an information obtaining unit operable to obtain a point Q that is on the elliptic curve E, and an exponent k that is a positive integer smaller than the prime p;

a first storage unit operable to store therein a coefficient a that is a linear term of the elliptic curve E;

a computation unit operable to compute an elliptic curve exponentiation of the exponent k and the point Q using the coefficient a stored in the first storage unit, to obtain an exponentiation-result-point k*Q;

a judgment unit operable to judge whether the point Q and the obtained exponentiation-result-point k*Q are on the elliptic curve E; and

a prohibition unit operable to prohibit an output of the obtained exponentiation-result-point k*Q, when a judgment result of the judging unit is negative; and

a processing unit operable to realize, when the judgment result of a judging unit is affirmative, one of the processes of: encryption of a plaintext, decryption of a ciphertext; generation of a signature for a plaintext; signature verification for a plaintext and a signature; or a process of sharing of a secret key between two parties without revealing the secret key to a third party, with the use of the obtained exponentiation-result-point k*Q;

wherein the information obtaining unit obtains coordinates (Qx, Qy) as the point Q,

the computation unit computes coordinates (Qx′, Qy′) as the exponentiation-result-point k*Q, and

the judgment unit judges whether the point Q and the exponentiation-result-point k*Q are on the same elliptic curve, by judging whether (Qy²−Qx³−aXQx)−(Qy′²−Qx′³−aXQx′)=0; and

an output unit configured to output one of an encrypted text, a decrypted ciphertext, signature data, a verification result, and a shared key.