a confidential form while outsourcing the data to a server. For example, there has been proposed an encryption method (see PLT 1) allowing Boolean addition and Boolean multiplication to be performed on bit data in a confidential form by utilizing the fact that computation of arbitrary functions executable on a computer can be represented by a combination of Boolean addition and Boolean multiplication.