Furthermore, with the computation of y

_{2}, a series of public keys can be computed as (y

_{2}
^{w1}, y

_{2}
^{w2}), where w

_{1}=x

^{w}, w

_{2}=x

^{(w+1)}, w≧0. Furthermore, all of the results, specifically the powers of g, obtained in this computation can be utilized to generate further public keys. Furthermore, based on C

_{1 }retrieved from the cipher-text message C, the decoding device can generate more new public keys. For this purpose, C

_{1}
^{x }and C

_{1}
^{−x }can be computed and saved, and then two series of public keys can be generated. In general, when a plurality of encrypted messages CC

_{1}=(C

_{11},C

_{12}), CC

_{2}=(C

_{21},C

_{22}), . . . , CC

_{1}=(C

_{j1}, C

_{j2}) are received, for the case of C

_{1}
^{x}, a series of new public keys can be generated as ((C

_{11}C

_{21 }. . . C

_{j1})

^{u1}, (C

_{11}C

_{21 }. . . C

_{j1})

^{u2}), where C

_{11}C

_{21 }. . . C

_{j1 }is the product of C

_{11}, C

_{21}, . . . , C

_{j1}, j≧1, u1=x

^{u}, u2=x

^{(u+1) }and u≧0, and for the case of C

_{1}
^{−x}, another series of new public keys can be generated as ((C

_{11}C

_{21 }. . . C

_{j1})

^{v1}, (C

_{11}C

_{21 }. . . C

_{j1})

^{v2}), where C

_{11}C

_{21 }. . . C

_{j1 }is the product of C

_{11}, C

_{21}, . . . , C

_{j1},j≧1, v1=−x

^{v}, v2=−x

^{(v+1) }and v ≧0. Furthermore, all of the results, specifically the power os g, obtained in this computation can be utilized to generate further public keys.